Getting Data In

Community Activity

configuring props.conf Hi, I have configured my props.conf and mentioned the "sourcetype" but later I dont see that sourcetype listed in th... by abhayneilam Contributor in Getting Data In 04-05-2013 0 6	0	6
Splunk Equivalent of grep -A and grep -B I have a line that prints 2/20/13 6:45:45.000 PM [2013-02-20 18:45:45] FATAL so that is ok, but what i really wa... by borisalves Path Finder in Getting Data In 04-05-2013 0 8	0	8
sourcetype gets "-2" added? After setting a rather simple props entry for sourcetype [sharepoint] for our log to break events only after datestam... by mikelanghorst Motivator in Getting Data In 04-04-2013 1 1	1	1
Datetime.xml - extracting hour that does not exist Hello all, I have a series of logs that looks like this: 200312,111523 -> this means 20 March 2012, 11:15:23 am 20... by twkan Splunk Employee in Getting Data In 04-04-2013 0 1	0	1
Try to route certain WMI events to nullQueue and its not working. Why? I can tell by viewing the event in Splunk that my WMI events have the following metadata:... by the_wolverine Champion in Getting Data In 04-04-2013 1 5	1	5
Saved Search REST End Point The following URI returns the metadata information related to a saved search named "test" found in application "searc... by lpolo Motivator in Getting Data In 04-04-2013 0 5	0	5
windows event log filter my transform.conf [setnull] REGEX = . DEST_KEY = queue FORMAT = nullQueue [setparsing] REGEX =(?msi)^EventCode=4663... by soimeng Explorer in Getting Data In 04-04-2013 0 3	0	3
Can I get the length of a replacement or SEDCMD removal? If I have a SEDCMD that is removing data, can I get the length of data removed, eg: ### RAW EVENT 12:01:01 Recieved ... by dart Splunk Employee in Getting Data In 04-04-2013 2 1	2	1
how to use Universal Forwarder as an receiver and start loadbalancing Hi, i would like to use one of my universal forwarder as a second indexer. Please help me how to do it. In the seco... by rechteklebe Path Finder in Getting Data In 04-04-2013 0 1	0	1
Indexing ASA logs selectively Hello, We're planning on forwarding our ASA logs to Splunk for log correlation etc, but do not want every event to b... by nooo New Member in Getting Data In 04-03-2013 0 1	0	1
Unable to start splunkweb Trying to start a local install of the free splunk server on a red hat machine running linux 2.6.32. I am getting err... by mcculloh New Member in Getting Data In 04-03-2013 0 3	0	3
When indexing don't create an event every time EPOCH date is shown, but still index the data Hi, I'm having a bit of a headache. I am trying to index an XML file however I want the event date to be the date th... by j666gak Communicator in Getting Data In 04-03-2013 0 4	0	4
Change Windows Event Log Format Hi guys Please see below for an example of the event log I'm referring to. In a nut shell we send some logs off to... by AaronMoorcroft Communicator in Getting Data In 04-03-2013 1 2	1	2
Sending JSON Data with HTTP: Events are inconsistent Initially I used the python script to create a log handler to send out JSON formatted log message, but I notice that ... by boverhof New Member in Getting Data In 04-03-2013 0 1	0	1
Configuration for windows event logs I want to monitor windows event logs and the below is the entries of inputs.conf file. But i am not able to view the ... by p_basanth New Member in Getting Data In 04-02-2013 0 1	0	1
count of events between multiple timestamps in a single event As an example, suppose I'm trying to count the number of concurrent HTTP sessions. Events look something like the fol... by sethrife New Member in Getting Data In 04-02-2013 0 1	0	1
Indexer Latency I have one heavy weight forwarder that is collecting from over 600 Universal Forwarder. I have syslog-ng installed o... by hartfoml Motivator in Getting Data In 04-02-2013 0 4	0	4
Scheduling in db connect Hi, I want db connect to grab data at 1:00 am every day. I tried the following, and it gets spit out with an error: ... by a212830 Champion in Getting Data In 04-02-2013 0 1	0	1
How to ignore the import data Hi, I using the external data source named: firewall and I want to ignore the data "Apr 2 16:06:15 firewall de... by pansplunktest New Member in Getting Data In 04-02-2013 0 2	0	2
Windows TA deployment indexer/forwarder Basically i am trying this deployment windows hosts: Installed the Windows TA app/configured inputs.conf with proper... by sonicZ Contributor in Getting Data In 04-01-2013 0 2	0	2
How to create one event per line in scripted innput I have a scripted file input that is tailing a log file, unfortunately events are not being broken out correctly. I w... by bigtyma Communicator in Getting Data In 04-01-2013 0 3	0	3
Trim off a trailing comma before the end of an event, SEDCMD? I have a set of events, each a JSON object, separated from each other as one-per-line (SHOULD_LINEMERGE = false), but... by evan_scheessele Explorer in Getting Data In 04-01-2013 1 3	1	3
Alerting if a log file has not been written to. How do I throw an alert if a log file has NOT been written to within a certain amount of time? Say within 10 minutes. by sbyrd98 New Member in Getting Data In 04-01-2013 0 1	0	1
Filter out my own source IP Address I have my search command as source="C:\Users\L30814\Desktop\1713.log" http \| top 10 DestinationIP. What is the addit... by Kai191 New Member in Getting Data In 04-01-2013 0 3	0	3
dynamically create input.conf with multiple inputs Hello, I am a splunk user and need help/ suggestion to use splunk in specific scenario. I need to use splunk in mult... by nileshbairagi New Member in Getting Data In 03-31-2013 0 2	0	2