Getting Data In

Thread Info

perfmon is not working

hi, I want to know how perfmon.cof is working.Since i want to use that for monitoring CPU utilization.I want to kn...

by Communicator in

If Universal Forwarder crashes, can we throttle the rate at which it sends data to indexer?

Hello, Assuming that I have a universal forwarder configured to monitor a directory of flat files, e.g. /var/log/,...

by Path Finder in

detecting when an indexer is down

How can I detect when an indexer is down? Is there an api call to poll for the status of the indexer? Or will a faili...

by Engager in

Operating System

Hi My company just bought a splunk server from Cisco, we got the hardware but no the software. Is it right ?? What...

by New Member in

Exchange Server App - IOPS charting

I'm currently running version 1.1 of the Exchange app. I'd like to add the four IOPS counters to the list of perfmon ...

by New Member in

Connect to my server

Hi All I'm trying Splunk for the first time - I'm sifting through the documentation and finding it difficult to a...

by New Member in

Not able to see my windows client logs on Splunk Server

Hello, I have splunk installed on CentOS and i want to monitor a log file which is located on a windows host D dri...

by New Member in

setting up daily formatted report

Hi, I have a saved search to find out the occurrence of a keyword "Response" in a log. I am able to create a forma...

by Path Finder in

filesystem change monitor on windows LightWeight Forwarder

Installation: Universal Forwarder 4.3.2 I am trying to use the FileSystem monitor to monitor the files in inputs.conf...

by Communicator in

line breaking help

957978 11:23:33 (INTEL) IN: "IFBFE4F44" user@hostlx8.domain $ 957979 11:24:07 (MLM) IN: "MATLAB" user@hostlx1.doma...

by Path Finder in

While setting up a Windows Eventlog collection input, why do I get an HTTP 500 - Access is denied error?

I want to gather and index the security eventtlogs on a remote Windows server. While trying to add a new Windows E...

by Splunk Employee in

Index the timestamp present in log file

hello, I got a question regarding the field indexed by splunk when an event is received on splunk server. I would ...

by Communicator in

Alert for syslog

I am trying to set an alert that notifies the admin of a situation when we dont get any data from syslog (no messages...

by Builder in

How do I set the SSL cert for the management port (8089)?

Like the question says, I'd like to build some REST clients using Splunk (4.3.2, 4.3.3) that will not be running on t...

by Engager in

How can I trigger the re-indexing of a single file?

I would like to have Splunk re-index a specific file /logs/pubic_folder/noodles/log that it has already indexed on th...

by Splunk Employee in

Need help joining 2 sets of data where the timestamp is off by a few seconds

Hi, I am trying to correlate 2 sets of data together via join search statement, however I need to do a join based...

by Contributor in

logfile folder

Hi, I am having a logfile folder in which every day log file got created with the date name i want to index only l...

by Path Finder in

change the indexer location

Hi I have installed splunk indexer on a linux machine under installation directory /opt and there are quite a few ...

by Path Finder in

Windows SID Resolving in Splunk

As i understand it, Splunk is able to resolve SIDs in Windows Security Events. The documentation around this is not v...

by Contributor in

remove space and tab char between from ">" "<\"

I want to remove all the spaces in between ">" "<\" and want to use this in SEDCMD Here is my regex but this is n...

by Builder in

"Indexer was started dirty"

I have no clue what this error means. The entire error in the splunkd.log is: Indexer was started dirty, searc...

by Path Finder in

Exception while importing data

Hi, I am running a script to import data to splunk (via REST API of curl), after running for a while, it gave the fol...

by New Member in

Minimize an event then forward it to an indexer

Hello, I've been searching forever and I can't seem to find the answer. The documentations that I have found thus ...

by Explorer in

Fowarder default input location

When I install the universal forwarder on a Windows server via the GUI, I have the option to add inputs with check bo...

by Path Finder in

Filter Duplicate Windows Events

Upon logon, multiple events with the same data are generated on our active directory domain controllers for a single ...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

perfmon is not working

If Universal Forwarder crashes, can we throttle the rate at which it sends data to indexer?

detecting when an indexer is down

Operating System

Exchange Server App - IOPS charting

Connect to my server

Not able to see my windows client logs on Splunk Server

setting up daily formatted report

filesystem change monitor on windows LightWeight Forwarder

line breaking help

While setting up a Windows Eventlog collection input, why do I get an HTTP 500 - Access is denied error?

Index the timestamp present in log file

Alert for syslog

How do I set the SSL cert for the management port (8089)?

How can I trigger the re-indexing of a single file?

Need help joining 2 sets of data where the timestamp is off by a few seconds

logfile folder

change the indexer location

Windows SID Resolving in Splunk

remove space and tab char between from ">" "<\"

"Indexer was started dirty"

Exception while importing data

Minimize an event then forward it to an indexer

Fowarder default input location

Filter Duplicate Windows Events

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Parsing Multimetric Logs

SC4S Syslog server update fails during download wi...

SplunkForwarder flooding splunkd.log with reconnec...

Event break multiline PowerShell Transcript Log

uberAgent

Getting Data In

Are you a member of the Splunk Community?

Discussions