Getting Data In

Discussions

Thread Info

ERROR TailingProcessor - Ignoring path

I have about 8 files of the same kind of event logs which I require Splunk to index. Splunk managed to index 6 of the...

by Contributor in

multiple indexes in distrubuted splunk environment

Before I ask my question, this is my environment. 1 forwarder 4 indexers 1 search head I am trying to set...

by Explorer in

Search that lists the configured indexes on a Splunk indexer?

Hi, Is there a search that can return the list of indexes configured on a Splunk Indexer? Or is the only way to...

by Path Finder in

More than one DEST_KEY

Can I use more than one DEST_KEY? For example DEST_KEY=_MetaData:Index,MetaData:Sourcetype FORMAT=sourcetype::VPN...

by Communicator in

Search head license violations

I'm using the forwarder license on my search head. I've disabled all inputs, and any extra apps. Yet I still get lice...

by Influencer in

Line limit for scripted inputs?

I have a script that outputs between 300 and 800 lines. The output seems to be truncated after 138 lines. Is there a ...

by Explorer in

extracting timestamp from log with one date and multiple time fields

Hi, I am unable to extract a valid _time from the following log: 0168 004 07:59:03 09:01:35 0062 asdfghj ee bon...

by Contributor in

Not able to sourcetype

I'm unable to force sourcetype from props.conf. Relatively new to splunk, am trying to setup logging of solaris /var/...

by Explorer in

sub second event sorting

We have a log file which contains a 7 digit second timestamp like the below: 08:30:00.2124216 We periodically need...

by Communicator in

W3C Fields With Light Forwarder - Still don't have it

Please advise. Linux Splunk Server 4.1.5 Light forwarder is installed on Windows IIS web Servers Trying to get W3C...

by Explorer in

Parsing fields from AIX fcstat command which looks similar to Windows INI file type headers

I am trying to extract the fields from the AIX command fcstat so I can grap SAN HBA statistics. The output of the com...

by Path Finder in

Log File not breaking correctly

Log is similar to this but with many more lines: Tue Sep 21 00:01:07 MDT 2010 No filename specified, using '*'. Tu...

by Splunk Employee in

Sample alert script that sends snmp to a monitoring tool?

Does anyone have a sample alert script that, once triggered, takes the data set handle passed to it from the Splunk a...

by Splunk Employee in

Lots of WinEventLogChannel -subscribeToEvtChannel

There are a lot of these error messages logged in splunkd.log 09-23-2010 09:31:28.062 ERROR WinEventLogChannel - s...

by Splunk Employee in

Why is Windows App producing Event Log Errors?

I'm receiving many errors (to the tune of 20GB/day from one server) in my _internal from a light forwarder. Target...

by Path Finder in

Splunk stopped following files.

Splunk stopped following data input files for changes. This happend after I was accessing https://splunk-server:8089/...

by Engager in

How do i forward to multiple indexers w/SSL

I have two indexers and a (various#) number of forwarders, how can i use SSL for all traffic between these boxes?

by Splunk Employee in

Forwarders fail to make connection to server

Frequently, our lightweight forwarders cannot connect to the Splunk server to send log tail output and we end up miss...

by Engager in

How can you regulate resource consumption when monitoring a large number of files?

If a LWF has a large number of files to monitor, what settings can be used to help ensure that consuming/monitoring t...

by Splunk Employee in

How to invoke Splunk daemon to parse newly added file right away

Since I usually turned of splunkd service on my local machine and only turn it back on when I need to do some log sea...

by New Member in

Getting Data In

Discussions

ERROR TailingProcessor - Ignoring path

multiple indexes in distrubuted splunk environment

Search that lists the configured indexes on a Splunk indexer?

More than one DEST_KEY

Search head license violations

Line limit for scripted inputs?

extracting timestamp from log with one date and multiple time fields

Not able to sourcetype

sub second event sorting

W3C Fields With Light Forwarder - Still don't have it

Parsing fields from AIX fcstat command which looks similar to Windows INI file type headers

Log File not breaking correctly

Sample alert script that sends snmp to a monitoring tool?

Lots of WinEventLogChannel -subscribeToEvtChannel

Why is Windows App producing Event Log Errors?

Splunk stopped following files.

How do i forward to multiple indexers w/SSL

Forwarders fail to make connection to server

How can you regulate resource consumption when monitoring a large number of files?

How to invoke Splunk daemon to parse newly added file right away

Splunk_TA_aws duplicated events

Onboard logs from McAfee EPO Cloud

serverclass.conf whitelist from pathname not worki...

Connect to your Azure Storage account with the Spl...

DataParserVerbose - Accepted time format has chang...