Getting Data In

Community Activity

Out of Band Forwarder We have an out of band (OOB) management network that does not route to our production network. It is on physically di... by antlefebvre Communicator in Getting Data In 09-04-2013 0 2	0	2
Wildcard for Custom WinEventLogs Our programmers code events to custom logs stored in the WinEventLog viewer. Instead of having to update the inputs.... by jodros Builder in Getting Data In 09-03-2013 0 3	0	3
Can i assign a role with Idle session time out value ?? Hi.. I have a specfic set of users with role name "myapp-testers" , now the users associated with this role when the... by rakesh_498115 Motivator in Getting Data In 09-03-2013 0 3	0	3
Only include events that match a list of 2000 different users I have some logs that can include any one of 50,000+ users. But, i only need to index and keep a subset of that -- ap... by johnjohnson2 Explorer in Getting Data In 09-03-2013 0 7	0	7
Splunk indexer is trying to establish connections on forwarder systems on ports 80, 443 and 8089. Why? I have had a number of systems set up with a splunk forwarder. The forwarders are sending data, and our main splunk i... by wrangler2x Motivator in Getting Data In 09-03-2013 0 4	0	4
Splunk 5.0.4 migration - Should the forwarder be stopped while migrating the indexer ? Hi Everyone, First a few words about my setup. I have a distributed setup with the following nodes IndexerSearch ... by spiketide Engager in Getting Data In 09-03-2013 0 1	0	1
e-mail body indexing Hello, I'd like to ask the community, if there is possible to index somehow the body of e-mails sent through MS Excha... by hepterida Explorer in Getting Data In 09-03-2013 0 1	0	1
ArcSight and Splunk Hi, From you earlier post, I understand that you have integrated Splunk with ArcSight and so I would request if you ... by rakeshmukherjee New Member in Getting Data In 09-02-2013 0 2	0	2
データの中身からタイムスタンプを生成する方法 SplunkForwarderを使って特定のフォルダ上に生成されるテキストファイルをSplunkに転送しています。そのテキストファイルの中身が以下のようになっています。 No. : 3990Time: 1960936063... by Masahito Engager in Getting Data In 08-31-2013 0 6	0	6
Top ten Apache errors by error message I am trying to find the top ten Apache errors based on the error message. Error message or message isn't a default f... by msacks Explorer in Getting Data In 08-31-2013 1 6	1	6
COnfused about TimeZones Hi folks, I've searched for an answer to this but haven't found anything that matches what I'm experiencing. For cla... by ocallender Explorer in Getting Data In 08-30-2013 0 1	0	1
forwarder inputs.conf to watch multiple paths I've tried a bunch of different things on my Forwarder to get it to watch 2 different paths, and blacklist one folder... by cthacker Explorer in Getting Data In 08-29-2013 0 3	0	3
Rotate Logs Faster than 5 minutes I am missing logs. My logs rotate faster than 5 minutes, anywhere greater than 1 min. It seems that every 5 minutes... by fk319 Builder in Getting Data In 08-29-2013 0 5	0	5
LEA Loggrabber CDATA ExecProcessor error Hi, I have the lea-loggrabber.sh script correctly pulling data via OPSEC from multiple firewalls. However my logs ar... by krugger Communicator in Getting Data In 08-29-2013 2 3	2	3
inputlookup question, can't find answer anywhere I have a lookup which works, it's not matched to a field, it has to search in the raw event. [\|inputlookup MyFile.csv... by jonbalderston Explorer in Getting Data In 08-29-2013 1 4	1	4
How do I control the trace line _time field I have a log file with traces of the format: [source name] [level] [id]: [Time] [trace message] Splunk auto identifi... by avitallange Explorer in Getting Data In 08-29-2013 0 1	0	1
Can I configure my deployment server to send deployment related logs to another splunk for searching? I have a dedicated machine for my splunk forwarder configuration deployment server. I would like to send the deploym... by juniormint Communicator in Getting Data In 08-29-2013 0 1	0	1
duplicate event Hi all, my input.conf is : [monitor:///Users/user1/log.txt] disabled = false followTail = 1 sourcetype = log_test01 ... by msn2507 Path Finder in Getting Data In 08-28-2013 0 7	0	7
Delete line with all hex 0 ie \x00 We have a very strange file where the first line has hundreds of \x00 values. ex. the following times 50.... \x00\x0... by 65pony Explorer in Getting Data In 08-28-2013 0 3	0	3
Check Point OPSEC LEA configured but nothing return I've configured the Check Point OPSEC LEA and the connection is fine. State is enabled. When I do a search with sourc... by daniel_splunk Splunk Employee in Getting Data In 08-28-2013 1 1	1	1
How can I set host for TCP input to deploy client machine? I'm using the configuration deployment server to manage a bunch of forwarders. One of the apps that they get has inp... by juniormint Communicator in Getting Data In 08-28-2013 0 7	0	7
-output tableの動作について CLIで「splunk search "index=_internal \| table _raw" -output csv -maxout 10」のように「-output csv」を使う場合、「_raw」の内容が表示されるが、「spl... by cwl Contributor in Getting Data In 08-28-2013 0 1	0	1
group by date? Hi folks, Given: In my search I am using stats values() at some point. I am not sure, but this is making me loose tr... by theeven Explorer in Getting Data In 08-28-2013 0 4	0	4
Universal Forwarder buffering during Indexer outage? Say I have a UF set up to monitor a file – let’s call it /var/log/syslog-stats.log – which rotates every day (syslog-... by brettw10 Explorer in Getting Data In 08-28-2013 1 1	1	1
How to reduce historical data length? My main Splunk index is near it's max size (~500GB). Instead of filtering out more data (nullQueue) I'd like to look... by echojacques Builder in Getting Data In 08-28-2013 0 3	0	3