Getting Data In

Community Activity

how do I remove a source Ok, this is massively frustrating. I downloaded Splunk and installed it on my computer. I ran through the tutorials j... by juriggs Path Finder in Getting Data In 07-08-2013 2 3	2	3
can I pass additional source info from inputs.conf Is it possible to pass extra info from inputs.conf? e.g. [inputs.conf] [default] host = my_host [monitor://somepat... by jangid Builder in Getting Data In 07-08-2013 0 3	0	3
More than one inputs.conf / config directory Hello fellow splunkers, I know about $SPLUNK_HOME/etc/system/local/inputs.conf and using wildcards to minimize the a... by Comradin Engager in Getting Data In 07-08-2013 1 2	1	2
Howto remove sources to not show up on the summary page anymore We are running Splunk version 5.0.1, build 143156. We mistakenly indexed thousands of log files with each file havin... by bshamsian Path Finder in Getting Data In 07-05-2013 0 3	0	3
Anyone using Meraki Presence API to send AP stats to Splunk REST API? Meraki cloud controller allows you to configure a secret and POST URL (to your server) in order to send JSON post fil... by bwindham Path Finder in Getting Data In 07-05-2013 1 1	1	1
indexing load balancing with [script] input Hello, We have set up a small splunk cluster, with 3 indexers getting data from universal forwarder, which is config... by akazarov Path Finder in Getting Data In 07-05-2013 0 5	0	5
Scripted Input Windows Batch - stdout not in the log Hello, i have written a batch file within windows to get some data: wget.exe -O status.txt http://192.168.178.XXX/S... by Matthias_BY Communicator in Getting Data In 07-05-2013 0 4	0	4
Unable to see tags on REST API output I've indexed some web server logs and than I've assigned a tag to the status field, so I can receive the tag name ins... by markov00 New Member in Getting Data In 07-05-2013 0 2	0	2
Breaking two different events how ? How to break two events together ? I need the cloudCover and update to be line break. BREAK_ONLY_BEFORE=cloudCover B... by sbnoobbb Path Finder in Getting Data In 07-04-2013 0 1	0	1
Duplicate Event I am extracting logs using REST webservices and its a 3rd party application that maintains the logs. I have to poll ... by msn2507 Path Finder in Getting Data In 07-04-2013 1 2	1	2
Date problem with indexed events (month / day to day / month) Hello, I'm with a problem that started 07/01/2013. The pattern for date usually is month/day/year, but for some reas... by alvaromoraes Path Finder in Getting Data In 07-04-2013 0 3	0	3
Split _raw column Hi., I have the following information in the _raw column. Jul 4 15:41:10 name.domain.net Jul 04 2013 14:41:10: %ASA-... by resparis New Member in Getting Data In 07-04-2013 0 1	0	1
hour component of timestamp ignored, because there is no minute component I would like to extract this timestamp: 2013-07-03,8 with %Y-%m-%d,%H but I am unable to that because: If <st... by imrago Contributor in Getting Data In 07-04-2013 0 3	0	3
Access Splunk Universal Forwarder with Splunk CLI without Login? What? Is it possible to access a universal forwarder with the splunk client (/opt/splunk/bin/splunk) without supplyin... by peter_krammer Communicator in Getting Data In 07-04-2013 0 2	0	2
WARNING: Illegal entry in configuration file: SHOW_FIELDNAMES="yes" when using 2.0.2 of Check Point OSPEC LEA application? I recently installed the Splunk Add-on for Check Point OSPEC LEA application (2.0.2), and my logs are being indexed. ... by jbsplunk Splunk Employee in Getting Data In 07-03-2013 4 4	4	4
data filtering(?) question Hi, In our website, all the visitors get SESSION_ID. for example, [no=1 visit_time=2013/07/02 09:30:30 session_id=aa... by hylee Explorer in Getting Data In 07-03-2013 0 2	0	2
Splunk_OPSEC_TA: how can I pull the OPSEC .p12 cert from the Check Point management server without having to use Splunk web? Are there any command line tool? I've disabled SplunkWeb on my indexers and don't really want to re-enable it just to perform this function. Is there ... by jbsplunk Splunk Employee in Getting Data In 07-03-2013 4 1	4	1
Universal Forwarder can't be uninstalled by another user Dear Splunkys, I installed the Universal Forwarder on 3 different machines in the same domain testwise (all windows ... by jan_wohlers Path Finder in Getting Data In 07-03-2013 2 2	2	2
Change hostname transform We have a host where logs are aggregated already. I want to Splunk these logs. The source host for the logs is in the... by BryanBerry Path Finder in Getting Data In 07-02-2013 0 4	0	4
how to disable the data for metrics.log ?? Hi.. How can i disable / restrict the data to the metrics.log at forwarder level...can anyone pls help. i have chang... by rakesh_498115 Motivator in Getting Data In 07-02-2013 0 4	0	4
OPSEC LEA Linux App - does not connect I am using Splunk 5.03 installed on Ubuntu. I installed the OPSEC LEA App for Checkpoint log analysis. I was able to ... by coonsmatthew Explorer in Getting Data In 07-02-2013 0 9	0	9
How do I install the Cisco Firewall add-on? How do I install and configure the Cisco Firewall add-on: http://www.splunkbase.com/apps/All/4.x/app:Cisco+Firewalls... by Will_Hayes Splunk Employee in Getting Data In 07-02-2013 2 4	2	4
Application and Services Event Logs not appearing Hello, We are trying to setup Splunk to monitor custom application event logs that are already added to the event vi... by aaronkorn Splunk Employee in Getting Data In 07-02-2013 0 1	0	1
2 year retention policy Hi guy, how do I go about setting a limit on our data retention. I need the data on the indexer to be deleted after ... by AaronMoorcroft Communicator in Getting Data In 07-02-2013 0 1	0	1
CISCO 1841 Syslog Hello, I´have configured a router (CISCO 1841) to send syslog messages to my workstation that i´have install the spl... by INEM New Member in Getting Data In 07-01-2013 0 1	0	1