Getting Data In

Community Activity

Edit of Time_format in props.conf on Cluster Master does not strike through Hello Community, My Setup is 1 SearchHead, 1 Cluster Master, 2 Indexers and a bunch of Forwarders. A logfile looks s... by yAlff Path Finder in Getting Data In 08-20-2013 0 1	0	1
Reduce Splunk Forwarder RAM usage We are using a splunk universal forwarder on our virtual server systems and noticed that every instance uses about 70... by FRoth Contributor in Getting Data In 08-20-2013 0 2	0	2
Email data/content to Splunk index? Has someone come up with a way to send an email that would inject the contents of the email into Splunk? by the_wolverine Champion in Getting Data In 08-19-2013 0 3	0	3
CSV Timestamp issue I am struggling to get splunk to parse the timestamps properly in a CSV file (Firefox Web History log exported to CSV... by drangzt New Member in Getting Data In 08-19-2013 0 4	0	4
Can a forwarder get data from multiple servers ??? Can a forwarder get data from multiple servers ??? by 498773 Explorer in Getting Data In 08-19-2013 0 5	0	5
Syslog data source and Splunk 5.0.3 on Windows 2008 After the upgrade to Splunk 5.0.3, my syslog data sources suddenly stopped to work. Using MS Network Monitor and Wire... by mas Path Finder in Getting Data In 08-19-2013 0 3	0	3
Can I run two SEDCMDs together in one I see this article: http://splunk-base.splunk.com/answers/46024/multiple-sedcmds But I also see this in the document... by wbfoxii Communicator in Getting Data In 08-16-2013 1 6	1	6
CentOS 6 server Syslog forwording to Splunk server Hello, How can i forward syslog from one of our servers (CentOS 6.3) to Splunk Server (Windows 2012). Please help me... by heykumaran New Member in Getting Data In 08-16-2013 0 6	0	6
How can I determine the timestamp of events I am indexing right now? How can I determine the timestamp of events I am indexing right now? by DerekB Splunk Employee in Getting Data In 08-16-2013 3 8	3	8
Transforming events twice Hello all, Would anyone know if there is a way to apply a transform twice on two different sourcetype. Explanation: ... by OL Communicator in Getting Data In 08-16-2013 0 4	0	4
how to take confs for firewall app into pretrained defaults "syslog" sourcetype WE have a syslog ng infrastructure dumping logs and read by splunk default sourcetype "syslog" with defaut extractio... by Mag2sub Path Finder in Getting Data In 08-15-2013 0 1	0	1
How can I monitor a Splunk Cluster with Nagios? Can I monitor the cluster master node to see if all the peers are registered? by dart Splunk Employee in Getting Data In 08-15-2013 0 1	0	1
Check Point OSPEC LEA app bad ELF interpreter error I recently installed the Splunk Add-on for Check Point OSPEC LEA application (2.0.2), and when I attempt to Add a New... by jbsplunk Splunk Employee in Getting Data In 08-15-2013 5 2	5	2
heavy forwarder configuration I want to configure a server as a heavy forwarder. I'm not clear that I understand how to ship the logs from the heav... by rriley New Member in Getting Data In 08-15-2013 0 2	0	2
Data input sql - latest indexed time I created a data input from Manager. The input is a sql query that retrieves data from database. The refresh type is ... by rahulphadnis New Member in Getting Data In 08-14-2013 0 3	0	3
Time format having pipe "\|" Hi There, I am having trouble recognizing time format of %Y%m%d\|%H%M%S (e.g. \|20130813\|235858 ) I have tried using ... by saad_siddiqi Path Finder in Getting Data In 08-14-2013 0 5	0	5
automatically forward splunk data to database Ok so I am new to splunk and have an instance set up with logs from several servers feeding into it. My question is c... by nielsenr New Member in Getting Data In 08-14-2013 0 5	0	5
How can I input data from url I want to input data from url,such as http://my.site.com/dns_monitor.log How can I make it ? Thank you ! by perlish Communicator in Getting Data In 08-14-2013 0 2	0	2
Multiple log formats in a single log file hi, I've log file with multiple log formats. sample.log file Type 1: [Thu May 31 13:27:14 2012] FATAL: WARNING: The... by ChhayaV Communicator in Getting Data In 08-14-2013 0 6	0	6
Are delete events misflaged ? I got quite some events coming in, so exemplarily I copied two, one with action=add and one with action=delete Intere... by flo_cognosec Communicator in Getting Data In 08-14-2013 0 4	0	4
TCP Data Input is not accepting connections I have setup port 9990 as a TCP Data Input, but our Splunk server is not accepting connections from that port. It wor... by sephora_it Explorer in Getting Data In 08-13-2013 0 4	0	4
Field Name/Value Pairs - Searching with a Lookup Table I'm looking to read in a set of field name/value pairs from a given lookup table (using inputlookup) and then use tha... by SplunkMonster Engager in Getting Data In 08-13-2013 0 2	0	2
Special epoch timestamp recognition Can Splunk somehow recognize the following timestamp format: 1.375944219123E9 It is the epoch time written in float ... by chris Motivator in Getting Data In 08-13-2013 0 2	0	2
How to change a search into a marco filter? This is a follow up to Background exclusion The question I have now is no longer on topic with the original posted he... by cpeteman Contributor in Getting Data In 08-13-2013 1 5	1	5
Issue in using same VM for Intermediate Splunk Deployment Server and forwarder Are there any know issues in using the same machine for Splunk deployment server and Splunk Universal Forwarder ? Cur... by ssankeneni Communicator in Getting Data In 08-12-2013 0 3	0	3