Getting Data In

Community Activity

How to filter out any directory starts out with "." I am monitoring a series of directories. I want to blacklist any (sub)directories that is starting with a ".". i.... by vincenty Explorer in Getting Data In 04-15-2013 0 2	0	2
Monitoring intranet Hello, I'm new to Splunk. On my server (Linux) I have splunk and a internal web site. Now I need to monitor the Wordp... by mirza94 Engager in Getting Data In 04-15-2013 0 2	0	2
Sending syslog from MachineA to ServerB..Thru port 514. Not successful. Can anyone give me any hint about this? I have splunk installed in ServerB, Windows server 2008 and i have MachineA, ... by limwesiang Engager in Getting Data In 04-14-2013 0 3	0	3
Anonymize data by editing your own custom script May I know if there is any way to anonymise/mask the data in our search results by using our own custom commands, by ... by sarahh Engager in Getting Data In 04-13-2013 0 1	0	1
How can I re-index all the data in my environment? I have a datacenter with a single Splunk server indexing data from all the local servers. I just updated all the sou... by jradkowskiAAMC Explorer in Getting Data In 04-12-2013 5 4	5	4
Extract a Value from a Field Terminology might be off, but I'll give the exact example: "The session setup from computer 'NOCSERVER_A123' failed ... by corydm New Member in Getting Data In 04-12-2013 0 3	0	3
Log file is not getting indexed We have a custom application log file which looks something like below, this file is not getting indexed with the 1s... by yogonline Engager in Getting Data In 04-12-2013 0 3	0	3
incorrect host names I extracted the host names wrong, and now I have extra names in my Splunk. Example: Server01 vs. Server1 and Serv... by lain179 Communicator in Getting Data In 04-12-2013 0 6	0	6
Does anyone know why TZ change would cause a re-index? I'm taking iis logs from an Exchange server via a forwarder on that system. Originally I had TZ = GMT on the etc/syst... by wrangler2x Motivator in Getting Data In 04-12-2013 0 1	0	1
script to run for the scheduled report Can the script take parameters? e.g. foo.sh arg_1 arg_2 arg_3 Splunk runs the script from $SPLUNK_HOME/bin/scripts/ by shangshin Builder in Getting Data In 04-12-2013 0 1	0	1
How to filter certain events so they are not returned? Our team is trying to filter out events that occur with certain tags in them. For example: [19/Mar/2013:23:59:57 -04... by Szethius Explorer in Getting Data In 04-12-2013 1 5	1	5
Indexed Data Volume from Windows Event Colector Hi, There Windows Event Collector, which collects data from multiple Windows servers. Splunk forwarder installed on t... by imoskal Engager in Getting Data In 04-12-2013 0 6	0	6
source file name discripency in the logs ? Hi .. I am indexing a file stored in /bptm_logs/pub/input/PUB_EG3/perfLog_PUB_EG3_57466.txt as soon as the file is... by rakesh_498115 Motivator in Getting Data In 04-12-2013 0 4	0	4
How do I find the DN of the Checkpoint log manager object in Checkpoint R75.40? In the documentation for LEA loggrabber it says I need to get the opsec_entity_sic_name however it's no longer given ... by dturnbull_splun Splunk Employee in Getting Data In 04-12-2013 2 3	2	3
Splunk always one event behind I've got a scripted input that is giving me a bit of a headache. My index always be one line behind. For example: My... by CaptSpify Engager in Getting Data In 04-11-2013 0 7	0	7
monitor access rights to files on a vmware vsphere server Guys can splunk help monitor the access rights for the following files on a vmware vpshere server? • etc/profile... by mritorto New Member in Getting Data In 04-11-2013 0 2	0	2
Search results send as HTTP POST automatically Hello! It is possible to make in search request? Thank you! by ryastrebov Communicator in Getting Data In 04-11-2013 0 6	0	6
Trying to only foward messages that pass a regex filter, and throw non-matchers away. I have a heavy forwarder configured to send messages to a receiver. The receiver is able to receive all the messages.... by srubik New Member in Getting Data In 04-11-2013 0 1	0	1
Installing rpm as different user and not creating splunk user Is it possible to install the universal forwarder rpm as a different user and not have the rpm create the "splunk" us... by aaronkorn Splunk Employee in Getting Data In 04-11-2013 0 3	0	3
Deleting an index due to index volume exceeded I have a 1 GB license and I would like to delete an index that causes a inflow of huge syslogs, how do I remove it in... by oranger1426 Explorer in Getting Data In 04-11-2013 0 2	0	2
fschange deprecated; what options are available The 5.0 release documentation states that fschange is deprecated. We use this extensively for configuration change d... by joonradley Path Finder in Getting Data In 04-11-2013 1 7	1	7
Identifying Windows hosts I am trying to identify "windows hosts" that are logging to my Splunk indexer. Unfortunately, neither the hosts/serv... by steveirogers Communicator in Getting Data In 04-10-2013 0 8	0	8
Configure NET-SNMP (Windows) for Splunk to send traps to NMS I am having a heck of a time understanding NET-SNMP configuration and am hoping that has successful done this for win... by mship Path Finder in Getting Data In 04-10-2013 1 4	1	4
source:: rule in props.conf ignored? I have an inputs.conf that looks like this: [monitor:///syslog/.../*.log] host_segment = 4 sourcetype = syslog igno... by sowings Splunk Employee in Getting Data In 04-10-2013 1 5	1	5
MVExpand help I asked a question earlier regarding the preformatting of a csv report which several multivalue fields (Preformat Aut... by rlautman Path Finder in Getting Data In 04-10-2013 1 4	1	4

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS) We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

Getting Data In

How to filter out any directory starts out with "."

Monitoring intranet

Sending syslog from MachineA to ServerB..Thru port 514. Not successful.

Anonymize data by editing your own custom script

How can I re-index all the data in my environment?

Extract a Value from a Field

Log file is not getting indexed

incorrect host names

Does anyone know why TZ change would cause a re-index?

script to run for the scheduled report

How to filter certain events so they are not returned?

Indexed Data Volume from Windows Event Colector

source file name discripency in the logs ?

How do I find the DN of the Checkpoint log manager object in Checkpoint R75.40?

Splunk always one event behind

monitor access rights to files on a vmware vsphere server

Search results send as HTTP POST automatically

Trying to only foward messages that pass a regex filter, and throw non-matchers away.

Installing rpm as different user and not creating splunk user

Deleting an index due to index volume exceeded

fschange deprecated; what options are available

Identifying Windows hosts

Configure NET-SNMP (Windows) for Splunk to send traps to NMS

source:: rule in props.conf ignored?

MVExpand help

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation