Getting Data In

Community Activity

WinEventLog:* on Windows 2008 and Splunk 4.3.2 forwarders - Splunk could not get the description for this event. We have Universal Forwarders installed on Windows 2003 & 2008 Servers, plus a heavy forwarder on Windows 2008... We... by jeff Contributor in Getting Data In 07-11-2012 7 23	7	23
Running Splunk Forwarder on port other than 8089 What are the implications of running the splunk forwarder on a non-standard port? Do I have to change anything in the... by beaunewcomb Communicator in Getting Data In 07-10-2012 1 2	1	2
Forwarder to indexer - is that http/TCP? Greetings. I have an indexer configured to receive logs from forwarders on a TCP port, say 8100. I have configured t... by lakshman237 Path Finder in Getting Data In 07-10-2012 0 8	0	8
syslog (udp:514) filtering Hi, I am wondering if my question couldn't get answered quickly. I have parsed many very similiar questions and trie... by weigeltf New Member in Getting Data In 07-10-2012 0 5	0	5
Forwarder Redundancy Hi, I want to know the best practice and patterns that makes Forwarders highly available and redundant. - SH poolin... by melonman Motivator in Getting Data In 07-09-2012 2 2	2	2
Interactive Field Extraction 2012-06-21 23:58:57,200 [M3P3] DEBUG - LOG\|2012-06-21\|23:58:57\|4\|9\|AB123C\|MCL\|88\|1234\|123456\|12345\|N\|N\|AAAA 1234567\|\|... by Splunk_User792 New Member in Getting Data In 07-09-2012 0 2	0	2
Cisco ASA - Logging from Access-Control Entries. Hi, I am logging directly to Splunk from several Cisco ASA's. I have set my ASA to log ACE entries on the notificat... by kenth Splunk Employee in Getting Data In 07-09-2012 0 3	0	3
Multiple Wildcards in inputs.conf Hi, Can I use the following expression in my inputs.conf /data/logs/kim/.../*MS?.log.gz Or /data/logs/kim/.../*... by mkelderm Path Finder in Getting Data In 07-09-2012 1 1	1	1
MaxVolumeDataSize and old indexes Hi, We have spec:d volumes for use in out indexes.conf and we are also (trying) to limit this volumes content with t... by lmyrefelt Builder in Getting Data In 07-09-2012 1 4	1	4
High Splunk Universal Forwarder CPU usage Hi. We are trying to monitor one custom file in a non-syslogging service on a linux Ubuntu 11.04 64 bit server. For... by certivox New Member in Getting Data In 07-08-2012 0 1	0	1
Remote Authentication - Forwarder not sending from internet to PC with DDNS Hello, I am setting up a test lab with Splunk. As I have a VPS (Virtual Private Server) for web hosting I thought it... by j666gak Communicator in Getting Data In 07-07-2012 0 1	0	1
How do I delete a specific data input & its relating indexed events? I have multiple data inputs going into one index. Is there a way to delete only one of those data inputs and scrub i... by sthao New Member in Getting Data In 07-06-2012 0 3	0	3
script alert filetype question Hi all, I have a question about script alert. Now the script alert will transform the result to gzip filetype. Is th... by Anthony_Hou Path Finder in Getting Data In 07-05-2012 2 2	2	2
Day Of Month Field Without A Leading Zero I have a log which contains entries like the following: (3/07/12 13:13:09) 8856: < RingBufferModule::initialize() (3... by sajbutler Path Finder in Getting Data In 07-05-2012 0 4	0	4
winsock error 10055 We started to lose accessing Splunkweb running on Windows 2k8 Server. When we checked status of the service. We've no... by Masa Splunk Employee in Getting Data In 07-05-2012 3 4	3	4
Remove Header column outputcsv Is there a way to remove the Header column row after performing the outputcsv command during a Splunk search? by efelder0 Communicator in Getting Data In 07-05-2012 2 3	2	3
How do I remove data read anomalies? Reading a temperature sensor (DS18B20) from out side. Every so often I get a bad data set. Jul 2 23:26:40 malakoff ... by talbot7 Path Finder in Getting Data In 07-05-2012 0 6	0	6
handle scripted input as single line values Hi Splunkies, another question by me... I run a script every 15 min which counts DFS connections on different server... by jan_wohlers Path Finder in Getting Data In 07-05-2012 0 1	0	1
If multiple hosts, in different time zones, are sending logs to Splunk . In that case how to configure Timezone props.conf for the hosts individually. If multiple hosts, in different time zones, are sending logs to Splunk . In that case how to configure Timezone props... by ranjyotiprakash Communicator in Getting Data In 07-05-2012 1 6	1	6
How to exclude some result In my search result I want to exclude some result that belongs to eventtype, Is it possible ? my search is source... by jangid Builder in Getting Data In 07-05-2012 3 3	3	3
Multline events with pauses between lines I'm consuming a qa test log that has a fairly erratic format, but I was able to identify a line breaker regex to grou... by heathm Explorer in Getting Data In 07-04-2012 2 5	2	5
New Install - Ubuntu Hello, I'm trialling Splunk purely as a syslog server, and have installed it on a windows 2003 server, and can recie... by GLC2012 Explorer in Getting Data In 07-04-2012 1 7	1	7
Compression between forwarder and indexer When applying compression on forwarder to indexer, I am suspecting it's more efficient due to splunk comsuming less N... by clyde772 Communicator in Getting Data In 07-04-2012 0 1	0	1
props.conf regexp help after few investigations on my own , I have a more specific question. what is the correct way to configure props.con... by avishayh Explorer in Getting Data In 07-04-2012 0 2	0	2
splunk indexes rotated logs Example of actual inputs.conf [monitor:////data/example/server/example/log/*.log] sourcetype=jboss index=idx_sep_dev... by unix New Member in Getting Data In 07-03-2012 0 4	0	4