Getting Data In

Community Activity

How to forward all logs in Event Viewer? I guess the title says it all. In general I want to know if there's any way of sending all Windows Event logs throug... by drberg Explorer in Getting Data In 11-08-2013 0 2	0	2
why lookup with outputnew doesn't work, when configured in props.conf Hi, I have a search with two lookups ... \| lookup user_agent_filter OUTPUT botstatus \| lookup ipnet_filter cidr AS... by marcokrueger Path Finder in Getting Data In 11-07-2013 0 2	0	2
UDP data on 516 port on a universal forwarder not showing up on splunk indexer Hi All, I have a splunk Indexer receiving data from Kiwi syslog installed on a Splunk Forwarder machine. it also rec... by rawatvineet Engager in Getting Data In 11-07-2013 0 15	0	15
Splunk for Cisco Network Devices Hi All We currently have splunk installed, and have a fleet of cisco devices feeding syslog to it. This includes: Da... by CeJay Explorer in Getting Data In 11-07-2013 0 10	0	10
How to detect that a file has been indexed I have an automated process running on a Windows server that has the Universal Forwarder installed. It drops files fo... by JeremyHagan Communicator in Getting Data In 11-07-2013 0 4	0	4
Problem forwarding Advanced IIS Logs I am experiencing an issue where my universal forwarder (v5.0.4) is not forwarding my IIS Advanced Logs to the indexe... by DaClyde Contributor in Getting Data In 11-07-2013 1 15	1	15
Event time confusion I'm having a hard time setting up forwarding and event times. Here's my situation. I have an application that creat... by OldManEd Builder in Getting Data In 11-07-2013 0 13	0	13
Same sourcetype, but different transforms per Host I have an issue where we have a sourcetype that we want to remove a transform (on the indexer) that drops some data (... by adylent Path Finder in Getting Data In 11-07-2013 0 2	0	2
Only one syslog shows up on server I have a new windows install and I can only get one syslog to show up. Any other devices I direct to send their logs... by slacknetter New Member in Getting Data In 11-07-2013 0 6	0	6
Can we Split the results based on the users and email them ? Hi.. I am trying to find the custom script which emails the conents of the search results specific to the users. I h... by rakesh_498115 Motivator in Getting Data In 11-07-2013 0 2	0	2
Universal forwarder, can a Splunk 5.0.5 forwarder forward to Splunk 6.0 indexer Universal forwarder, can a Splunk 5.0.5 forwarder forward to Splunk 6.0 indexer? by somesoni2 Revered Legend in Getting Data In 11-07-2013 0 1	0	1
Search head pooling with DNS round robin - getting logged out almost immediately after logging in? Greetings everyone. We have a moderately sized distributed deployment. We have 3 search heads pooled, and all 3 have ... by msarro Builder in Getting Data In 11-07-2013 0 5	0	5
Mean for Failed Logons to Windows I'm trying to grab the number value of all failed logons on windows logs (eventually will be failed logons per accoun... by hagjos43 Contributor in Getting Data In 11-07-2013 0 5	0	5
splunk forwarders using too many sockets I have the following config in outputs.conf for splunk forwarder installed on a linux machine. connectionTimeout = 2... by dtekas New Member in Getting Data In 11-07-2013 0 2	0	2
Blacklist pattern for distsearch.conf Does anyone have any examples of regex used in the Blacklist patterns for distsearch.conf? We are trying to limit wha... by ride76 Explorer in Getting Data In 11-06-2013 1 1	1	1
Limiting file input I have a SOAP output file that I want to do metrics on in Splunk. There is a lot of data in the envelope that is usel... by Lazarix Communicator in Getting Data In 11-06-2013 0 8	0	8
Changing inputs.conf to include previously scanned files When initially set up my splunk install is set to capture only the most recent version of a log: /path/to/log/dir/lo... by tyronetv Communicator in Getting Data In 11-06-2013 0 1	0	1
How to delete an "source type" that is tied to indexed data. I accidentally added the source type and now want to correct it. Can help? Hi, still learning Splunk and.....need to know.. How to delete an "source type" that is tied to indexed data. I accid... by nitin82pandey New Member in Getting Data In 11-06-2013 0 5	0	5
Forward data input copy to syslog without apply SEDCMD I collect my data using UniveralForwarder, them send it to HeavyForwarder. I would like to send a copy of data that ... by fabiocaldas Contributor in Getting Data In 11-05-2013 0 1	0	1
Order of operations? SEDCMD vs TRANSFORMS In the indexing process, which happens first the SEDCMD-* entries or TRANSFORMS-* entries? by Lowell Super Champion in Getting Data In 11-05-2013 3 2	3	2
How to configure a 4.1.2 forwarder to auto load balance across indexers I'm trying to figure out how to configure the forwarders to auto load balance. I saw this: http://www.splunk.com/bas... by msvoboda New Member in Getting Data In 11-04-2013 0 3	0	3
At what point do very large lookup files (csv) get indexed? After creating a very large lookup csv file splunk creates *.csv.index directories under my lookup directory. What is... by rroberts Splunk Employee in Getting Data In 11-04-2013 1 2	1	2
How to filter or extract fields before indexing time I have got very large orginal data, with events strictly formatted as "f1,f2,f3,..." most of the fields are meaningle... by crazyeva Contributor in Getting Data In 11-04-2013 0 4	0	4
Asian language support Does Splunk have problem showing Language data from Windows server? It's Korean data that we are indexing, but after... by clyde772 Communicator in Getting Data In 11-03-2013 0 2	0	2
replicationBlacklist example? I'm trying to configure replicationBlacklist but see no regex examples that are beyond a basic *.filetype: [replicat... by the_wolverine Champion in Getting Data In 11-02-2013 0 1	0	1