Getting Data In

Discussions

Thread Info

Remote File Monitoring

Is there any way to monitor the attributes of files such as 'Date Created' or 'Modified Date' rather than modify the ...

by Engager in

Configure interval for forwarding Windows Event Logs to Forwarder

I installed Splunk on a Windows DC and configured it as Light Forwarder to send the events to a linux based Splunk In...

by Explorer in

How do I Monitor a UNC path?

From server1, I have access to the desired UNC path, and this same user is running splunk, so I know access is not an...

by Path Finder in

Reset SplunkLightForwarder

How may I reset a SplunkLightForwarder so that it will start from scratch and re-forward all data again? (v4.1.3)

by Explorer in

reindexing tossed data from too low a maxTotalDataSizeMB setting

Hello: If an index is kept small due to a low default setting, how can I have splunk reindex a large pool of data ...

by Explorer in

Will Splunk re-start processing of a file if it is renamed?

I am monitoring a directory with contains files that are rotated. Example: A file, today.logs is currently bei...

by Engager in

Forwarder tcpout_connections blocked

This configuration is two 3.4.2 forwarders -> two 4.1.2 indexers. Forwarders have two UDP inputs & two seperate assig...

by Splunk Employee in

A few events from a single log source file are getting stuck together at indexing - why?

I am indexing a log file of about 50,000 single line events and for the most part the events are indexed fine. This r...

by Contributor in

Indexing Queues Blocked if Network Is Not Reachable, why?

My Indexer is receiving data from a Forwarder but also sending data to non Splunk device. This external device became...

by Splunk Employee in

Where are TCP and UDP inputs indexed?

When I configure network inputs (TCP or UDP), I provide the port number and sourcetype, but there is nowhere to speci...

by Legend in

How to use timezone in Multi-Timezone system?

Hi, There are several questions about timezone configuration. I know that splunk use the timezone informa...

by Path Finder in

multiple inputs parser error

When i try and run a multiple input search running 4.1.2 on windows 7 im getting an error message that causes search ...

by Explorer in

SplunkLightweightForwarder app require inputs.conf?

Or can i enable "applicationx" with its own inputs.conf. only the lightweightforwarder and the "applicationx" apps...

by Contributor in

BIND IP Causing issues with RTSearch...

We have done an interface binding (to IP: index1_IP) on one of our indexers. This was done on one of the indexer (...

by Contributor in

Indexing does not start on HP-UX 11.31

I have a fresh install of 4.1.2 on a HP-UX 11v3 box and it automatically paused indexing. I've moved the indexes over...

by Explorer in

Why does Splunk complain about a missing parenthetical?

This is a very vague question. I have received a query from a partner who has observed Splunk erroring out complainin...

by Splunk Employee in

Integrating a series of flat values into Splunk

Hello all, I'm on the fish for ideas or anybody who has previous experience with this. Essentially, we have two...

by Path Finder in

Does SEDCMD work line-by-line or on the entire event?

Out of the box, the unix sed command operates on a line-by-line basis. Is this the same for the SEDCMD setting in pro...

by Super Champion in

time stamping problem using TIME_PREFIX

I have events that get written to a log file with the timestamp being included in this format <date>7/2/2010 1:13...

by Path Finder in

Active Directory monitor not enumerating existing objects

I've enabled the Active Directory monitoring module. I'm getting events as objects are modified but I would expect th...

by Path Finder in

Getting Data In

Discussions

Remote File Monitoring

Configure interval for forwarding Windows Event Logs to Forwarder

How do I Monitor a UNC path?

Reset SplunkLightForwarder

reindexing tossed data from too low a maxTotalDataSizeMB setting

Will Splunk re-start processing of a file if it is renamed?

Forwarder tcpout_connections blocked

A few events from a single log source file are getting stuck together at indexing - why?

Indexing Queues Blocked if Network Is Not Reachable, why?

Where are TCP and UDP inputs indexed?

How to use timezone in Multi-Timezone system?

multiple inputs parser error

SplunkLightweightForwarder app require inputs.conf?

BIND IP Causing issues with RTSearch...

Indexing does not start on HP-UX 11.31

Why does Splunk complain about a missing parenthetical?

Integrating a series of flat values into Splunk

Does SEDCMD work line-by-line or on the entire event?

time stamping problem using TIME_PREFIX

Active Directory monitor not enumerating existing objects

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Compare data for 1 hour

Windows event logs - BSD syslog format

Splunk Enterprise Free trial: HTTP Event Collector...

Index file updates inconsistently with "collect" c...

For inputs.conf, can the time_before_close setting...

Getting Data In

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >