Getting Data In

Community Activity

Average over time I apologize if this has already been posted, but I think I am not really sure how to word the question. I am ingestin... by bcross64 Explorer in Getting Data In 10-08-2013 1 2	1	2
DB Connect with SHP - multiple Java bridge processes? If I'm attempting to provide a bit of redundancy / high availability for my database inputs by installing DB connect ... by sowings Splunk Employee in Getting Data In 10-08-2013 0 3	0	3
HTTPS authenticated input source I have some data that I can access from Web Browser (via authenticated HTTPS). The data is plain text. I would like... by vijayansundarar New Member in Getting Data In 10-08-2013 0 10	0	10
Timestamp not added to CSV correctly I've set up a DBConnect database input with output.format=csvh and output.timestamp=1. When rows are read, the times... by richgalloway SplunkTrust in Getting Data In 10-08-2013 0 1	0	1
log with key value pair or transforms.conf performance diffrence? Hi, to gain index size I made the log format as below. I didn't use key value pair. 20121101095842\|192.168.1.2\|KRQQ... by jazzythemartian New Member in Getting Data In 10-08-2013 0 4	0	4
help with event filtering - excluding events before indexing I have an overload of events no one wants and are eating up our license so I did the following and it is not working... by ebailey Communicator in Getting Data In 10-08-2013 0 6	0	6
Question on monitoring file Hi i am trying to monitor some file in var/log on ubuntu. There is 4 file (auth.log,auth.log.1,auth.log.2.gz,auth.log... by darksky21 Path Finder in Getting Data In 10-08-2013 0 10	0	10
Splunk not receiving syslog messages Hi All, I've installed Splunk on a Windows 2008R2 server and am trying to get it to receive syslog messages on the d... by jslater Engager in Getting Data In 10-07-2013 1 3	1	3
Persistent Queues and index clustering I've recently increased queue sizes on our indexers in our index cluster manually (editing the inputs.conf on the ind... by ckurtz Path Finder in Getting Data In 10-07-2013 0 3	0	3
Extraneous Space in Timestamp I read in syslog data from a network appliance that uses space delimited fields and have been experiencing an issue i... by wbordeau Explorer in Getting Data In 10-07-2013 0 2	0	2
Bad request error from C# API I am attempting to connect to our Splunk API instance via the C# API to do a search and I am receiving a 400 Bad Requ... by wdthem Explorer in Getting Data In 10-07-2013 0 2	0	2
json in splunk is ignoring the timestamp Hi I currently have the following json in splunk: {"first_name": "john", "last_name": "black", "timestamp": "2013-09... by anthonycopus Path Finder in Getting Data In 10-06-2013 1 1	1	1
Whitelist not matching I have a whitelist to limit how far back splunk looks to import our syslogs from our ASA. The regex that I am using i... by ejbrownie New Member in Getting Data In 10-05-2013 0 2	0	2
How to seperate different index and sourcetype? HI, I have one Splunk server. I would like to receive data from some servers and network devices. 1 I would send F5... by johnwyane New Member in Getting Data In 10-05-2013 0 3	0	3
Getting interesting field's data for Custom Command's Calculation Hi everyone, I am doing a custom command for some calculation, and i needed one of the fields which I have loaded in ... by bloodstrife Engager in Getting Data In 10-04-2013 0 3	0	3
How would i calucate the no of days that the data is present in my indexes ?? Hi.. I have certain indexes say "myperf" and "myapp" of 60 GB Size . Now in these indexes i need to calucalte how ma... by rakesh_498115 Motivator in Getting Data In 10-04-2013 0 1	0	1
Field Extraction I am trying to extract a field from the following lines but the field extraction does not result in a Field. The samp... by gjohnson New Member in Getting Data In 10-04-2013 0 4	0	4
Using Splunk Uni Fwd 6.0, on Splunk 5.0.2 Backend Can I start deploying 6.0 Splunk Forwarders, while I plan my migration from 5.0.2 Backend ? I have some realife case... by Ulfb Explorer in Getting Data In 10-04-2013 0 1	0	1
Input First Line of File I have the requirement of inputing only the first line of a file. The first line is of interest then the rest of the... by cdobie New Member in Getting Data In 10-03-2013 0 1	0	1
transforming timestamps We have JSON data coming into Splunk. When it appears in Splunk the events shows a timestamp like 10/2/13 7:07:26.00... by amanteja Path Finder in Getting Data In 10-03-2013 0 4	0	4
Ingesting file data I have a Powershell script that is writing data about sessions for an application to a file every 5 minutes so the fi... by bcross64 Explorer in Getting Data In 10-03-2013 1 1	1	1
Indexer ignoring Time_Format settings in forwarder props.conf I have events in plain text format like this: "[Process Id:3952 Thread Id: 4152] 03/10/2013 12:44:58 GetComponentDet... by hastingsjay New Member in Getting Data In 10-03-2013 0 5	0	5
KV_Mode Splunk 6 not Working We have an XML log file that properly gets extracted in Splunk 5, but in Splunk 6 it doesn't properly identify the ev... by slierninja Communicator in Getting Data In 10-02-2013 0 1	0	1
How do you show sourcetype of a monitor on a Universal Forwarder 5.0.4 via CLI I set a source override for a monitor in Splunk version 5.0.4 Example: splunk add monitor /var/log/maillog-in -source... by myou Explorer in Getting Data In 10-02-2013 0 1	0	1
Does a windows install of splunk know what $SPLUNK_HOME means in a config file? Exactly what the title says. I am writing an app to set up SSL that will be deployed on windows forwarders. I am just... by msarro Builder in Getting Data In 10-02-2013 0 2	0	2