Getting Data In

Community Activity

How do I list all sources on a specific host? Hi all, How do I show all sources for a specific host? I can query for a specific host a la: host="myhost" and then h... by toomanyedwards New Member in Getting Data In 11-20-2013 0 4	0	4
splunktcpin queue full what is the impact? Hi In my splunk environment i have around 50-60 instances of splunktcpin queue blocked? what is the impact on my dat... by adityapavan18 Contributor in Getting Data In 11-20-2013 0 1	0	1
Timestamp from file with no year I have a time-stamp in format Wed Jan 25 16:36:02 EST. I can't get Splunk to match it. I tried modifying the props.c... by billysmusic Explorer in Getting Data In 11-20-2013 1 9	1	9
Indexing Json objects to Splunk Hi all, Until recently I used to print to standard output a single json object, effectively having it indexed into S... by leustean Explorer in Getting Data In 11-20-2013 1 2	1	2
Can i remove blank lines in my event ?? Hi I have an so many blanklines , and whitespaces in a single event , Now i want to strip of these blank lines , and... by rakesh_498115 Motivator in Getting Data In 11-20-2013 0 5	0	5
Implications of a SUF losing connectivity to the Splunk Indexer Hey all, I've got a setup that looks something like the following: SUF (Remote Server) -> SUF (Intermediate Forward... by bowen_denning Engager in Getting Data In 11-19-2013 0 6	0	6
Does CVE-2013-6771 require upgrading to minimum 5.0.5? The following vuln, CVE-2013-6771, appears to only be fixed in 5.0.5 and newer: http://www.splunk.com/view/SP-CAAAH7... by the_wolverine Champion in Getting Data In 11-19-2013 2 12	2	12
apache virtual hosts - custom field? I have several virtual hosts per Apache server, and I want to be able to report on them individually. I envision that... by jgauthier Contributor in Getting Data In 11-19-2013 0 4	0	4
Unable to use Whitelist and Blacklist in splunk Hi For whitelist:- I have following logs under my  directory D:/logs/abcUSEFUL.log D:/logs/xyzUSEFUL.log D:/logs/abc... by luv Explorer in Getting Data In 11-19-2013 0 3	0	3
Apache Dashboards? This might seem like a dorky question, but after searching answers and apps... I came up mostly empty. Are there any... by jgauthier Contributor in Getting Data In 11-19-2013 0 1	0	1
Failing to break multiline events I'm trying to index JVM garbage collection logs. I'm having trouble getting the event delimiting to work, however. Be... by nl_cape Explorer in Getting Data In 11-19-2013 0 2	0	2
Getting data into splunk How to change the format of the input data to our need before indexing in splunk. My original lof is in the format. S... by srajanbabu Explorer in Getting Data In 11-19-2013 1 5	1	5
Information on .conf files Hi All, I have a very basic doubt with respect to all the .conf files. I have transforms.conf , props.conf and al... by ppurokit Path Finder in Getting Data In 11-19-2013 0 2	0	2
post data to splunk, REST API Hi, I am new to Splunk and just trying to add data to it. I have a Raspberry Pi connected with temperature sensors a... by shankarbandaru Engager in Getting Data In 11-18-2013 1 1	1	1
Splunk forwarding, need information about a stanza in inputs.conf Hi, I am trying to setup forwarding on my Splunk instance and need information about the following stanza in etc/sys... by somesoni2 Revered Legend in Getting Data In 11-18-2013 0 1	0	1
ignoring the first row (column headers) in a CSV data source Hi, When i input data from files & directories in splunk, is there a way to ignore the first row (column headers) in ... by jgautreau Explorer in Getting Data In 11-18-2013 1 4	1	4
Indexing the same file twice Hi, I have an index called "XYZ" and in it i have a file called "abc.txt" and I am taking the help of a configuratio... by abhayneilam Contributor in Getting Data In 11-18-2013 0 4	0	4
ip address and hostname from fowarder I am using a host segment to set a 'hostname' (we have multiple hosts on one box) as set out below: [monitor://c:\lo... by andykiely Path Finder in Getting Data In 11-18-2013 0 6	0	6
Time Format being ignored, why? Sample log line date part: Nov 16 22:48:36 props.conf on indexer TIME_PREFIX = ^ TIME_FORMAT = %b %e %H:%M:%S MA... by tyronetv Communicator in Getting Data In 11-18-2013 0 1	0	1
Filtering of events using nullQueue I am having issues filtering data into nullQueue. I have a log where the only lines I want indexed have the string "... by flucman Explorer in Getting Data In 11-18-2013 0 3	0	3
Cisco IPS app not working Hello I have issue to make work the Cisco IPS app under splunk. I made it works the first time indexing correctly t... by rbw78 Communicator in Getting Data In 11-18-2013 2 6	2	6
日本語文字列に対するSEDCMDについて WMIポーリングで取得したWindowsイベントログをSEDCMD属性で置換したいのですが、下記のprops.confを設定してもうまく置換されません。何か対応方法ございますでしょうか。＜props.conf＞ [WMI:W... by sunrise Contributor in Getting Data In 11-18-2013 0 3	0	3
regex question in inputs.conf Hi, How would I setup a monitor in inputs.conf that looks for files that begin with "system-" and will process every... by a212830 Champion in Getting Data In 11-16-2013 0 2	0	2
Inputs.conf and special characters I have an inputs.conf file that had a monitor statement like: [monitor:///*_ECM/A/doc/abc.log] Files are NOT being ... by rmorlen Splunk Employee in Getting Data In 11-15-2013 0 5	0	5
feeding fields to an external script I've written a little python one-liner that basically calls showmount -a with an argv array at the end and my goal is... by mjones414 Contributor in Getting Data In 11-15-2013 0 1	0	1