Getting Data In

Community Activity

Some of my indexes have stopped indexing... For some reason, looks like 2-3 of my indexes have stopped indexing. The monitor point to the indexes is pointed to d... by balbano Contributor in Getting Data In 06-07-2010 0 3	0	3
How to send a notification when the my iindexer process through a certain amount of forwarded data I want a search that will tell me the total throughput of my indexing server, and then setup a notification if that t... by seanlon11 Path Finder in Getting Data In 06-07-2010 0 8	0	8
Regarding how to splunk TripWire logs I would like to splunk TripWire events so that I can search and correlate them with my other security, syslog, and ap... by maverick Splunk Employee in Getting Data In 06-07-2010 0 1	0	1
follow tail returning jumbled mess I’m currently getting a new log source ready for production, and I almost have it except for one issue. I’m forwardi... by carmackd Communicator in Getting Data In 06-07-2010 0 10	0	10
How do I strip out part of the timestamp so I only get the date? I am trying to build a report where I want to summarize the number of events for an entire year by day sorting by hos... by mctester Communicator in Getting Data In 06-06-2010 0 4	0	4
Mulltiline XML extraction... So I have an xml formatted log added as a source, sourcetype'd as WSE_audit, and I'm trying to get it to basically sp... by Steve_Litras Path Finder in Getting Data In 06-04-2010 3 8	3	8
Scripted input not showing up in search results env[home] = linux, centos, splunk 4.0.11, everything on one test box cat /opt/splunk/etc/apps/unix/bin/uname.sh #!/... by oreoshake Communicator in Getting Data In 06-03-2010 0 6	0	6
What's an Invalid_hot_6 doing in my index? Should I do something about it? In my index, in the warm directory, I have some buckets like db_1274392278_1271804233_0, some hot_v1_1, and then this... by jrodman Splunk Employee in Getting Data In 06-02-2010 4 3	4	3
Limit search results to a sourcetype What can I do to limit search results for one or more sourcetypes. I am able to get the results through the Splunkw... by sandy1978 New Member in Getting Data In 06-02-2010 0 4	0	4
Anyone have a good working DB polling scripts written in Python? Anyone have a good working python DB table dump scripts that keeps track of last row marker? I guess it would be in-... by clyde772 Communicator in Getting Data In 06-02-2010 4 4	4	4
I'm getting an error for some files I am monitoring about hitting EOF while computing CRC. What does this mean? I'm seeing the following errors in splunkd.log and my file isn't being monitored properly -- the events don't seem to... by the_wolverine Champion in Getting Data In 06-01-2010 1 3	1	3
Can I splunk ClearCase for source code change monitoring? Wondering if anyone has ever integrated ClearCase with Splunk yet. Does ClearCase provide text logs on disk or maybe ... by maverick Splunk Employee in Getting Data In 06-01-2010 0 3	0	3
Monitoring hidden files on Linux I'm having a problem trying to monitor the .bash_history file. I've set up a monitor for /home with a whitelist of ".... by Peter_B Explorer in Getting Data In 06-01-2010 1 5	1	5
Failed to write usn context I am seeing the following errors over and over again in my splunkd.log file. I'm not sure where to go to resolve thi... by srich Explorer in Getting Data In 06-01-2010 1 3	1	3
Juniper SSG20 logs showing up as multi-line chunks in interface Possible Duplicate: Juniper Netscreen TCP Syslog messages not breaking properly Hi, I have an SSG20 sending sys... by mikaelwitt New Member in Getting Data In 05-30-2010 0 4	0	4
Where is the data stored on a Forwarder when the Receiver is down I know the forwarder will buffer its data if the receiver goes down for some reason.Where is the data stored(director... by skibum Engager in Getting Data In 05-29-2010 2 6	2	6
How can i check for forwarders that have not sent a specific sourcetype,source,host within x time? Is there any way to check for forwarders that have not connected recently and include a "sourcetype, source or host" ... by Chris_R_ Splunk Employee in Getting Data In 05-28-2010 0 1	0	1
index on regex field from source I have a dir of text files named like such scriptcalled_201005211317_stdout.txt how do i index them on that date... by hiddenkirby Contributor in Getting Data In 05-27-2010 0 8	0	8
Alerting on forwarder up/down events I have a saved search that notifies me when a forwarder goes up or down based on various TcpInputProc and TcpOutputPr... by Lowell Super Champion in Getting Data In 05-27-2010 4 1	4	1
Syslog Priority Levels Stripped for UDP and TCP Syslog Messages All, I noticed discussions on how to prevent Splunk from stripping priority levels from UDP Syslog messages. Will pr... by scornish Engager in Getting Data In 05-27-2010 3 1	3	1
Scripted Alert Question Is there a way to pass the result of a savedsearch to a script? For example, if the search returns: suser duser ... by ubko Explorer in Getting Data In 05-27-2010 2 2	2	2
Search-time Mask Some events flow into the Splunk instance via syslog sockets. For a brief period of time, the sourcetypes that came ... by sdwilkerson Contributor in Getting Data In 05-27-2010 1 3	1	3
getting event timestamp from source file name I have a .csv file that I'm indexing. There is no timestamp information in the .csv file, but there is a date in the... by lyndac Contributor in Getting Data In 05-27-2010 2 5	2	5
strptime() format for yyyymmddhhmmss? strptime() format expression examples Below are some sample date formats with strptime() expressions that handle the... by hiddenkirby Contributor in Getting Data In 05-27-2010 0 8	0	8
Stop times like '0:20:00' being read as 8pm Splunk always seems to get this wrong. I have the following in a vain effort to correct this TIME_PREFIX=^ TIME_FOR... by parallaxed Path Finder in Getting Data In 05-27-2010 2 10	2	10