Getting Data In

Community Activity

Need deployment server to assign hostnames dynamically via inputs.conf I have a deployment server app with a single inputs.conf file. [tcp://localhost:9997] sourcetype = tcp-raw index = p... by Jaci Splunk Employee in Getting Data In 05-24-2010 1 2	1	2
why isn't my static host configuraton in inputs.conf being honored? I have the following in inputs.conf: [udp://32004] host = custom_host connection_host = non... by jeff Contributor in Getting Data In 05-22-2010 3 3	3	3
External API for 4.1 - will my application still work? Hi, I have a development support question. We have an application that is integrated with splunk. We have a C++ p... by mctester Communicator in Getting Data In 05-22-2010 2 1	2	1
Delete index foobar info older than 2 weeks. we only want to save the log info for 2 weeks. I tried to set this up by modifying the frozen time, but it doesn’t s... by dcroteau Splunk Employee in Getting Data In 05-22-2010 1 3	1	3
Do splunked events, that are gzip'd on disk, stay that way while I am searching them? Suppose I splunk a file and it is gzip'd on disk under the appropriate Splunk index directory. Then let's say I con... by maverick Splunk Employee in Getting Data In 05-22-2010 1 1	1	1
Error 'Could not find all of the specified lookup fields in the lookup table.' Forwarding a question: "... attempting to setup a lookup table. Each time I save an automatic lookup it always retur... by Genti Splunk Employee in Getting Data In 05-21-2010 0 1	0	1
Will Splunk automatically create an index listed in inputs.conf? If our app's inputs.conf uses an index other than "main" (e.g. a custom index for our app) does our app's setup UI (o... by Justin_Grant Contributor in Getting Data In 05-21-2010 1 5	1	5
Controlling forwarder TCP connections to indexer Does a forwarder keep using the initial TCP connection to the indexing server, or does it close the connection after ... by Jaci Splunk Employee in Getting Data In 05-21-2010 2 1	2	1
Web Logs Analysis ( apache ) Hi there. I'm new to splunk. Having a bit of trouble getting my head around it ( I know SQL well ) . I want to get... by return2health Engager in Getting Data In 05-21-2010 1 2	1	2
Inputs are all enabled but Search dashboard is showing 0 sources and 0 sourcetypes I am perplexed with what I'm experiencing right now. I have all the file inputs enabled for monitor but I'm not seei... by Nicholas_Key Splunk Employee in Getting Data In 05-21-2010 1 2	1	2
Rolled log file not being indexed I monitor a log file (access_log) that gets rolled every night at 1 am using a copy command "cp /dev/null access_toda... by Jaci Splunk Employee in Getting Data In 05-20-2010 1 3	1	3
How do I ensure there is no event overlap in a scripted input? I am creating an app for Splunk 4.1 that has a scripted input that retrieves data from a database. At first run, it w... by jwestberg Splunk Employee in Getting Data In 05-20-2010 2 5	2	5
WMI on windows 2000 Hi, I am collecting event logs thru WMI for Windows 2000 and 2003 servers, for 2003 everything seem ok but for 2000 ... by phoenixsecure Engager in Getting Data In 05-20-2010 2 2	2	2
How do keep splunk from removing syslog priority fields? How do keep splunk from removing syslog priority fields? They are removed once indexed into splunk. by Chris_R_ Splunk Employee in Getting Data In 05-19-2010 0 3	0	3
Lookup table does not exist error on update to 4.1 Since I updated our server to 4.1.2 I'm seeing the following error with most searches. The lookup table 'sid_look... by Yancy Path Finder in Getting Data In 05-19-2010 2 2	2	2
blacklist in batch stanza Can I use blacklist in a batch stanza? I couldn't find anything in the documentation saying otherwise. Thanks, by carmackd Communicator in Getting Data In 05-19-2010 2 2	2	2
How do you exclude dead machines off the Lost Forwarders search. I use the recommended search below to find lost forwarders after a 24hr period. http://www.splunk.com/wiki/Depl... by djfisher Explorer in Getting Data In 05-19-2010 1 5	1	5
Too many open files on forwarders I'm starting to get a lot of these errors on my forwarders. Any suggestions? Pushing /etc/security/limits.conf does... by oreoshake Communicator in Getting Data In 05-19-2010 0 2	0	2
source files associated with a host How can I easily search through Splunk to figure out which sources are associated with a specific host? I know I c... by seanlon11 Path Finder in Getting Data In 05-19-2010 1 2	1	2
Yet Another Problem Sending Events to the nullQueue We are using "heavy" forwarders, but I have the following config on both the forwarder and the indexer but the events... by oreoshake Communicator in Getting Data In 05-18-2010 1 4	1	4
stopping all listening ports? reposting for a user over on the forums: I bounced my indexer and now my forwarders are unable to connect. I just u... by piebob Splunk Employee in Getting Data In 05-18-2010 1 2	1	2
How to forward internal events through two forwarders? I am having trouble getting _internal and _audit to be forwarder properly when being passed through more than one for... by Lowell Super Champion in Getting Data In 05-17-2010 1 6	1	6
Collect data from different sources with different users... Hello I have a question about splunk capabilities. I installed splunk on a server (domain member) and I can get th... by petru Engager in Getting Data In 05-17-2010 1 1	1	1
Splunk installed under local username, but want to monitor AD Hi, We have installed Splunk under an eval using just a local username. We'd like to monitor AD, but can't work out ... by craigallen Engager in Getting Data In 05-17-2010 1 1	1	1
WMI source/sourcetype problem We are having a problem getting the Windows app to display wmi data. It seems that the wmi data we are getting is bei... by msallman Explorer in Getting Data In 05-14-2010 0 7	0	7

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Getting Data In

Need deployment server to assign hostnames dynamically via inputs.conf

why isn't my static host configuraton in inputs.conf being honored?

External API for 4.1 - will my application still work?

Delete index foobar info older than 2 weeks.

Do splunked events, that are gzip'd on disk, stay that way while I am searching them?

Error 'Could not find all of the specified lookup fields in the lookup table.'

Will Splunk automatically create an index listed in inputs.conf?

Controlling forwarder TCP connections to indexer

Web Logs Analysis ( apache )

Inputs are all enabled but Search dashboard is showing 0 sources and 0 sourcetypes

Rolled log file not being indexed

How do I ensure there is no event overlap in a scripted input?

WMI on windows 2000

How do keep splunk from removing syslog priority fields?

Lookup table does not exist error on update to 4.1

blacklist in batch stanza

How do you exclude dead machines off the Lost Forwarders search.

Too many open files on forwarders

source files associated with a host

Yet Another Problem Sending Events to the nullQueue

stopping all listening ports?

How to forward internal events through two forwarders?

Collect data from different sources with different users...

Splunk installed under local username, but want to monitor AD

WMI source/sourcetype problem

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation