Getting Data In

Community Activity

LINE_BREAKER for input on an universal forwarder? I have a few universal forwarders which tail a folder structure. They send the data to a indexer where also a searchh... by dominiquevocat SplunkTrust in Getting Data In 01-10-2014 0 4	0	4
splitting data and saving the each result i have raw data like cat \| dog \| elecat \| dog dog \| ele this field name is catego result should be counting like t... by changwoo Communicator in Getting Data In 01-10-2014 1 2	1	2
Splunk adds .filepart to file name Hello, I put about 500 files on a server (between 2 directories) and was looking through the data. It seemed that m... by AlexMcDuffMille Communicator in Getting Data In 01-09-2014 0 3	0	3
Filtering events from Hadoop unstructured data I am trying to read log files from Hadoop cluster. These are unstructured files which otherwise can be filtered after... by sansri7680 Path Finder in Getting Data In 01-09-2014 0 1	0	1
Observing consistent uneven load balancing from universal forwarders to indexers I've come up with a query to see which indexers our forwarders are sending data to and the results are somewhat eye o... by Runals Motivator in Getting Data In 01-09-2014 0 1	0	1
Move indexed file! How to do to move files indexed by splunk? [monitor:///var/log/teste/teste.log] by erick_costa Path Finder in Getting Data In 01-09-2014 0 3	0	3
Trouble with DB2 timestamp. Ive added a new database connection to DB connect. My first actually. the dbx.log has the following message associa... by keithkelley1 Engager in Getting Data In 01-08-2014 1 4	1	4
Splunk 5.0.5, Does Splunk logs object deletion activity from Splunk Web ? Hi, We have a shared development environment for Splunk (version 5.0.5) where many users do create/updated/delete Sp... by somesoni2 Revered Legend in Getting Data In 01-08-2014 1 1	1	1
RT Searches and the Dispatch Directory Hello everyone, I'm having issues keeping my dispatch directory down to a manageable level. What I mean by that is f... by tnconners Explorer in Getting Data In 01-08-2014 0 2	0	2
How to filter event logs before indexing Hello everyone. I am very new to Splunk and I am trying to filter logs before they reach the indexer. I literally hit... by Szethius Explorer in Getting Data In 01-08-2014 0 5	0	5
Splunk monitor mode query i have indexed data from a directory in monitor mode ,and while checking the status of files being indexed i found an... by Mansi24 Path Finder in Getting Data In 01-08-2014 0 3	0	3
i want to convert my sample data to time stamp. i have a raw data like 123::1312:3232::429384 and trying to included to my splunk ( to add data ) the last data 4293... by changwoo Communicator in Getting Data In 01-08-2014 0 7	0	7
Forward specific index to a specific receiver Hello, i have three index : A, B, C on my heavy forwarder and i want to forward to different receiver, example : A ... by ddarmand Communicator in Getting Data In 01-07-2014 0 2	0	2
Determining which all files are already indexed in a directory which is being monitored by a monitor mode Assuming we are indexing files in a directory which is in a monitor mode, then how to determine how many files are be... by dishasaxena Path Finder in Getting Data In 01-07-2014 1 4	1	4
location of configuration for inputs set up with installer windows based forwarder We have set up universal forwarders on Windows. During the setup one can specify to monitor a specific folder and not... by dominiquevocat SplunkTrust in Getting Data In 01-07-2014 0 5	0	5
How to remove the duplicate logs or events? I have this serch string source=/xxxx/log/xxxx/server.log ERROR and i got this: 2014-01-06 13:28:33,828 ERROR xxx.... by Isaias_Garcia Path Finder in Getting Data In 01-06-2014 0 7	0	7
Archive Signing Hi, I am using a script for archiving logs from colddb to a desired location. I have used the coldToFrozenExample.py... by garima_chauhan Path Finder in Getting Data In 01-06-2014 0 3	0	3
Splunk indexing using everyother fieldname I am running into an issue with my transforms and props config files, my data is being logged properly to my index bu... by JoeSco27 Communicator in Getting Data In 01-06-2014 0 7	0	7
Getting error "no logon servers available" when i try to log onto the windows machine I have 2 splunk servers in completely separate environments. After a couple days when I try to logon to these servers... by jbsplunk Splunk Employee in Getting Data In 01-06-2014 5 1	5	1
Splunk went loco... reporting it indexed 250+ GB in half an hour when it didn't Here's the long and short of it. My Splunk instance went nuts and said it indexed 250+ GB in a very short time. I sta... by juriggs Path Finder in Getting Data In 01-06-2014 0 4	0	4
"Splunk could not get the description for this event" I am uploading evtx file(eventlog files) into a splunk(v5.0.2) manually without using forwarders. The events found in... by ChhayaV Communicator in Getting Data In 01-06-2014 0 1	0	1
Mysql Connector I need splunk Mysql connector but i could not download from splnukbase, because no download button, only Request Info... by aryputra New Member in Getting Data In 01-06-2014 0 1	0	1
TAs with redundant perfmon inputs We recently deployed the Splunk for Exchange app, and I just happened to notice that some perfmon information from th... by dlofstrom Path Finder in Getting Data In 01-06-2014 0 1	0	1
Is it possible to skip the default indexing in splunk? Is it possible to skip the default indexing that happens in splunk. I would like to get the raw data back without ind... by saipavan Explorer in Getting Data In 01-05-2014 0 4	0	4
Rotating Data to Frozen After Time Period What is the best way to rotate events into Frozen OR delete events that are older than 18 months? I can think of a f... by andrewkenth Communicator in Getting Data In 01-03-2014 1 7	1	7