Getting Data In

Community Activity

whitelist syntax - inputs.conf I'd like to index files in /DIR/autosys/logs as below; Linux equivalent: cd /DIR/autosys/logs ls appua1START_MT* ... by nathanlhopkins Path Finder in Getting Data In 05-22-2013 1 5	1	5
Add File Date Info to Monitored File Date I have a folder that a user puts files in on a semi regular bases. I monitor the folder for new files and put the it... by hartfoml Motivator in Getting Data In 05-22-2013 0 2	0	2
Timestamp recognition Hi, I have successfuly extracted a timestamp. However, I need Splunk to recognised it as the event timestamp. Please... by elaine0102 Explorer in Getting Data In 05-22-2013 0 11	0	11
How can i use whitelist to allow only the required data from eventlog? Hello, i would like to forward only my program related data from e.g. Program A: error occurred at step 6!! How can ... by linu1988 Champion in Getting Data In 05-22-2013 0 3	0	3
WMIでWindowsイベントログが取得できない WMIでのWindowsイベントログ取得について教えてください。 [データ入力] - [リモートイベントログの収集]から設定をしていますが、対象マシンのIPアドレスを入力し、[ログのサーチ]ボタンをクリックすると、以下のエラーが発... by pisc Explorer in Getting Data In 05-21-2013 0 5	0	5
Monitor Universal forwarder Hello all, I have somme issue with my universal forwarder and I would like to monitor the logs file of my forwader (... by ludoz13 Path Finder in Getting Data In 05-21-2013 2 2	2	2
Assign environment and role data to a monitor stanza Hello, I am test driving splunkstorm and I am very new to the ecosystem. Here is what I am trying to do: I have web... by feedmagnet New Member in Getting Data In 05-21-2013 0 3	0	3
inputs.conf ignore older than typo Splunk continues to throw an error about the ignoreOlderThan flag on a windows UF. Any ideas? Checking conf fi... by aaronkorn Splunk Employee in Getting Data In 05-21-2013 0 5	0	5
How to read logs in Tabbed text format OK - I'm a NUB here and experimenting with SPLUNK. I have some log files that are saved in a TAB/Columned format. [ex... by eritzman New Member in Getting Data In 05-21-2013 0 2	0	2
Splunk remote windows data collection Hello, We are looking at using the universal forwarder to collect remote windows data from event logs from approx 11... by aaronkorn Splunk Employee in Getting Data In 05-21-2013 0 4	0	4
Overwrite timestamp with two variables I am attempting to overwrite the timestamp Splunk has assigned to each event, with a field which holds an events mont... by pwjones89 Engager in Getting Data In 05-21-2013 1 3	1	3
Using the linkedin API to import my network into splunk Does anyone know if there is already an app or project that will allow me to import all my linkedin data into splunk?... by unixbox Engager in Getting Data In 05-21-2013 2 1	2	1
blacklist not working Hi, I have an inputs.conf that is picking up a file that I want blacklisted. The file name is summary_1.diag. I thou... by a212830 Champion in Getting Data In 05-21-2013 0 1	0	1
how to discard lines of an event, not the entire event hello, I am trying nullQueue but I think it discards the entire event, is there a syntax that just discards lines bu... by alexl1 Path Finder in Getting Data In 05-20-2013 2 3	2	3
Calculate number of events between time intervels Hi, I would like ti calculate number of events between time in my search. There are 2 status, exceed & within in my ... by marellasunil Communicator in Getting Data In 05-20-2013 0 2	0	2
disk usage for indexer Hi, Is there a way to track disk usage per day for indexes? by a212830 Champion in Getting Data In 05-20-2013 0 9	0	9
Need help with event breaking in XML log file I have a log file that looks like the below. Events are denoted by a messages tag, with each having a timestamp tag. ... by halr9000 Motivator in Getting Data In 05-20-2013 1 2	1	2
input data placed on FTP Hello! I have Splunk installed on Linux and FTP which are placed logs. I mount FTP-folder on Splunk's Linux computer... by ryastrebov Communicator in Getting Data In 05-20-2013 0 6	0	6
Would the forwarder resend the previous data if all my indexer's eventdata is removed? My deployment is: 1 Forwarder + 2 Indexers + 1 Search head. I have specified a monitor in the forwarder and the forwa... by nickcode Explorer in Getting Data In 05-20-2013 0 1	0	1
How to specify an index for storing data from forwarders How to specify different indexes for storing data of different source(sourcetype)? The data is coming from remote for... by nickcode Explorer in Getting Data In 05-20-2013 0 6	0	6
Moving Index stanza from one app to another within the same Splunk Instance I am currently in process of migrating an index from the indexes.conf configuration file in one app to another app wi... by Dark_Ichigo Builder in Getting Data In 05-19-2013 0 2	0	2
How to set sourcename of TCP input via CLI? The CLI command "add tcp ..." does not allow one to set the sourcename of the input source that it creates. How can... by giraffe Explorer in Getting Data In 05-19-2013 0 2	0	2
How to setup usage of 2 auto-load balanced indexers We have 2 production auto-load balanced indexers that are currently getting all of our production data. Both runnin... by mfrost8 Builder in Getting Data In 05-19-2013 0 5	0	5
Why does /foo/mr/bar match /foo/bar in a monitor I see in the docs for inputs.conf that a monitor with /foo/mr/bar will match /foo/bar Can someone explain why th... by cramasta Builder in Getting Data In 05-18-2013 3 3	3	3
Monitor size and last modification only for a single file on Unix filesystem We have some log files that we monitor as heartbeat for some daemon processes. These files contain a large level of ... by mflamerich Explorer in Getting Data In 05-18-2013 0 3	0	3