Getting Data In

Community Activity

Scripted input with current time and line merge Hi, does anyone known how to setup scripted input. For example netstat from Unix app with current time and line mergi... by koudis Explorer in Getting Data In 06-20-2014 0 3	0	3
Forwarding between multiple forwarders then to indexer My Splunk architecture is like this I have three data centers (DC) and one each heavy forwarder in them .In each DC ... by ramsanga Explorer in Getting Data In 06-20-2014 0 2	0	2
Date and time issue: Why event logs have timestamps 2017 and 2018? Hi- There is an issue in my Splunk regading time and date of each events. Some events have year2017,year2018 in the ... by Isaias_Garcia Path Finder in Getting Data In 06-19-2014 0 3	0	3
Why is configured prod_forwarder getting serverClass blacklist/whitelist configs from other environments? So I seem to be having an issue with blacklists and whitelists. I've got the following configured below, but for some... by emalenfant Explorer in Getting Data In 06-19-2014 1 4	1	4
How to get detailed report of installed forwarder on Windows deployment Server? Dear All, We have installed some forwarders on windows machine and made them as deployment client and we want to kno... by gajananh999 Contributor in Getting Data In 06-19-2014 0 2	0	2
How to use wildcards in [monitor://...] along with whitelist pattern? This should be an easy one... This works great [monitor:///opt/tcserver/server/appname/logs] whitelist = \.log$\|\.l... by neiljpeterson Communicator in Getting Data In 06-19-2014 0 5	0	5
Splunk Forwarder v6 - verify timezone How can I see what timezone the forwarder is using in my v6 to v6 splunk setup? I'm just curious to verify it's set... by BP9906 Builder in Getting Data In 06-19-2014 0 1	0	1
XML indexing using TRUNCATE and crcSalt together fails Having a hard time getting this right, if (TRUNCATE = 0) or (crcSalt = ) are used by theselfs they work. Does inputs.... by lmacneil76 Explorer in Getting Data In 06-18-2014 0 1	0	1
Indexing data with multiple headers Hi I got a file like this: "No.","time",Header1,Header2,...,Header128 "1","2013/10/18 14:59",Value1,Value2,...,Value... by timmalos Communicator in Getting Data In 06-18-2014 0 11	0	11
indexer configured but inactive on new Linux servers I have been working on configuring splunk on the new Linux servers that were added to our environment. I ran into som... by prathyusha_99 Engager in Getting Data In 06-18-2014 1 2	1	2
Can Splunk Universal Forwarder be installed on EMC NAS running DART 7.1.74-5 OS? We have EMC NAS device with specifications- EMC VNX 5500 file system NAS running DART 7.1.74-5 OS. Can a Splunk UF b... by tcalhoon Explorer in Getting Data In 06-18-2014 1 1	1	1
Windows Last Logon Hi, i'm trying to make a request to get the last logon for each users in my windows infrastructure; i have a simp... by Ed_Alias Path Finder in Getting Data In 06-18-2014 0 8	0	8
Newly created logs from a currently monitored directory is not showing in Splunk I have the below config setup in inputs.conf to monitor all logs found in /var/log directory ( e.g. messages,mailog,n... by Isaias_Garcia Path Finder in Getting Data In 06-18-2014 0 4	0	4
How to calculate Average duration based on Timestamp? My log looks something similar to this. I will have at least 100 different durations per hour. (Duration is the time ... by thiagarajan Explorer in Getting Data In 06-17-2014 0 6	0	6
Poking TCP Ports from Windows PowerShell A vendor is requesting that we Poke several TCP ports and send specific text to capture application status. "Poke 808... by ShaneNewman Motivator in Getting Data In 06-17-2014 1 4	1	4
Is there a way to limit the thruput of my forwarder? I don't want my forwarder to consume too much bandwidth or other server resources sending out data. How can I limit ... by the_wolverine Champion in Getting Data In 06-17-2014 1 3	1	3
Extracting fields from JSON - Whois Add On Hello, I am using the Whois Add On to get Whois information from ip addresses. Here is an example: index=pan* dest!... by zowa Engager in Getting Data In 06-17-2014 0 2	0	2
apache access_common sourcetype not working Hello, I have recently configured a Splunk light forwarder to monitor an apache access_log. I specified that the fi... by sf_user_199 Path Finder in Getting Data In 06-17-2014 1 3	1	3
timestamp contain T between date and time Hi All The timestamp is in the format T , e.g: 2014-06-05T05:03:53-07:00 Is there any configuration supported in S... by jayannah Builder in Getting Data In 06-17-2014 2 5	2	5
SNMP Modular Input trap issue Hi, I'm trying to setup Splunk as a trap listener via the Modular Input for some testing. My inputs.conf looks like... by clymbouris Path Finder in Getting Data In 06-16-2014 0 1	0	1
Yet more timezone excitement I have logs with a timezone specified like: 2014 Apr 30 20:37:31:001 GMT -5 There is a space between the GMT and th... by sseekamp Explorer in Getting Data In 06-15-2014 0 3	0	3
Field transformation based on source Hi All, We log data from devices belonging to different customers, they are written to our syslog server in files n... by stefan_radovano Explorer in Getting Data In 06-14-2014 1 6	1	6
kv_mode=json with combined json / textual loglines I currently index a range of semi-structured log lines which contain a mix of textual and json data. I've recently up... by simonroberts2 Engager in Getting Data In 06-13-2014 3 2	3	2
Disable the Universal Forwarder Clients what is the best ways to disable the universal Forwarder Clients sending data to the indexer. I tried deploying an a... by tlow Explorer in Getting Data In 06-13-2014 2 2	2	2
Checking conf files for problems... On Splunk start up I see: Undocumented key used in transforms.conf; stanza='anon' setting='DEST_KEY' key='raw' Please... by rroberts Splunk Employee in Getting Data In 06-13-2014 0 2	0	2