Getting Data In

Ask a Question

Discussions

Thread Info

How to monitor a folder in Windows ? C:\Windows\assembly

I would like to monitor assembly folder in windows. Path :- C: \Windows \assembly I have set the inputs.conf in Un...

by Contributor in

SEDCMD to anonymize CC data isnt working

Hi, Ive been playing with the SEDCMD in my props.conf to anonymize CC data in a log. Originally I tried this:...

by Explorer in

Indexing only specific fields in an event

I want to index only specific fields like error status in an event and discard the rest. How do I set splunk to do th...

by Path Finder in

Inputs.Conf - Historical Logging - Chicken and the Egg?

I know that you can control the Universal Forwarder to grab historical event logs from Windows using "current_only = ...

by Path Finder in

Inputs.conf $decideonstartup

Anyone know why 5.0.1 UFs are reporting data in with host name of $decideonstartup. Looks like this setting was added...

by Path Finder in

To monitor a Folder in Windows Server ?

I need to monitor the Assembly folder in Windows Server : [monitor://C:\Windows\assembly] index=Assembly_monitor t...

by Contributor in

syslog priority/level not logged?

Is there any way to distinguish the various priorities/levels of syslogged messages when viewed from Splunk? I don't ...

by Path Finder in

Adavanced searches are too slow since they don't seem to make use of indexes

Hey folks, Long time Splunk fan here. Initially when we started using Splunk, our queries were simple, and so sear...

by Explorer in

Splitting sourcetype from a monitor input stanza

I am using a Universal Forwarder to monitor the following directories and files, but somehow it is not routing it to ...

by Path Finder in

Cisco IPS app not working - Error connecting to sensor

I've "configured" the Splunk for Cisco IPS application, but I'm getting the following back from the scripted input: ...

by Loves-to-Learn in

Have Alert on indexer send SNMP Traps to CA Spectrum network management server

I have an alert on my windows 2008R2 indexer that calls sendsnmptrap.cmd (see link to script below). My question is i...

by Path Finder in

TIme Zone in Splunk

Why time zone in Splunk 5.0.2 for Moscow (Russia) is +3? Must be +4!

by Engager in

$decideOnStartup Remote Perfmon

Hi Everyone. Perfmon logging used to work for me by placing what should have been in perfmon.conf into inputs.conf...

by Communicator in

DBX: when is the line "dbx-end-of-event" printed?

I have a database input configured: [dbmon-tail://spa/dwf_rdfdirector_r] host = spa index = emc interval = auto ...

by Explorer in

splunk netflow problem

the nfdump log timestamp is way off. The date is off by more than a month. Every entry is Nov 13 at 3 AM. I have conf...

by New Member in

TCP listener answered not all connections

I have the problem, that the TCP listener on indexer xxpu031 answered not all connections. In the TCP dump below, the...

by Explorer in

How can I use Netflow in Splunk when it's on a Windows Box without buying more software?

I'm in the middle of a POC of Splunk and would like to start putting my netflow data into it and be able to graphical...

by Explorer in

Explain param name="search"

can you pls explain tag,in all the examples they used index=_internal source=*metrics.log if i want to use .csv file...

by New Member in

Where does splunk store the logs?

we are in the process of investigating splunk for our IT datacenter. Does splunk store the old events that occure...

by Engager in

mapping headers to data in csv

I want to map headers to the data in the csv to search the fields as key=value pair, the sample log is shared below. ...

by Communicator in

IPS stops polling

Hi, First off I want to say great app. Second I want to let you know that I'm new to Splunk and would real like so...

by New Member in

Processing Windows Event Logs

Per the documentation available at the following URL... http://docs.splunk.com/Documentation/Splunk/latest/Data/Ab...

by Path Finder in

Splunk stopped collectiing Windows Event logs of Remote

Hi, We have Windows 2008 R2 SP1 with splunk 5 installed in Domain network. We have configured to collect window...

by New Member in

Can universal forwarder export data from SQL Server to a Splunk instance?

I have a MS SQL Server that manages some applications' log. I want to transport the log to a Splunk instance. Does th...

by Path Finder in

how to blacklist a log file

what command should i use to blacklist a log file named(trc_*.txt)? Please help.

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to monitor a folder in Windows ? C:\Windows\assembly

SEDCMD to anonymize CC data isnt working

Indexing only specific fields in an event

Inputs.Conf - Historical Logging - Chicken and the Egg?

Inputs.conf $decideonstartup

To monitor a Folder in Windows Server ?

syslog priority/level not logged?

Adavanced searches are too slow since they don't seem to make use of indexes

Splitting sourcetype from a monitor input stanza

Cisco IPS app not working - Error connecting to sensor

Have Alert on indexer send SNMP Traps to CA Spectrum network management server

TIme Zone in Splunk

$decideOnStartup Remote Perfmon

DBX: when is the line "dbx-end-of-event" printed?

splunk netflow problem

TCP listener answered not all connections

How can I use Netflow in Splunk when it's on a Windows Box without buying more software?

Explain param name="search"

Where does splunk store the logs?

mapping headers to data in csv

IPS stops polling

Processing Windows Event Logs

Splunk stopped collectiing Windows Event logs of Remote

Can universal forwarder export data from SQL Server to a Splunk instance?

how to blacklist a log file

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Tag Definition and Field value pair

.NET Application Runtime Metrics Not Showing in Sp...

sc4s app_parsers don't seem to work

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!