Getting Data In

Community Activity

Benefits to an upgrade from 4.3.2 to 4.3.3 Hi guys: In our current PROD architecture we have various OS flavors of the 4.3.2 Universal forwarders pushing data ... by asarolkar Builder in Getting Data In 07-17-2012 0 5	0	5
Allow users to specify their own timezone? I know that with v4.3.3 we can now (as an administrator) manually change the users display timezone by editing their ... by Lucas_K Motivator in Getting Data In 07-16-2012 1 8	1	8
Can Splunk add data from a local mdb file? I have installed an open source Syslog server on a Windows PC, at home. I am sending it logs from my Netgear FVS114 h... by mlwinzenburg New Member in Getting Data In 07-16-2012 0 4	0	4
Duplicate records I have tested and realized that when monitoring a file with let's say 24 rows with the option "Continuously index dat... by jaterlwj Explorer in Getting Data In 07-15-2012 0 5	0	5
Detecting multiple sourcetypes within a single archive Hi Splunkers! Beyond configuring the autodetection of new sourcetypes, is specifying sourcetype detection via a wild... by rturk Builder in Getting Data In 07-14-2012 1 3	1	3
Splunk doesn't break events correctly for monitor input. I am struggling to break multi-line events correctly with source defined as monitor input. Occassionally, Splunk brea... by dilipvpatel Explorer in Getting Data In 07-14-2012 0 9	0	9
work with a non-conventional timestamps Hi, I am working with some legacy logs that have spaces in timestamps, e.g. 2012-07-12 06:00:05: 9 -07:00 2012-07-1... by bluecoder008 New Member in Getting Data In 07-13-2012 0 4	0	4
Can the Deployment Server be configured to stagger deployments? Can I configure the Deployment Server in such a way that it staggers the deployment of selected apps? What I'd like... by rgcurry Contributor in Getting Data In 07-13-2012 0 2	0	2
How To Filter Only administrator logins Good evening, i have this problem to solve: i've installed splunk web and a client machine with splunk heavy forwarde... by angelo82 Explorer in Getting Data In 07-13-2012 0 6	0	6
How do I check if my custom TIME_FORMAT is successfully parsing the time stamps of my events? I am using TIME_FORMAT (see props.conf.spec for reference) in an attempt to accelerate the date-time parsing of my ev... by hexx Splunk Employee in Getting Data In 07-13-2012 3 2	3	2
Forwarder - Apache i am trying to get the forwarder to work with apache logs from the CLI i issue the command "./splunk input add moni... by tuplink New Member in Getting Data In 07-13-2012 0 2	0	2
How to set up Splunk to monitor multiple boxes using *Nix? Hello all, I'm not entirely sure how would I go about and do this? Could someone provide some instructions - still n... by krashev New Member in Getting Data In 07-13-2012 0 1	0	1
monitor config for log files - universal forwarder I have log files, say, "logFile1.txt", "logFile2.txt" in folder /home/system/logs/ . The folder also has rotated logs... by lakshman237 Path Finder in Getting Data In 07-12-2012 0 4	0	4
Details on disabled flag in inputs.conf? In many examples (on splunk.com, in training class slides, and elsewhere) I see a "disabled = false" setting in many ... by Jordan_Brough Path Finder in Getting Data In 07-12-2012 2 1	2	1
Is Splunk good for inputting text data into? My boss wants me to use Splunk to analyze log files, but I do not have access to the server so he's sending me data t... by allyandrews14 New Member in Getting Data In 07-12-2012 0 1	0	1
Not indexing new fields in new app Hello, I am new in Splunk and I am trying to create new fields at index time in a new app I created. I would like to ... by atelesca Explorer in Getting Data In 07-12-2012 0 3	0	3
Show remote windows event log/events using universal forwarder Hi All, I am new to Splunk. We want to build a POC to capture windows event logs, specific event IDs from a remote m... by anshu2812 Explorer in Getting Data In 07-12-2012 0 3	0	3
License usage by sourcetype AND host I posted something to the other question, but since this is a different question, I thought I would ask a new one... ... by tawollen Path Finder in Getting Data In 07-11-2012 1 3	1	3
Timezones Timestamps on data We changed the TZ field from Asia/Shanghai to UTC. The data that was indexed prior to the change has the "bad" splun... by rachelneal Path Finder in Getting Data In 07-11-2012 0 1	0	1
Universal Forwarder port requirements to forward syslog traffic I need to configure Firewalls for the required ports in order to forward syslog traffic from my syslog server that I... by ashafiee Explorer in Getting Data In 07-11-2012 2 2	2	2
rawdata error I upgraded splunk from 4.0.3 to 4.3.3, After upgrade, i started the splunkd service and could found error in splunkd.... by selvarn New Member in Getting Data In 07-11-2012 0 1	0	1
Timestamp help Hi I have two time stamps in my logs. . say 12:10:2012T05:40:34+1.00/L:TIME and TIMESTAMP=2012-07-11T06:59:00.008... by rakesh_498115 Motivator in Getting Data In 07-11-2012 0 1	0	1
WinEventLog:* on Windows 2008 and Splunk 4.3.2 forwarders - Splunk could not get the description for this event. We have Universal Forwarders installed on Windows 2003 & 2008 Servers, plus a heavy forwarder on Windows 2008... We... by jeff Contributor in Getting Data In 07-11-2012 7 23	7	23
Running Splunk Forwarder on port other than 8089 What are the implications of running the splunk forwarder on a non-standard port? Do I have to change anything in the... by beaunewcomb Communicator in Getting Data In 07-10-2012 1 2	1	2
Forwarder to indexer - is that http/TCP? Greetings. I have an indexer configured to receive logs from forwarders on a TCP port, say 8100. I have configured t... by lakshman237 Path Finder in Getting Data In 07-10-2012 0 8	0	8