Getting Data In

Community Activity

Forward specific index to a specific receiver Hello, i have three index : A, B, C on my heavy forwarder and i want to forward to different receiver, example : A ... by ddarmand Communicator in Getting Data In 01-07-2014 0 2	0	2
Determining which all files are already indexed in a directory which is being monitored by a monitor mode Assuming we are indexing files in a directory which is in a monitor mode, then how to determine how many files are be... by dishasaxena Path Finder in Getting Data In 01-07-2014 1 4	1	4
location of configuration for inputs set up with installer windows based forwarder We have set up universal forwarders on Windows. During the setup one can specify to monitor a specific folder and not... by dominiquevocat SplunkTrust in Getting Data In 01-07-2014 0 5	0	5
How to remove the duplicate logs or events? I have this serch string source=/xxxx/log/xxxx/server.log ERROR and i got this: 2014-01-06 13:28:33,828 ERROR xxx.... by Isaias_Garcia Path Finder in Getting Data In 01-06-2014 0 7	0	7
Archive Signing Hi, I am using a script for archiving logs from colddb to a desired location. I have used the coldToFrozenExample.py... by garima_chauhan Path Finder in Getting Data In 01-06-2014 0 3	0	3
Splunk indexing using everyother fieldname I am running into an issue with my transforms and props config files, my data is being logged properly to my index bu... by JoeSco27 Communicator in Getting Data In 01-06-2014 0 7	0	7
Getting error "no logon servers available" when i try to log onto the windows machine I have 2 splunk servers in completely separate environments. After a couple days when I try to logon to these servers... by jbsplunk Splunk Employee in Getting Data In 01-06-2014 5 1	5	1
Splunk went loco... reporting it indexed 250+ GB in half an hour when it didn't Here's the long and short of it. My Splunk instance went nuts and said it indexed 250+ GB in a very short time. I sta... by juriggs Path Finder in Getting Data In 01-06-2014 0 4	0	4
"Splunk could not get the description for this event" I am uploading evtx file(eventlog files) into a splunk(v5.0.2) manually without using forwarders. The events found in... by ChhayaV Communicator in Getting Data In 01-06-2014 0 1	0	1
Mysql Connector I need splunk Mysql connector but i could not download from splnukbase, because no download button, only Request Info... by aryputra New Member in Getting Data In 01-06-2014 0 1	0	1
TAs with redundant perfmon inputs We recently deployed the Splunk for Exchange app, and I just happened to notice that some perfmon information from th... by dlofstrom Path Finder in Getting Data In 01-06-2014 0 1	0	1
Is it possible to skip the default indexing in splunk? Is it possible to skip the default indexing that happens in splunk. I would like to get the raw data back without ind... by saipavan Explorer in Getting Data In 01-05-2014 0 4	0	4
Rotating Data to Frozen After Time Period What is the best way to rotate events into Frozen OR delete events that are older than 18 months? I can think of a f... by andrewkenth Communicator in Getting Data In 01-03-2014 1 7	1	7
Where can I find my sourcetype definitions? It's my understanding that sourcetypes are defined in props.conf and potentially transforms.conf. We have a sourcety... by johnstetter Explorer in Getting Data In 01-03-2014 0 3	0	3
Why is my Heavy Forwarder initiating TCP scans and sweeps I'm getting alerts from my firewall that my Heavy Forwarder Unix box (only program that's installed) is initiating TC... by DavidHume0507 Engager in Getting Data In 01-03-2014 0 1	0	1
Instructions for Windows: I don't use Mac OS If you go to: (Splunk Web Framework Overview) http://dev.splunk.com/view/web-framework/SP-CAAAER6 Getting Started la... by dmcguerty Explorer in Getting Data In 01-03-2014 0 3	0	3
How to track down a dishonest UF? Splunk allows you to assign host, source, and sourcetype (metadata) to all indexed events. These can be setup static... by Lowell Super Champion in Getting Data In 01-02-2014 2 6	2	6
Windows Folder Size Monitoring? All, I've looked at a couple prior articles regarding this but can't seem to find any solutions on the Windows side.... by mcrawford44 Communicator in Getting Data In 01-02-2014 0 3	0	3
Can crcSalt be applied to a specific subdirectory in a monitored directory? My inputs.conf is configured to monitor a directory with may different subfolders, and each contains different types ... by mthierbel Explorer in Getting Data In 01-02-2014 2 5	2	5
Indexing not working, how can I correct "BTree child has invalid invalid offset error" in custom index? We recently had to move our splunk installation & indexes to a new AWS instance, which was somewhat complicated due t... by sheilatabuena Engager in Getting Data In 01-02-2014 1 4	1	4
Timezone Configurations I have events that are sent in UTC. I have specified in props.conf TZ=UTC for the source. However, when I search for ... by agodoy Communicator in Getting Data In 01-02-2014 0 2	0	2
Configuring Blocklist and Correlation Search I have followed the doc on how to configure blocklists; however, I am running into an issue because my new blocklists... by cedarcrestonese New Member in Getting Data In 01-02-2014 0 1	0	1
can I configure universal forwarders to forward to multiple splunk indexers? I tried to add more than one forward server to an universal forwarder. But it seems that only one can stay active. r... by csclement Engager in Getting Data In 01-02-2014 0 5	0	5
Incorrect event time in Splunk Hi, we recently changed platforms that we host some of our services on, and one of the changes included switching fro... by brettcave Builder in Getting Data In 01-02-2014 1 6	1	6
Managing reports for multiple timezones We currently have 4 servers that send data to the Splunk indexer. Each server is located in US/Eastern, however each ... by sc0tt Builder in Getting Data In 01-01-2014 0 4	0	4