Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Jaci

Hostname changing on some sources

In inputs.conf the default host name is set to the fqdn, test-server.foobar.com. But when I search for that host, it ...
by Jaci Splunk Employee Splunk Employee in Getting Data In 04-08-2010
2 5
2
5
rnutting24

Problem getting a new index in Splunk v4.0.X to work properly

Hi, I just created a new app and wanted to point my network inputs to another index, managed by my app. So, I modif...
by rnutting24 Engager in Getting Data In 04-08-2010
1 3
1
3
the_wolverine

Is there some way to see the current tailing status?

Is there a splunk command or REST endpoint to see the tailing status of monitored files?
by the_wolverine Champion in Getting Data In 04-08-2010
4 2
4
2
MikeyG

The aggqueue and parsingqueue consistently full / blocked - how do I increase ?

Search is index="_internal" source="*metrics.log" group="queue" | timechart perc90(current_size) by name Results are...
by MikeyG Explorer in Getting Data In 04-07-2010
2 3
2
3
Mick

Why can't my Splunk instance read a file on another machine?

I'm trying to index a file on a mapped network drive, but I keep getting seeing 'Access is denied' in splunkd.log. I...
by Mick Splunk Employee Splunk Employee in Getting Data In 04-07-2010
4 1
4
1
rogerssoftware

How do I forward all rsyslog output from an ubuntu server to my Splunk 4.1 server?

On my old setup I had all syslogs going to syslog on the Splunk server, but now I'm doing a fresh setup with Ubuntu 9...
by rogerssoftware Explorer in Getting Data In 04-07-2010
1 4
1
4
the_wolverine

What happens to my events at Splunk Light Forwarder when the Indexer goes down?

I have a bunch of Lightweight Forwarders (LWF) forwarding to my central indexer. What happens to my events when the...
by the_wolverine Champion in Getting Data In 04-06-2010
3 4
3
4
Alan_Bradley

Why do I get an error about sid_lookup after upgrading to 4.1?

I've just upgraded to 4.1 and now I'm getting an error when I search saying: The lookup table 'sid_lookup' does not ...
by Alan_Bradley Path Finder in Getting Data In 04-06-2010
3 7
3
7
cdavidy

How do I forward data to a specific index?

How do I go about configuring splunk forwarders running on Linux to forward to a specific index for Linux-related inf...
by cdavidy Explorer in Getting Data In 04-06-2010
5 2
5
2
BunnyHop

How can I trigger migration of buckets from Warm to Cold?

If the script to roll the hotDB to the warmDB is "| debug cmd=roll index=main", would there be one for rolling the wa...
by BunnyHop Contributor in Getting Data In 04-06-2010
4 2
4
2
thepocketwade

Search based on newly indexed logs

In my office we have a script on our log servers that monitors the hosts sending logs and alerts us if a machine star...
by thepocketwade Path Finder in Getting Data In 04-05-2010
0 4
0
4
oreoshake

How to get the correct gid/uid on windows fschange events

All of my events show up with gid=-1,uid=-1. Is this a bug or am I doing something wrong?
by oreoshake Communicator in Getting Data In 04-05-2010
1 3
1
3
oreoshake

Why isn't splunkd.log getting forwarded (in 4.0.x, fixed in 4.1) ?

UPDATE: This appears to be a bug specifically related to 4.0.10. The following is a work around in system/local/inp...
by oreoshake Communicator in Getting Data In 04-03-2010
1 3
1
3
maverick

How can I easily filter or limit my search down to a specific group of hosts?

I have lots of hosts in my environment, but I only want to search across a few of them from time to time. Can I someh...
by maverick Splunk Employee Splunk Employee in Getting Data In 03-31-2010
1 2
1
2
matt_1

Configuring to support searches for events timestamped in future

We have an global application hosted within a VM environment feeding a common Splunk index server. However the serve...
by matt_1 Explorer in Getting Data In 03-30-2010
0 2
0
2
oreoshake

How do I prevent splunk from launching a separate cmd window on windows 7 (and others?)

Everytime I run a splunk command on windows 7, the command runs in a separate window and closes before I can see what...
by oreoshake Communicator in Getting Data In 03-29-2010
1 2
1
2
Starlette

Best practice for using syslog (Cisco ASA en others) from forwarder (Kiwi Deamon)

Hai There, I am dealing with a forwarder to indexer which is reading a kiwi directory with several types of devices....
by Starlette Contributor in Getting Data In 03-29-2010
1 2
1
2
Michael_Wilde

Do sinkholes work on forwarders?

Does a sinkhole work on all types of forwarders?
by Michael_Wilde Splunk Employee Splunk Employee in Getting Data In 03-29-2010
3 1
3
1
zliu

How to disable hostname chaining?

How to disable hostname chaining? Splunk picks the chained hostname rather than the original.
by zliu Splunk Employee Splunk Employee in Getting Data In 03-26-2010
0 1
0
1
Alan_Bradley

How do I convert from a light forwarder to a full forwarder?

I have a light forwarder (v4.0.7) I want to change this to a forwarder instead of a light forwarder. The reason being...
by Alan_Bradley Path Finder in Getting Data In 03-26-2010
0 3
0
3
oreoshake

Why doesn't outputs.conf get migrated from 3.4.x->4.0.x?

We're upgrading our forwarders and we always get the warning that outputs.conf cannot be migrated. However, simply m...
by oreoshake Communicator in Getting Data In 03-24-2010
0 1
0
1
Alan_Bradley

How to restore data in HA environment?

When we build 2 Splunk indexing servers for High Availablity, 2 Splunk indexing servers may receive the same log data...
by Alan_Bradley Path Finder in Getting Data In 03-24-2010
0 1
0
1
Alan_Bradley

How do I setup Splunk to index log4j with org.apache.log4j.RollingFileAppender

We plan to use Splunk to keep log for several java application including web server like Tomcat. Those application ar...
by Alan_Bradley Path Finder in Getting Data In 03-24-2010
2 1
2
1
hulahoop

Why is there a gap in my metrics.log?

Why would there be a gap of logged events in metrics.log between 01-21-2010 15:47:39.421 and 01-22-2010 08:53:28.231 ...
by hulahoop Splunk Employee Splunk Employee in Getting Data In 03-24-2010
0 5
0
5
Glenn

How to override Splunk renaming sourcetypes xxx-1 if field name header encountered?

This is related to an earlier question: http://answers.splunk.com/questions/490/why-do-variations-in-sourcetype-appea...
by Glenn Builder in Getting Data In 03-22-2010
2 5
2
5
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All