Getting Data In

Discussions

Thread Info

permission problem on windows with etc\system\metadata\default.meta

I installed Splunk Universal forwarder on Windows (2008 rc2), but when I tried to upgrade or to uninstall, it failed....

by Communicator in

What is the proper way to load a CSV File ?

I have a CSV file which has a header. I want to load this in SPLUNK and want to perform searches using different fiel...

by Explorer in

Using different stanza defined in props.conf with same index

Hi! I would like to ask question if something like below is possible. I already have a index A with sourcet...

by Communicator in

Bundle Replication Issue

I have an indexer that seems to be having an issue keeping up with bundles with Splunk 5.0.5. I have been though S.O....

by Motivator in

A solution for tracking hosts that stop logging

Hopefully others might find this helpful and I'm certainly open to feedback. Some of the guts of the solution can be ...

by Motivator in

Timestamp Extraction Issue

My data looks like this: { EC_reference="C0000001", Entity_name="Charter 88", Entity_type="Third Party", Regulated...

by Contributor in

Splunk 6.0 Ignoring TZ Offset

Prior to upgrading to Splunk 6 I had my props.conf configured to specify TZ's for certain host. Since upgrading to sp...

by Explorer in

pdfserver error

Has anyone seen this before? PDF server status page generates a pdf as expected and it seems to work, the error below...

by Path Finder in

Can't extract timestamp from multi-timestamp csv file

Need help, i have log file kind of: "INT","INT","INT","VARCHAR","""VARCHAR"" ","VARCHAR","VARCHAR","VARCHAR"...

by Path Finder in

How can I pass Splunk output from one Splunk server to another?

Hi, Is it possible that I have two Splunk servers running one at my office location which has historical data and ...

by Builder in

SSL connection between Indexer and Forwarder

Hi, I am not able to configure the ssl connections between the forwarder and indexer. The splunkd logs on both the...

by Path Finder in

Anyone else notice that Splunk 6 univeral forwarder SSL does not work on 32 bit Windows XP?

Looks like splunk universal forwarder fails to create server.pem on new install. As a result, no communication can oc...

by Builder in

LAN to LAN forwarding

We have several computers we are monitoring with splunk. We need to include two new computers within our department t...

by New Member in

Line_Breaker question

[operlog] LINE_BREAKER = (?m)(.\d{7}.\d\d:\d\d:\d\d.\d\d) SHOULD_LINEMERGE = false Why do my events have the...

by Explorer in

Inputs.conf Not Picking Up What I expect

I am trying to pull in a several log files that are always being updated from a folder on Windows. Here is my inputs....

by Builder in

query json for most recent 3 consecutive fails

Hi, I have json log in the following format. Each line is an event. {"receivedDate":"2013-11-08 13:13:20.236", ...

by Explorer in

Data Archiving and Clusters

I have a clustered Splunk set up with 3 indexing peers and a replication factor of 3. There are a couple of indexes t...

by Engager in

How do I block one forwarder from sending?

I have an indexer getting data from 24 hosts. We were well within our quota until two hosts were added that, for what...

by Explorer in

Filter users who appear in 2 different sourcetypes

Hi, I've got 2 sourcetypes A and B. The User X can appear in both sources. I want to achieve an analysis on source...

by Motivator in

Count the number of events but avoid counting weekend days

How would one filter out weekends in a count of events based on a search? Filter so that those days are not included ...

by Explorer in

Getting Data In

Discussions

permission problem on windows with etc\system\metadata\default.meta

What is the proper way to load a CSV File ?

Using different stanza defined in props.conf with same index

Bundle Replication Issue

A solution for tracking hosts that stop logging

Timestamp Extraction Issue

Splunk 6.0 Ignoring TZ Offset

pdfserver error

Can't extract timestamp from multi-timestamp csv file

How can I pass Splunk output from one Splunk server to another?

SSL connection between Indexer and Forwarder

Anyone else notice that Splunk 6 univeral forwarder SSL does not work on 32 bit Windows XP?

LAN to LAN forwarding

Line_Breaker question

Inputs.conf Not Picking Up What I expect

query json for most recent 3 consecutive fails

Data Archiving and Clusters

How do I block one forwarder from sending?

Filter users who appear in 2 different sourcetypes

Count the number of events but avoid counting weekend days

Splunk Translation issues

Parse log which contain unstructured and inner-jso...

Using Splunk Universal Forwarder and scripted inpu...

why Splunk is not able to index all the data from ...

Collect Perfmon counters data for ASP.NET & Paging...