Getting Data In

Community Activity

Question on heavy forwarder Heavy forwarders can index and forward the data to Splunk indexers. In this case do we need any local configurations ... by splunker12er Motivator in Getting Data In 03-23-2014 0 1	0	1
striptime not parsing time stamps Im having trouble with data previewer not recognizing the striptime in my logs. Any help would be much welcome! Tha... by smudge797 Path Finder in Getting Data In 03-22-2014 0 6	0	6
Security logs from EMC Celerra Does anyone have experience reading security logs from an EMC Celerra? Our storage people are able to export a "live... by zafunt Explorer in Getting Data In 03-21-2014 1 2	1	2
Can Splunk Auto Change Sourcetype If Input Format Changes Hello, I have added a new input that looks like this: > ... > Start calculating postfix queue depth on server1.... by rpettymb New Member in Getting Data In 03-21-2014 0 5	0	5
Can I delete specific data from an index? I know this has been asked before, but I'm hoping that I've misunderstood how deletion works. The situation is that ... by dc99dc99 New Member in Getting Data In 03-21-2014 0 3	0	3
How do I delete all references of a host so it stops showing up on the host list? I've already deleted all references to the host in question in the internal indexes using the "\| delete" search comma... by jradkowskiAAMC Explorer in Getting Data In 03-21-2014 4 7	4	7
Help creating a dashboard I have vmware view data going into splunk and i currently send alerts to an email group if a pooled image (TotalVMs>1... by jaywv6299 New Member in Getting Data In 03-21-2014 0 2	0	2
timestamp base on filename Though the row data has timestamp but I want to replace this timestamp with date of the filename. For example: even... by ray_cao Engager in Getting Data In 03-21-2014 0 4	0	4
After upgrading to 5.0.3, I can only export 100 lines of csv via UI. Upgraded from 4.3.x to 5.0.3 this week and noticed that exporting from UI only produces 100 lines of CSV. Yes, I che... by the_wolverine Champion in Getting Data In 03-21-2014 0 4	0	4
Splunk DB Connect with Teradata I am setting up a database connection to Teradata with the DBX app. I need to insert data from Splunk into this datab... by ShaneNewman Motivator in Getting Data In 03-20-2014 0 1	0	1
Transforms before or after detection of timestamp in props.conf Hi All, I am getting some annoying messages in splunkd.log 03-20-2014 15:47:27.631 +1000 WARN DateParserVerbose - ... by phoenixdigital Builder in Getting Data In 03-20-2014 0 4	0	4
Time stamp is not being recognized The logs below are a sample and splunk seems to deal with them most of the time, occasionally Im seeing the logs merg... by smudge797 Path Finder in Getting Data In 03-20-2014 0 5	0	5
SEDCMD with multiline mode doesnt work Trying to discard part of an event using SEDCMD doesnt seem to work. I was expecting everything between 'Subject' .. ... by noveix Explorer in Getting Data In 03-19-2014 0 2	0	2
Filter records based on whether any records of a group match a given criteria In general, I am trying to filter records based on whether any records of a group match a given criteria. Specifical... by landen99 Motivator in Getting Data In 03-19-2014 0 8	0	8
Custom script input - How to let Splunk handle files through a custom script that will stream converted data to be indexed Hi, I'm currently working on an application that handles files with a very specific format Splunk cannot directly m... by guilmxm Influencer in Getting Data In 03-19-2014 0 4	0	4
IndexQueue and AuditQueue blocked on Universal Forwarder On a universal forwarder that is apparently sending data, there are a large number (5.5k of blocked=true queue messag... by David Splunk Employee in Getting Data In 03-19-2014 1 1	1	1
Time differece How to get the total hours rendered if i have fields start_time and end_time ex. 09:00-18:00 = 9 by aquillius New Member in Getting Data In 03-19-2014 0 3	0	3
Configer time Hi How can i configure sulunk to read timestamp from input files. I have a set of log files which is of format log_M... by SplunkBaby Explorer in Getting Data In 03-19-2014 0 1	0	1
Timestamp extraction problem, not pulling timestamp from field I have the following events that I am trying to pull the timestamp out of the Time field, seems pretty straightforwar... by markucsb Explorer in Getting Data In 03-19-2014 0 12	0	12
Forwarder keeps crashing We have on Server with 3 forwarders installed. One of those are not working anymore. It keeps crashing shortly after ... by djcmay Explorer in Getting Data In 03-19-2014 0 1	0	1
tuning of file monitoring Good afternoon, I try monitoring of files. Version of Splunk is 6 . I faced unclear problems for me: 1) How to monito... by vinchakov_a Path Finder in Getting Data In 03-19-2014 0 6	0	6
Add index name during silent installation of Universal Forwarder http://docs.splunk.com/Documentation/Splunk/6.0.2/Forwarding/DeployaWindowsdfviathecommandline I am installing the U... by sephora_it Explorer in Getting Data In 03-18-2014 1 2	1	2
Heavy forwarder filters Hi, I want to filter some events in my heavy forwarder device. I want discart events what contain "PIX" but it is no... by apezuela Explorer in Getting Data In 03-18-2014 0 2	0	2
outputs.conf direct to indexer based on index I'd like to install the LFC on several hosts have them forward data to one of two indexers based on the index the dat... by rtadams89 Contributor in Getting Data In 03-18-2014 0 1	0	1
Why are null characters ("\x00") appearing in events assigned a sourcetype by a forwarder? I have a forwarder (4.2, build 96430) set up on one server to forward logs to two indexers (4.3, build 115073). When... by lsouzek Explorer in Getting Data In 03-18-2014 4 15	4	15