Getting Data In

Community Activity

Heavy forwarder filters Hi, I want to filter some events in my heavy forwarder device. I want discart events what contain "PIX" but it is no... by apezuela Explorer in Getting Data In 03-18-2014 0 2	0	2
outputs.conf direct to indexer based on index I'd like to install the LFC on several hosts have them forward data to one of two indexers based on the index the dat... by rtadams89 Contributor in Getting Data In 03-18-2014 0 1	0	1
Why are null characters ("\x00") appearing in events assigned a sourcetype by a forwarder? I have a forwarder (4.2, build 96430) set up on one server to forward logs to two indexers (4.3, build 115073). When... by lsouzek Explorer in Getting Data In 03-18-2014 4 15	4	15
Splunk DB Connect Hi my team Manager has installed Splunk DB Connect App,how can i figure if he has installed the Database drivers. An... by harshavrath Contributor in Getting Data In 03-18-2014 0 4	0	4
Where does the Universal forwarder cache its data if the indexer is down? Where does the Universal forwarder cache its data if the indexer is down? by aberdamy Explorer in Getting Data In 03-18-2014 0 3	0	3
Splunk for Network Device Monitoring Hi Can Splunk forwarders be installed on network switches to capture data? I have a CISCO network switch from which I... by ncbshiva Communicator in Getting Data In 03-18-2014 2 5	2	5
DBConnect question This is a questions comming from a current Splunk customer on DBConnect. They have an in house component developed o... by wdeoliveira_spl Splunk Employee in Getting Data In 03-18-2014 0 3	0	3
Forwarded TZ won't be "translate" in own TZ Hello everyone, I have following problem: I oberserve one host with splunk. The host has the timezone GMT+1:00. The... by chrisitanmoleck Path Finder in Getting Data In 03-18-2014 0 1	0	1
Splunk - Flat file - Field Extraction - Transforms.conf Hi, I want to extract the fields using transforms.conf from a flat file. The file contains the following fields. Ther... by vasanthmss Motivator in Getting Data In 03-18-2014 2 1	2	1
Why my inputs.conf doesn't run? I have a starter_script.bat in $splunk_home\etc\apps\MyApp\bin, and its content are: @echo off python "C:\Pro... by sjlin Explorer in Getting Data In 03-17-2014 0 7	0	7
Select distinct events Hello, I need to go over every item in our syslogs so I was wondering - how would I do the equivalent of a "select d... by bagojunk Engager in Getting Data In 03-17-2014 0 7	0	7
timestamps and timezones Why does Splunk not transform the event's timestamp to my browser's locale? Am I wrong that this is not the case? by ozemmett New Member in Getting Data In 03-17-2014 0 4	0	4
Multiple copies of Windows Log Events in Splunk Hi, We are working on events from the Windows event logs using an Universal Forwarded on our server and Splunk Enter... by womblesplunk New Member in Getting Data In 03-17-2014 0 3	0	3
Highly Available Forwarder? Anyone have highly available forwarders deployed? Looking for the 'best' solution. Hate to drop logs during maintena... by garyewhite Explorer in Getting Data In 03-17-2014 0 7	0	7
Universal Forwarder upgrade Is the 6.0.2 Universal forwarder compatible with the 6.0.1 indexer? In other words, are the latest universal forward... by aberdamy Explorer in Getting Data In 03-17-2014 0 2	0	2
Multiple File Locations to Single Sourcetype I currently have two methods of collecting IIS logs, Syslog & UF. As IIS can have multiple log locations depending o... by ltrand Contributor in Getting Data In 03-17-2014 0 3	0	3
New install fails to start - Splunk Universal Forwarder I have successfully installed and configured Splunk and forwarders on OSX and Ubuntu systems but I have two Ubuntu sy... by nb41n Engager in Getting Data In 03-17-2014 0 5	0	5
timestamp question hI, Setting up a syslog feed and run into something that I haven't yet: 2014-03-17T02:02:26-04:00 What does the T ... by a212830 Champion in Getting Data In 03-17-2014 0 6	0	6
Deleting Data Source. I have created a new data input using files and directories option in splunk web. I have put 3 excel files. Later I h... by jimjohn Path Finder in Getting Data In 03-17-2014 0 1	0	1
Delete/clean all the contents of splunk Hi. How to delete/clear all the indexed events,saved searches.How to make it brand new as it was after installing fo... by harshavrath Contributor in Getting Data In 03-17-2014 0 4	0	4
configuring a pass-through Hi, I want to setup a universal forwarder send events to a heavy forwarder (lots of events, with lots of parsing) an... by a212830 Champion in Getting Data In 03-16-2014 0 5	0	5
Exchange 2010 Mailbox Audit Logs Is Splunk able to collect exchange 2010 mailbox audit logs from each mailbox and how? The mailbox audit logs are writ... by vikdiva New Member in Getting Data In 03-16-2014 0 1	0	1
Splunk Not indexing data Hello It looks like the HF's which are parsing our syslog data are not able to do it. I see all these errors. Any ... by theouhuios Motivator in Getting Data In 03-16-2014 0 1	0	1
Database to file Hi, Is there a way to extract data from an database on regular intervals & save it in an file which can be supplied ... by harshavrath Contributor in Getting Data In 03-14-2014 0 5	0	5
Indexing a syslog file - doesnt give expected output Raw Logs: Fri Mar 14 11:16:16 2014$SERVICEALERT$HOST1$SERVICE1$OK$PROCS OK: 1 process OK Fri Mar 14 11:17:11 2014$HO... by splunker12er Motivator in Getting Data In 03-14-2014 0 1	0	1