Getting Data In

Discussions

Thread Info

Will | extract reload=true command refresh everything in props.conf?

Hi, I've got four indexers and two search heads in a distributed environment. I've got a new sourcetype coming int...

by Communicator in

OPSEC-lea with Provider-1

Hello everyone, Does someone make the OPSEC-LEA app work with Provider-1? The main difference here is that the logs a...

by Explorer in

set queue size limit for universal forwarder

When we have a universal forwarder installed on a VM server (hard drive is 40gb). When the service went down yesterda...

by Path Finder in

simple index segregation ?

Hi. I'm trying to find a quick and simple way to separate my incoming cisco syslogs into different indexes. For co...

by Engager in

Universal ForwarderのCPU使用率が非常に高い

4.3.3のUniversal Forwarderを使っているが、特定の環境だけUniversal Forwarderの起動後に2時間が経っても、CPUの使用率が42%のままでした。何故、Universal Forwarderはそん...

by Contributor in

Index Windows Robocopy Log files - Help!

I am sure this is something simple that i am over looking here but basically i want to monitor a directory with all r...

by Engager in

Splunk stopped indexing when it came across a bigint number

I am using Splunk to import data from a mysql database using DB Connect App. I created data inputs for the same. Splu...

by Engager in

Universal Forwarder has to be on every machine?

The installer makes it seem like it is possible to pull data from another machine with the universal forwarder. Is th...

by New Member in

Source type websphere_activity

Hi, The source type for one of our hosts - HOST A - recently changed to websphere_activity. The source is log file...

by Communicator in

Configure index and application in Universal forwarder

Hi I configured Universal forwarder to push the windows event logs ( adfs logs ) to main splunk server. Can any...

by New Member in

Search in the earliest source

Hello! I have sourtsetype that contains multiple source. Into sourcetype permanently add new source. I need to search...

by Communicator in

Single Indexer with 2 different Search Heads?

Although I personally wouldn't want to set it up this way... Is it possible to have one indexer that works for 2 s...

by Path Finder in

How on earth do I edit indexes.conf

indexes.conf is set to read only I can't even change my frozenbucket retention period

by Explorer in

Organizing Log Data In Splunk

I have installed Splunk 5.0.2 and a universal forwarder on one of the application servers to forward glassfish logs t...

by Explorer in

Splunk Self Monitoring

My security people have asked if there is a self-monitoring capability in Splunk to track situations such as A dis...

by Communicator in

Can splunk read mlg files?

Can splunk read in mlg files or do you have to use a decode for it to be in plain text?

by Splunk Employee in

rex syntax to parse source path for a sub-directory name and the file name

I am trying to parse source path for a sub-directory name and its file name. My source files are as follows: sourc...

by Explorer in

IIS Advance Logs Forwarding

Mt question here is very similar to the question posted here: http://serverfault.com/questions/469383/iis-advanced-lo...

by Engager in

How to monitor 2 different file types in the same folder

If I need to monitor 2 different file types in the same folder and send them to different indexes, how do I do that?

by Splunk Employee in

sed combined help

I am using the following to clean up output: rex mode=sed field=search_google2 "s/\%20/ /g";"s/\%5B/[/g" | rex mod...

by Contributor in

Getting Data In

Discussions

Will | extract reload=true command refresh everything in props.conf?

OPSEC-lea with Provider-1

set queue size limit for universal forwarder

simple index segregation ?

Universal ForwarderのCPU使用率が非常に高い

Index Windows Robocopy Log files - Help!

Splunk stopped indexing when it came across a bigint number

Universal Forwarder has to be on every machine?

Source type websphere_activity

Configure index and application in Universal forwarder

Search in the earliest source

Single Indexer with 2 different Search Heads?

How on earth do I edit indexes.conf

Organizing Log Data In Splunk

Splunk Self Monitoring

Can splunk read mlg files?

rex syntax to parse source path for a sub-directory name and the file name

IIS Advance Logs Forwarding

How to monitor 2 different file types in the same folder

sed combined help

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Splunk for Financial Information eXchange (FIX) pr...

_meta and how it works

Keep whitespace at beginning of a field value

Powershell script not running always on schedule -...

Should I remove /datamodel_summary on local drive ...

Getting Data In

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>