Getting Data In

Community Activity

Powershell Scripts for Splunk for Cisco UCS not working Hi everyone, I'm currently testing out the Splunk App for Cisco UCS on Splunkbase (http://splunk-base.splunk.com/a... by BenjaminWyatt Communicator in Getting Data In 07-09-2013 1 9	1	9
Limit Memory used by forwarder on Domain Controller All of our Domain Controllers are VMs with limited resources. We have the UF running on them, catching Windows Event... by wbfoxii Communicator in Getting Data In 07-09-2013 2 9	2	9
Whitelisting/Blacklisting files inside tgz files I have a bunch of .tgz files that are being regularly uploaded to a directory and I'd like to only index a subset of ... by wdhathaway Explorer in Getting Data In 07-08-2013 1 4	1	4
Extracting event date from file path hello all, I have a set of log files being created in a directory structure as: /data/hostname/year/month/day/logfil... by swdonline Path Finder in Getting Data In 07-08-2013 0 4	0	4
discard not needed events Hi, I am new to splunk, I only want to forward specific events to splunk (for example: failures)and discard the rest.... by Clovens New Member in Getting Data In 07-08-2013 0 3	0	3
How do I get unique values in form dropdown? I want the list in the dropdown to be unique values in a form. What do I have to put in the 'populatingSearch' eleme... by oriches Explorer in Getting Data In 07-08-2013 0 3	0	3
how do I remove a source Ok, this is massively frustrating. I downloaded Splunk and installed it on my computer. I ran through the tutorials j... by juriggs Path Finder in Getting Data In 07-08-2013 2 3	2	3
can I pass additional source info from inputs.conf Is it possible to pass extra info from inputs.conf? e.g. [inputs.conf] [default] host = my_host [monitor://somepat... by jangid Builder in Getting Data In 07-08-2013 0 3	0	3
More than one inputs.conf / config directory Hello fellow splunkers, I know about $SPLUNK_HOME/etc/system/local/inputs.conf and using wildcards to minimize the a... by Comradin Engager in Getting Data In 07-08-2013 1 2	1	2
Howto remove sources to not show up on the summary page anymore We are running Splunk version 5.0.1, build 143156. We mistakenly indexed thousands of log files with each file havin... by bshamsian Path Finder in Getting Data In 07-05-2013 0 3	0	3
Anyone using Meraki Presence API to send AP stats to Splunk REST API? Meraki cloud controller allows you to configure a secret and POST URL (to your server) in order to send JSON post fil... by bwindham Path Finder in Getting Data In 07-05-2013 1 1	1	1
indexing load balancing with [script] input Hello, We have set up a small splunk cluster, with 3 indexers getting data from universal forwarder, which is config... by akazarov Path Finder in Getting Data In 07-05-2013 0 5	0	5
Scripted Input Windows Batch - stdout not in the log Hello, i have written a batch file within windows to get some data: wget.exe -O status.txt http://192.168.178.XXX/S... by Matthias_BY Communicator in Getting Data In 07-05-2013 0 4	0	4
Unable to see tags on REST API output I've indexed some web server logs and than I've assigned a tag to the status field, so I can receive the tag name ins... by markov00 New Member in Getting Data In 07-05-2013 0 2	0	2
Breaking two different events how ? How to break two events together ? I need the cloudCover and update to be line break. BREAK_ONLY_BEFORE=cloudCover B... by sbnoobbb Path Finder in Getting Data In 07-04-2013 0 1	0	1
Duplicate Event I am extracting logs using REST webservices and its a 3rd party application that maintains the logs. I have to poll ... by msn2507 Path Finder in Getting Data In 07-04-2013 1 2	1	2
Date problem with indexed events (month / day to day / month) Hello, I'm with a problem that started 07/01/2013. The pattern for date usually is month/day/year, but for some reas... by alvaromoraes Path Finder in Getting Data In 07-04-2013 0 3	0	3
Split _raw column Hi., I have the following information in the _raw column. Jul 4 15:41:10 name.domain.net Jul 04 2013 14:41:10: %ASA-... by resparis New Member in Getting Data In 07-04-2013 0 1	0	1
hour component of timestamp ignored, because there is no minute component I would like to extract this timestamp: 2013-07-03,8 with %Y-%m-%d,%H but I am unable to that because: If <st... by imrago Contributor in Getting Data In 07-04-2013 0 3	0	3
Access Splunk Universal Forwarder with Splunk CLI without Login? What? Is it possible to access a universal forwarder with the splunk client (/opt/splunk/bin/splunk) without supplyin... by peter_krammer Communicator in Getting Data In 07-04-2013 0 2	0	2
WARNING: Illegal entry in configuration file: SHOW_FIELDNAMES="yes" when using 2.0.2 of Check Point OSPEC LEA application? I recently installed the Splunk Add-on for Check Point OSPEC LEA application (2.0.2), and my logs are being indexed. ... by jbsplunk Splunk Employee in Getting Data In 07-03-2013 4 4	4	4
data filtering(?) question Hi, In our website, all the visitors get SESSION_ID. for example, [no=1 visit_time=2013/07/02 09:30:30 session_id=aa... by hylee Explorer in Getting Data In 07-03-2013 0 2	0	2
Splunk_OPSEC_TA: how can I pull the OPSEC .p12 cert from the Check Point management server without having to use Splunk web? Are there any command line tool? I've disabled SplunkWeb on my indexers and don't really want to re-enable it just to perform this function. Is there ... by jbsplunk Splunk Employee in Getting Data In 07-03-2013 4 1	4	1
Universal Forwarder can't be uninstalled by another user Dear Splunkys, I installed the Universal Forwarder on 3 different machines in the same domain testwise (all windows ... by jan_wohlers Path Finder in Getting Data In 07-03-2013 2 2	2	2
Change hostname transform We have a host where logs are aggregated already. I want to Splunk these logs. The source host for the logs is in the... by BryanBerry Path Finder in Getting Data In 07-02-2013 0 4	0	4