Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Limit search results to a sourcetype

What can I do to limit search results for one or more sourcetypes. I am able to get the results through the Splun...

by New Member in

Anyone have a good working DB polling scripts written in Python?

Anyone have a good working python DB table dump scripts that keeps track of last row marker? I guess it would be i...

by Communicator in

I'm getting an error for some files I am monitoring about hitting EOF while computing CRC. What does this mean?

I'm seeing the following errors in splunkd.log and my file isn't being monitored properly -- the events don't seem to...

by Champion in

Can I splunk ClearCase for source code change monitoring?

Wondering if anyone has ever integrated ClearCase with Splunk yet. Does ClearCase provide text logs on disk or maybe ...

by Splunk Employee in

Monitoring hidden files on Linux

I'm having a problem trying to monitor the .bash_history file. I've set up a monitor for /home with a whitelist of "....

by Explorer in

Failed to write usn context

I am seeing the following errors over and over again in my splunkd.log file. I'm not sure where to go to resolve this...

by Explorer in

Juniper SSG20 logs showing up as multi-line chunks in interface

Possible Duplicate: Juniper Netscreen TCP Syslog messages not breaking properly Hi, I have an SSG20 sending s...

by New Member in

Where is the data stored on a Forwarder when the Receiver is down

I know the forwarder will buffer its data if the receiver goes down for some reason.Where is the data stored(director...

by Engager in

How can i check for forwarders that have not sent a specific sourcetype,source,host within x time?

Is there any way to check for forwarders that have not connected recently and include a "sourcetype, source or host" ...

by Splunk Employee in

index on regex field from source

I have a dir of text files named like such scriptcalled_201005211317_stdout.txt how do i index them on that date? ...

by Contributor in

Alerting on forwarder up/down events

I have a saved search that notifies me when a forwarder goes up or down based on various TcpInputProc and TcpOutputPr...

by Super Champion in

Syslog Priority Levels Stripped for UDP and TCP Syslog Messages

All, I noticed discussions on how to prevent Splunk from stripping priority levels from UDP Syslog messages. Will ...

by Engager in

Scripted Alert Question

Is there a way to pass the result of a savedsearch to a script? For example, if the search returns: suser duser sh...

by Explorer in

Search-time Mask

Some events flow into the Splunk instance via syslog sockets. For a brief period of time, the sourcetypes that cam...

by Contributor in

getting event timestamp from source file name

I have a .csv file that I'm indexing. There is no timestamp information in the .csv file, but there is a date in the ...

by Contributor in

strptime() format for yyyymmddhhmmss?

strptime() format expression examples Below are some sample date formats with strptime() expressions that handle t...

by Contributor in

Stop times like '0:20:00' being read as 8pm

Splunk always seems to get this wrong. I have the following in a vain effort to correct this TIME_PREFIX=^ TIME...

by Path Finder in

Wildcard support in tag definitions?

Is there a way to set tags based off a wild card value? IE I have the following hosts and I want to apply the 'tes...

by Path Finder in

Why do variations in sourcetype appear?

I have an Splunk indexer that receives IIS input from several sources. Why is the sourcetype set to "iis.1" instead o...

by Legend in

How well does a indexer configured w/ Raid 5 or 6 perform?

If we have an indexer configured w/a raid 5 or raid 6 array is this going to negatively affect performance?

by Splunk Employee in

Getting Data In

Discussions

Limit search results to a sourcetype

Anyone have a good working DB polling scripts written in Python?

I'm getting an error for some files I am monitoring about hitting EOF while computing CRC. What does this mean?

Can I splunk ClearCase for source code change monitoring?

Monitoring hidden files on Linux

Failed to write usn context

Juniper SSG20 logs showing up as multi-line chunks in interface

Where is the data stored on a Forwarder when the Receiver is down

How can i check for forwarders that have not sent a specific sourcetype,source,host within x time?

index on regex field from source

Alerting on forwarder up/down events

Syslog Priority Levels Stripped for UDP and TCP Syslog Messages

Scripted Alert Question

Search-time Mask

getting event timestamp from source file name

strptime() format for yyyymmddhhmmss?

Stop times like '0:20:00' being read as 8pm

Wildcard support in tag definitions?

Why do variations in sourcetype appear?

How well does a indexer configured w/ Raid 5 or 6 perform?

Splunk errors generated alongside successful data ...

Smart Store Producing a High Volume of 204 and 404...

Ingest messages from slack channels to splunk

Need to give add data capability to user in splunk...

Load Balancing UF to 3rd third party receivers