Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Invoke "oneshot" via remote CLI

Is it possible to use the oneshot command from a remote server. Essentially we have a series of logs that are not ...

by Path Finder in

OK to specify host on each log line instead on path?

I have a log, representing data from multiple hosts, with lines like this: 7/30/2010 4:11:52 PM host=OAK06VMH load...

by Contributor in

Can the retention policy be based on both time AND space?

In other words, can I set 30 days OR 700G (for instance)? The docs aren't clear on how to do that.

by Communicator in

Is it necessary to define your fields ahead of time?

Hello all, I'm new to Splunk, so please bear with me as I ask a really n00bish question. Is it necessary to define...

by Engager in

Setting the homePath option in indexes.conf on Windows?

On Windows, I want to set the homePath in my indexes.conf file for a new index I created, which is located on my E:\ ...

by Splunk Employee in

How to get WMI Perf counters that are in ms

I have a WMI Perf counter query that always returns zero in Splunk as the values are always < 1 second. It looks like...

by New Member in

cannot find sourcetype squid

I am trying to analyse a squid access log for top 10 reports (top sources, top destinations, etc.) I imported the ...

by Explorer in

Status of tailing gz files

In this answer I can see there is ways to get the status of the tailing processor on a box. Only problem is it looks ...

by Path Finder in

How do I get my Splunk server to start reading syslog files on it again?

I turned off the syslog server running alongside Splunk and configured Splunk to listen on 514. It indexed the forwar...

by Explorer in

Newbie Syslog question

Hi There.. What is the best way to accomplish the following: I have several users who are on XP notebooks who need to...

by Engager in

Syslog Data Storage

I have version 4.1 and have it set up to recieve syslog data directly from various servers but I only want to hold th...

by Engager in

Session variable

Hi there.Lets see if someone can help me with this. We have this requirement: We have several saved searches and r...

by Path Finder in

Default value for transform

FORMAT = <string> * The special identifier $0 represents what was in the DEST_KEY before this regex was performed. ...

by Path Finder in

replacing inputs.conf

This would be a very trivial question, but what are the circumstances when splunk re-indexes new data? Replacing an e...

by Path Finder in

Help needed in splunk setup

Hello , We have splunk 3.4.6 installed on one of our servers locally, on that server it was configured so that it ...

by New Member in

Best way to write syslog to a file on windows?

According to the wiki the best practice for syslog is having another program write the files to disk then have Splunk...

by Motivator in

Timestamp configuration for different sourcetypes of the same source

Hi, I have used props.conf and transforms.conf to configure two different sourcetypes coming to Splunk from udp:514. ...

by Path Finder in

How do I get syslog from an F5 BIG-IP?

I see the BIG-IP can send syslog for administrative activity. I want to send syslog for all the HTTP requests the loa...

by Splunk Employee in

api REST searching on partial job results

I am running a pretty basic search such as this email="someemail@domain.com" OR email="someemail@domain.com" ...

by Splunk Employee in

Whats the difference between _whitelist and whitelist?

I think I found the answer to my question when I was writing it. From http://www.splunk.com/base/Documentation/4.1...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Invoke "oneshot" via remote CLI

OK to specify host on each log line instead on path?

Can the retention policy be based on both time AND space?

Is it necessary to define your fields ahead of time?

Setting the homePath option in indexes.conf on Windows?

How to get WMI Perf counters that are in ms

cannot find sourcetype squid

Status of tailing gz files

How do I get my Splunk server to start reading syslog files on it again?

Newbie Syslog question

Syslog Data Storage

Session variable

Default value for transform

replacing inputs.conf

Help needed in splunk setup

Best way to write syslog to a file on windows?

Timestamp configuration for different sourcetypes of the same source

How do I get syslog from an F5 BIG-IP?

api REST searching on partial job results

Whats the difference between _whitelist and whitelist?

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

Where to implement Ingest Actions?

Why am I receiving unwanted HB (Heartbeat ?) logs ...

Splunk OTEL Forwarder- Is there a values.yaml file...

Renamed serverclass, but not updated in data input...

How do I ship json file uusing HTTP Event Collecto...