Getting Data In

Community Activity

How to configure Splunk to index only security events from Windows machines? Can Splunk be configured to index only security events (failed logins, authorization changes, etc) from Windows machi... by pbrown1117 New Member in Getting Data In 07-17-2014 0 2	0	2
Configuration to forward log files to separate indexes Hello! I have an application that sends two different .log files to the C:\\Program Files (x86)\\Application\_Data d... by nissanse98 Explorer in Getting Data In 07-17-2014 0 5	0	5
Why is Splunk Truncating Multi-line Events? I'm indexing some Java application log files that use the log4j framework to output log messages. The log files are i... by sjnorman Explorer in Getting Data In 07-17-2014 0 9	0	9
Add field to all events from host Hi There, I am working on an enterprise installation. At the moment we have 1500+ hosts sending data. I'd like each ... by renems Communicator in Getting Data In 07-17-2014 1 1	1	1
Remove events to avoid delayed logging? Our generated logs need to be verified for correctness. After verification, they are sent to splunk. Problem is the... by wickman Engager in Getting Data In 07-17-2014 0 3	0	3
Splunk not applying time zone properly in clustered environment Hi, As per Splunk documentation, Splunk applies time zone in the following order Splunk Enterprise uses any time zo... by strive Influencer in Getting Data In 07-16-2014 2 5	2	5
filter indexing with transform Hi, I want to only index result of this before the log flow enter the index. I want it to calculate this and then ent... by levent_kurt Explorer in Getting Data In 07-16-2014 0 1	0	1
Master clustering dashboard - how to get status? On a master node, the clustering dashboard has a column called 'status' for indexers and search heads. They're either... by johntobin Explorer in Getting Data In 07-16-2014 0 3	0	3
Splunk web app not receiving message from client Hi All, I am new to this splunk community and as such usage of splunk in general. I have a unit which is configured ... by fortinet1 Explorer in Getting Data In 07-16-2014 1 5	1	5
Prevent escaping of special characters Hi there, I'm reading files with fixed width fields into splunk. For extraction and masking of dedicated fields I ne... by bleinfelder Path Finder in Getting Data In 07-16-2014 0 3	0	3
Line Break multiple access logs I need to line break, starting at the IP and end with the time. ex: 74.100.11.60 xx.x.xxx.xxx:59726 - Unauthenticate... by dperry Communicator in Getting Data In 07-15-2014 0 3	0	3
How to send events from same path to different indexes depending on host using a single deployment? Hello. Here's my situation. I am using the deployment server to push deployments to universal forwarders and woul... by mfrost8 Builder in Getting Data In 07-15-2014 1 3	1	3
Specific props.conf stanza type and supporting documentation? I've noticed in another Splunk environment at my site that they've set up what appear to be undocumented stanzas in p... by pkeller Contributor in Getting Data In 07-15-2014 0 2	0	2
Missing columns when exporting to CSV Hello, I have a search that returns 3 columns of data allowing us to check the first logon of the day (or last logof... by rhysjones Path Finder in Getting Data In 07-15-2014 0 8	0	8
Lookup field and use it as "Text Form Input Element" Hi, is it possible to add field via lookup and use this as text form input element? I tried it out by using this xml... by HeinzWaescher Motivator in Getting Data In 07-15-2014 0 13	0	13
Problems creating an UDP input: Error binding to socket in UDPInputProcessor: Permission Denied Hello, After a new installation of universal forwarder 6.1.2 on a new RHEL6 machine we have just copied the appropri... by psobisch Path Finder in Getting Data In 07-15-2014 0 2	0	2
How to get ftp files into splunk using script Hi All, How to store ftp files into splunk using any script. any one have the script plz share me. by mvaradarajam Path Finder in Getting Data In 07-14-2014 0 1	0	1
how much data does a particular sourcetype ingest daily i am trying to modify the below search index=internal metrics kb series!=* "group=per_host_thruput" daysago=5 \| eval... by gurinderbhatti Path Finder in Getting Data In 07-14-2014 1 10	1	10
front end What is the front end used if the inputs are in xml format? by Mubarish Path Finder in Getting Data In 07-14-2014 0 7	0	7
Ignoring events confusion Hi Guys I have a quick and probabyly simple question, I needed to ignore an event for arguments sake lets call it ev... by AaronMoorcroft Communicator in Getting Data In 07-14-2014 0 2	0	2
How to configure path to log files present in remote servers? Hi All, I recently installed splunk to analyze the logs. These logs were recorded in remote server. I want configure... by vittalkumar New Member in Getting Data In 07-14-2014 0 1	0	1
How to alert on noise messages while preventing indexing for most of them We index logs from an application that is generally well behaved, but occasionally it gets into a state where it star... by teedilo Path Finder in Getting Data In 07-13-2014 1 4	1	4
unconfigured host showing up in results when searching for a specific index and sourcetype, the results come from a host that is not configured anywhere in s... by gurinderbhatti Path Finder in Getting Data In 07-13-2014 0 8	0	8
How to exclude internal ips from a lookup file \|inputlookup internal_ip.csv gives me list of all internal IP's. I need to exclude these IP's in my below search quer... by webnair Explorer in Getting Data In 07-13-2014 1 3	1	3
How to break multi-line event logfile so event starts when date found at beginning of a line? Hi, I have a multi-line event logfile that I'm having issues with. I want to say that an event starts when it finds... by a212830 Champion in Getting Data In 07-12-2014 0 2	0	2