Getting Data In

Community Activity

Props.Conf Field Extraction for a .CSV I'm trying to create a props.conf for a .CSV, but I am unsuccessful and believe its because of the field extraction. ... by _gkollias Builder in Getting Data In 03-13-2014 0 8	0	8
Removed the syslog-host transform - but hostname is still getting pulled from /var/log/messages Sourcetype=syslog results are picking up the short hostname from the /var/log/messages file. I tried to correct this... by di2esysadmin Path Finder in Getting Data In 03-13-2014 1 5	1	5
Best way to get JunOS logs into Splunk Hi, I am new to Splunk and I am trying to workout the best way to get logs from JunOS based firewalls into Splunk. I... by craigallen Engager in Getting Data In 03-13-2014 1 2	1	2
Splunk Universal Forwarder getting behind forwarding events I have periodically seen issues where log entries sometimes take a while longer than expected to show up on our index... by gn694 Communicator in Getting Data In 03-12-2014 0 10	0	10
Need help for forwarding data to indexer: configuration monitor I am trying to forward only CPU/Memory load log to the indexer. Here is what I've done so far: Installed indexer(jus... by qubick Path Finder in Getting Data In 03-12-2014 0 1	0	1
How to add field with random value at index time Hello, I have a quick question : There is a way at index time to add a field witch could represent something like ... by Micmac Path Finder in Getting Data In 03-12-2014 0 1	0	1
Remote administration of inputs.conf on a Windows forwarder. Using 6.01. I understand that the inputs.conf in /etc/system/local can't be managed from the deployment server. The... by RVDowning Contributor in Getting Data In 03-12-2014 2 9	2	9
splunk forwarder local vs app I understand when I install a windows forwarder I end up with MSI.., learned, univforw, serac, etc... My question is... by GArienti Explorer in Getting Data In 03-12-2014 0 1	0	1
loglevel detection incorrect - How do you re-align/transform it? Hi, I'm a relative newbie at this stuff so please bear with me if I am asking a stupid question. I have an index tha... by Splunkdoobiest Engager in Getting Data In 03-12-2014 0 4	0	4
Summary indexeing in Distributed Search environment Hello, I was planning for summary indexing. I did two custom indexes and ran the searches. After couple of days i rem... by linu1988 Champion in Getting Data In 03-12-2014 0 9	0	9
Cisco switch not showing logs on Splunk Server Hi Experts, I have configured my Splunk server to as a receiver on port 9997 and my unix/Linux UFs are forwarding da... by pgadhari Builder in Getting Data In 03-12-2014 0 3	0	3
Issues with applying blacklists on a light fowarder So I have a syslog-ng running and splunk running picking up everything under /var/log/syslog-ng/general/ My regex sk... by Pierceyuk Path Finder in Getting Data In 03-12-2014 0 2	0	2
Extracting value from XML tags Hi, Can you help me out in extracting information between the XML tags and perform division operation on it. In my ... by sushma6 New Member in Getting Data In 03-11-2014 0 2	0	2
Universal Forwarder and CSV (from Remote System) Hi, I have a Universal Forwarder whose source file is reading all files in a specific directory , the dir has many f... by nikhilmehra79 Path Finder in Getting Data In 03-11-2014 0 17	0	17
parse snmp result Hello Experts, I'm using snmp-modular--input app to get my device stats using multiple object ids (get next, not bul... by ragkna New Member in Getting Data In 03-11-2014 0 4	0	4
No available server list on /opt/splunkforwarder/bin/splunk list forward-server I installed indexer (an instance of spunk) to the server, enabled, and opened 9997 port. Also installed splunkforward... by qubick Path Finder in Getting Data In 03-11-2014 0 2	0	2
Setting the time the event occured Hi all, I am streaming TCP data into splunk which comes in the format of this. timestamp="09/15/2008 21:16:46" path... by sklass Path Finder in Getting Data In 03-11-2014 0 3	0	3
DB Connect - EPOCH TimeStamp Hi, I'm currently indexing my WHMCS logs using DB Connect. I need know how to change existing indexed time (EPOCH) a... by j666gak Communicator in Getting Data In 03-11-2014 0 2	0	2
Ignore time stamp from the event Adding below attribute in props.conf to ignore the time stamp from the event isn't working. DATETIME_CONFIG = NONE ... by pradeepkumarg Influencer in Getting Data In 03-11-2014 0 1	0	1
Splunk for Amazon S3 Add-on not able to fetch all logs I'm testing out Splunk for indexing Amazon CloudFront logs which get stored automatically into Amazon S3. I'm attempt... by adamb0mb Explorer in Getting Data In 03-11-2014 1 7	1	7
Cannot export the whole search result to csv I am using Splunk 5.0.4 and accessing splunkweb with IE8. I am trying to export my search results to csv but every ti... by cwl Contributor in Getting Data In 03-11-2014 2 1	2	1
File Monitor Not Assigning the right host name Here is a portion of my inputs.conf [monitor:///mnt/log/192.168.100.200/messages] disabled = false followTail = ... by hartfoml Motivator in Getting Data In 03-11-2014 0 2	0	2
Splunk Cluster Agent Forwarding DATA to Peer nodes In regards to the forwarding configuration we do have two issues 1.The puppet module is not able to set the target in... by ramanapvr New Member in Getting Data In 03-11-2014 0 1	0	1
Change multiple users timezone Hi all, How can we change the user timezone for all users under: Settings -> Access Controls -> Users? thanks, ofer... by oferprtz Path Finder in Getting Data In 03-11-2014 0 3	0	3
How to forward only specific Windows eventlogs via Splunk Universal forwarder I need to monitor only logs with Event code = 5410,6913. How can i setup this in forwarder ? please suggest some help by chimbudp Contributor in Getting Data In 03-10-2014 2 3	2	3