Getting Data In

Community Activity

TIME_FORMAT after overrided source type on a per-event basis Hello, I have a file exampleFile that has two different timestamp/event formats: ~02 07 10:19:24 OIT-FO-OFR2 NSSTRA... by bever Explorer in Getting Data In 07-24-2014 0 2	0	2
websphere startup entries Hi, I have a SystemOut.log from Websphere that needs to be indexed in Splunk. These logs all start with environmenta... by a212830 Champion in Getting Data In 07-23-2014 0 1	0	1
reading an xml file in splunk Hi, I have an xml file that I am being asked to import into Splunk. How would I configure this? by a212830 Champion in Getting Data In 07-23-2014 0 4	0	4
This script shows all servers with any RDC sessions open. i need it to just show me a specific username that is logged into any of the listed servers. Could someone help me? $servers = get-content “C:\scripts\servers.txt” foreach ($server in $servers) { $server $command = “quser /server... by chadkfranks Engager in Getting Data In 07-23-2014 0 2	0	2
How to change the index at index time I have data coming from syslog udp:514 but I want to send some events to a different index. Depending of : the hos... by mataharry Communicator in Getting Data In 07-23-2014 1 3	1	3
Dumping XML logs I want to dump the following XML log file keeping in mind the fact that it should give all the tags as a fields such ... by 20065945 Explorer in Getting Data In 07-23-2014 0 3	0	3
props.conf help Hi, I have a multi-line feed that I'm having problems with - hoping someone can help me. Here's my props.conf: MAX... by a212830 Champion in Getting Data In 07-23-2014 0 3	0	3
Recognition of FILETIME Timestamps Hello, i have the following problem: I have to read in logfiles with Splunk that contain an uncommon timestamp form... by tom_frotscher Builder in Getting Data In 07-23-2014 2 7	2	7
Universal Forwarders not forwarding windows performance monitor inputs We are experiencing issues where some of our systems which appear to be configured properly will not forward certain ... by sgarvin55 Splunk Employee in Getting Data In 07-22-2014 1 1	1	1
splunk enterprise Upgrade from 5.0.5 to 6.1.1 failing I'm upgrading splunk indexer server from 5.0.5 to 6.1.1 on Windows Server 2012. I run the installer as a administrat... by spsrasru Path Finder in Getting Data In 07-22-2014 0 4	0	4
Logging tripwire reports In my setup, I have two machines running Ubuntu Linux. On one, I have Splunk and the other I have running the univers... by Ekrell New Member in Getting Data In 07-22-2014 0 2	0	2
file integrity checking question Hi there -- One thought I had of deploying Splunk was the following scenario: Install it on one of our network serve... by kaplan71 New Member in Getting Data In 07-22-2014 0 2	0	2
File Integrity Monitoring PCIDSS Hi All, has anyone using Splunk as a file integrity monitoring system for PCIDSS? We currently use a fantastic produc... by servebase New Member in Getting Data In 07-22-2014 0 6	0	6
Windows Universal Forwarder stopped logging perfmon: How can I restore this feature? I have ~ 800 windows servers getting their configs from a deployment server. Often when i roll a new version of the p... by twinspop Influencer in Getting Data In 07-21-2014 1 4	1	4
How to delete data from disk without removing searchable portions of the index? We have a dataset that we hid from the index via a "\| delete" command, but we need the data purged from disk as well,... by mmccul SplunkTrust in Getting Data In 07-21-2014 0 1	0	1
How to configure Splunk to split logs from a single event? Hi, In my prod env, I am logging sql log in files with below given format. but splunk are not able identify each log... by rameshlpatel Communicator in Getting Data In 07-21-2014 1 3	1	3
Why props.conf configurations not taking effect? Hi, I am receiving syslog data from various type of devices, but all are on udp:514. I need to overwrite the sourcet... by ankireddy007 Path Finder in Getting Data In 07-21-2014 0 5	0	5
For Hunk, how do you configure indexes.conf to use MR v2? My provider configuration inside indexes.conf looks like [provider:analytics-emr] vix.env.HADOOP_HOME = /opt/hadoop-... by jimjh Path Finder in Getting Data In 07-18-2014 1 2	1	2
Forwarder not sending data to indexer I had a little test environment set up to test forwarding to a test indexer and it worked fine. Now, I altered the f... by OldManEd Builder in Getting Data In 07-18-2014 0 3	0	3
issues with scripted inputs and secondary groups Customer has reported an issue with Splunk scripted inputs and setgroups. An very simple example would be I have a sc... by dshakespeare_sp Splunk Employee in Getting Data In 07-18-2014 1 1	1	1
App to gather information from checkpoint firewall logs via Splunk for Windows 8.1? Hi I’m currently evaluating the Splunk Enterprise windows installation. I’m looking at how and what logs I’m able... by alanswan Engager in Getting Data In 07-18-2014 1 1	1	1
Do you have to upgrade universal forwarders when upgrading Splunk Enterprise? When upgrading splunk enterprise do you have to upgrade the universal forwarders also. Running 5.0.2 enterprise and 5... by psgorniak Engager in Getting Data In 07-18-2014 1 1	1	1
Routing Data to specific index based on filename We need to route data to specific indexes based on the file names being monitored. We are trying to get the data fro... by mookiie2005 Communicator in Getting Data In 07-18-2014 0 5	0	5
Altering sourcetype based on source in props.conf Hi, I'm trying to figure out where I'm going wrong with this. My setup consists of an indexer and several universal ... by mmcoltman Explorer in Getting Data In 07-18-2014 1 9	1	9
Retention doesn't work - what's wrong ? Hi, we configured retention policy based on the below parameters. However it doesn't work. There is no clue in the l... by mikesr Explorer in Getting Data In 07-17-2014 0 4	0	4