Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

wrong HOST value

Hi, I have a forwarder sending a syslog file to the receiver. The syslog has entries like: Jul 27 09:50:21 ip-...

by Engager in

websphere logs indexing more then they should

A websphere server, in particular the websphere_trlog appear to be getting over indexed by a huge amount Checking ...

by Splunk Employee in

Performance impact of fschange on C:\windows\* ?

Has anyone put into production an input stanza that runs an fschange on all of C:\windows? A) what is the performa...

by Motivator in

Rest api for Splunk 4.0.3

I am trying to figure how to use the rest api. I can't find much documentation on it for 4.0.3.

by New Member in

Splunk audit log in syslog output

I have my splunk instance set up to receive data on a TCP port, sourcetype it, then output it with to a Splunk receiv...

by Communicator in

Summary indexing

Hi all, Quick question about summary indexing: I have this configuration in the savedsearches.conf [esxtop_G...

by Splunk Employee in

Problem with routing/forwarding to a specific index.

I have a bunch of light forwarders sending data to a central heavy forwarder which then sends the data to the main in...

by Path Finder in

Monitoring of specific files and folders

Hi, I like to monitor certain folders(for eg. C:\myfolder) and its subfolders/files on a windows server. I've enab...

by Contributor in

Unable to capture correct timestamp?

hi, I'm trying to configure splunk to display the time based on the event. The event's timestamp format is some...

by Contributor in

How to disable splunk-regmon.exe?

The process splunk-regmon.exe is running 95%-99% CPU (Splunk 3.1.4, WinXP SP3 as a VM in VMware Fusion 3.1.1). How do...

by Explorer in

When should I restore from backup?

What events should I be watching for in my Splunk logs? Does anyone have a list of specific error codes that would in...

by Explorer in

Indexer is slowing down

I'm having problems with indexing a particular log source, which is slowing down. It started off strong but continues...

by Communicator in

Search App - Earliest Event not Updated when events are archived

Hello all, Not sure if anyone has encountered this before, but I have events that are purged off but when I am in ...

by Path Finder in

Time stamp separated by a tab

Hello guys, Been trying to get this to work but to no avail... I have a CSV file that goes like this: pid ho...

by Path Finder in

IDS and unauthorized device detection.

Splunk is currently indexing the logs for all of my companies switches and routers. It's a mishmash of Dell and Cisco...

by Path Finder in

Translating an event into a table

Hi all, is there a way to translate this event into a table? This is what I get with my search string: index="vmwa...

by Splunk Employee in

Can't get sourcetype right

Hi. Seems like a lot of people have a question similar to this, but maybe I am missing something simple. I'm moni...

by Builder in

Central Syslog-NG server, extra headers, and field extraction

We run a central Syslog-NG server, which all the logs for the servers and devices we care about get sent to. We use t...

by Explorer in

Excluding folders with monitor input

I have a folder containing logs as below. I want to exclude all directories not named DONTINDEX_* and index the conte...

by Path Finder in

maxDist value varies (in forwarders)

I've noticed that the maxDist value in the props.conf on various lightweight forwarders varies. I've never explicitly...

by Communicator in

Getting Data In

Discussions

wrong HOST value

websphere logs indexing more then they should

Performance impact of fschange on C:\windows\* ?

Rest api for Splunk 4.0.3

Splunk audit log in syslog output

Summary indexing

Problem with routing/forwarding to a specific index.

Monitoring of specific files and folders

Unable to capture correct timestamp?

How to disable splunk-regmon.exe?

When should I restore from backup?

Indexer is slowing down

Search App - Earliest Event not Updated when events are archived

Time stamp separated by a tab

IDS and unauthorized device detection.

Translating an event into a table

Can't get sourcetype right

Central Syslog-NG server, extra headers, and field extraction

Excluding folders with monitor input

maxDist value varies (in forwarders)

Data Onboarding Strategy

Module 4 data upload fail without errors

serverclass.conf whitelist from pathname not worki...

How to produce stats with based on a field clientI...

Connect to your Azure Storage account with the Spl...