Getting Data In

Discussions

Thread Info

Timestamp format for 12-HR format

9/12/12 2:25:57.000 PM Hi all, Above is my timestamp and I'm using "%d/%m/%Y %H:%M:%S %p" The format that I ...

by Explorer in

Accessing metadata from the format option in transforms.conf

Functionally, here's what I am looking to do. I want to take the host (NJROS1BVA0597), append the source type (VM88 o...

by Communicator in

XenApp 4.5 on Windows 2003

Hi everyone, I've read the deployment docs and it looks like it will not work if our XenApp runs on Windows 2003 3...

by Path Finder in

Windows 2003 Event Logs

I am able to gather Windows 2008 logs with no problems, but when I add a forwarder to a Windows 2003 box I get no log...

by Path Finder in

How to configure int64 epoch nanosecond timestamp as _time

So I tried pattern as \d{18} for events looking like: 1351623403000225565 Type=VARIABLE, blah blah 13516234030002255...

by Path Finder in

Identifying non-reporting hosts via correlation with DNS.

Hi guys, I'm trying to define a search to spot Active Directory domain controllers which have not (and possibly ne...

by New Member in

Configuring Inputs.CONF to Index Logs from HTTP Location

I haven’t set this type of input before. I have logs available over http from a URL like below. The typical user view...

by Path Finder in

how can I delete or archive old data

There're 300G disk space in my server, how can I delete or archive old data in splunk ? Thank you !

by Communicator in

multiple events and multiple key-value pairs (one being timestamp) in one json

Hi I have series of two key-value pairs (timestamp and some other key) on one json file, which looks like below: ...

by Engager in

how to sum numbers with space in them

I have a field called size that takes the form: 1 2 3 4 I want to find someway to evaluate size so that is sums a...

by New Member in

Forwarding a scripted input from /var/log/messages

I am trying to forward input from a universal forwarder to a regular Splunk installation on my desktop. The univer...

by New Member in

Key value pairs vs. JSON format and multiple key value pairs

Hello, I am a new user to splunk and logging in general. So, appreciate your patience if my questions are fairly s...

by Engager in

extremely slow Search head on windows 2008 R2 standard

Hi, is anyone out there having a Slow search and missed alerts on Search head. we have installed search head on 64 bi...

by New Member in

Controlling Forwarders, and "spam" into Splunk

We have a very large environment.. and with Splunk charging by the GB/day, we obviously have an interest in controlli...

by Communicator in

Truncate on a SplunkUniversalForwarder

One of my sources coming from a universal forwarder needs to have have it's truncate option set to 0. I have edited t...

by Explorer in

Deleting data inputs

Hi, I am new to splunk and when i add datainputs i was not known about the timestamp issue and later i explored it. w...

by Explorer in

Splunk syslog event count too low compared to kiwi syslog server on Windows platform

I have configured approx. 100 access points to send syslog events to both Splunk and to a kiwi syslog server I have s...

by New Member in

Under what situation would one monitor a rolled log file?

I've heard that Splunk recommends monitoring of rolled log files (eg. file.log.1, file.log.2, etc) under certain situ...

by Champion in

Starting point of index

Hello, i would like to add a monitor for EventLog:Security. This EventLog contains many entries, and if i add it d...

by New Member in

HowTo pull logs into trusted network from a forwarder located in DMZ

Hello, I search a way to get realtime logs from DMZ-Zone into a Trusted Network, where the Indexer is located. A Fo...

by Explorer in

Getting Data In

Discussions

Timestamp format for 12-HR format

Accessing metadata from the format option in transforms.conf

XenApp 4.5 on Windows 2003

Windows 2003 Event Logs

How to configure int64 epoch nanosecond timestamp as _time

Identifying non-reporting hosts via correlation with DNS.

Configuring Inputs.CONF to Index Logs from HTTP Location

how can I delete or archive old data

multiple events and multiple key-value pairs (one being timestamp) in one json

how to sum numbers with space in them

Forwarding a scripted input from /var/log/messages

Key value pairs vs. JSON format and multiple key value pairs

extremely slow Search head on windows 2008 R2 standard

Controlling Forwarders, and "spam" into Splunk

Truncate on a SplunkUniversalForwarder

Deleting data inputs

Splunk syslog event count too low compared to kiwi syslog server on Windows platform

Under what situation would one monitor a rolled log file?

Starting point of index

HowTo pull logs into trusted network from a forwarder located in DMZ

How do i display only specific field values in a t...

Error Message Splunk could not get the description...

DBConnect scripted SQL retrieval

Get count of top level keys from JSON?

Failed to reap viewstate