Getting Data In

Community Activity

work with a non-conventional timestamps Hi, I am working with some legacy logs that have spaces in timestamps, e.g. 2012-07-12 06:00:05: 9 -07:00 2012-07-1... by bluecoder008 New Member in Getting Data In 07-13-2012 0 4	0	4
Can the Deployment Server be configured to stagger deployments? Can I configure the Deployment Server in such a way that it staggers the deployment of selected apps? What I'd like... by rgcurry Contributor in Getting Data In 07-13-2012 0 2	0	2
How To Filter Only administrator logins Good evening, i have this problem to solve: i've installed splunk web and a client machine with splunk heavy forwarde... by angelo82 Explorer in Getting Data In 07-13-2012 0 6	0	6
How do I check if my custom TIME_FORMAT is successfully parsing the time stamps of my events? I am using TIME_FORMAT (see props.conf.spec for reference) in an attempt to accelerate the date-time parsing of my ev... by hexx Splunk Employee in Getting Data In 07-13-2012 3 2	3	2
Forwarder - Apache i am trying to get the forwarder to work with apache logs from the CLI i issue the command "./splunk input add moni... by tuplink New Member in Getting Data In 07-13-2012 0 2	0	2
How to set up Splunk to monitor multiple boxes using *Nix? Hello all, I'm not entirely sure how would I go about and do this? Could someone provide some instructions - still n... by krashev New Member in Getting Data In 07-13-2012 0 1	0	1
monitor config for log files - universal forwarder I have log files, say, "logFile1.txt", "logFile2.txt" in folder /home/system/logs/ . The folder also has rotated logs... by lakshman237 Path Finder in Getting Data In 07-12-2012 0 4	0	4
Details on disabled flag in inputs.conf? In many examples (on splunk.com, in training class slides, and elsewhere) I see a "disabled = false" setting in many ... by Jordan_Brough Path Finder in Getting Data In 07-12-2012 2 1	2	1
Is Splunk good for inputting text data into? My boss wants me to use Splunk to analyze log files, but I do not have access to the server so he's sending me data t... by allyandrews14 New Member in Getting Data In 07-12-2012 0 1	0	1
Not indexing new fields in new app Hello, I am new in Splunk and I am trying to create new fields at index time in a new app I created. I would like to ... by atelesca Explorer in Getting Data In 07-12-2012 0 3	0	3
Show remote windows event log/events using universal forwarder Hi All, I am new to Splunk. We want to build a POC to capture windows event logs, specific event IDs from a remote m... by anshu2812 Explorer in Getting Data In 07-12-2012 0 3	0	3
License usage by sourcetype AND host I posted something to the other question, but since this is a different question, I thought I would ask a new one... ... by tawollen Path Finder in Getting Data In 07-11-2012 1 3	1	3
Timezones Timestamps on data We changed the TZ field from Asia/Shanghai to UTC. The data that was indexed prior to the change has the "bad" splun... by rachelneal Path Finder in Getting Data In 07-11-2012 0 1	0	1
Universal Forwarder port requirements to forward syslog traffic I need to configure Firewalls for the required ports in order to forward syslog traffic from my syslog server that I... by ashafiee Explorer in Getting Data In 07-11-2012 2 2	2	2
rawdata error I upgraded splunk from 4.0.3 to 4.3.3, After upgrade, i started the splunkd service and could found error in splunkd.... by selvarn New Member in Getting Data In 07-11-2012 0 1	0	1
Timestamp help Hi I have two time stamps in my logs. . say 12:10:2012T05:40:34+1.00/L:TIME and TIMESTAMP=2012-07-11T06:59:00.008... by rakesh_498115 Motivator in Getting Data In 07-11-2012 0 1	0	1
WinEventLog:* on Windows 2008 and Splunk 4.3.2 forwarders - Splunk could not get the description for this event. We have Universal Forwarders installed on Windows 2003 & 2008 Servers, plus a heavy forwarder on Windows 2008... We... by jeff Contributor in Getting Data In 07-11-2012 7 23	7	23
Running Splunk Forwarder on port other than 8089 What are the implications of running the splunk forwarder on a non-standard port? Do I have to change anything in the... by beaunewcomb Communicator in Getting Data In 07-10-2012 1 2	1	2
Forwarder to indexer - is that http/TCP? Greetings. I have an indexer configured to receive logs from forwarders on a TCP port, say 8100. I have configured t... by lakshman237 Path Finder in Getting Data In 07-10-2012 0 8	0	8
syslog (udp:514) filtering Hi, I am wondering if my question couldn't get answered quickly. I have parsed many very similiar questions and trie... by weigeltf New Member in Getting Data In 07-10-2012 0 5	0	5
Forwarder Redundancy Hi, I want to know the best practice and patterns that makes Forwarders highly available and redundant. - SH poolin... by melonman Motivator in Getting Data In 07-09-2012 2 2	2	2
Interactive Field Extraction 2012-06-21 23:58:57,200 [M3P3] DEBUG - LOG\|2012-06-21\|23:58:57\|4\|9\|AB123C\|MCL\|88\|1234\|123456\|12345\|N\|N\|AAAA 1234567\|\|... by Splunk_User792 New Member in Getting Data In 07-09-2012 0 2	0	2
Cisco ASA - Logging from Access-Control Entries. Hi, I am logging directly to Splunk from several Cisco ASA's. I have set my ASA to log ACE entries on the notificat... by kenth Splunk Employee in Getting Data In 07-09-2012 0 3	0	3
Multiple Wildcards in inputs.conf Hi, Can I use the following expression in my inputs.conf /data/logs/kim/.../*MS?.log.gz Or /data/logs/kim/.../*... by mkelderm Path Finder in Getting Data In 07-09-2012 1 1	1	1
MaxVolumeDataSize and old indexes Hi, We have spec:d volumes for use in out indexes.conf and we are also (trying) to limit this volumes content with t... by lmyrefelt Builder in Getting Data In 07-09-2012 1 4	1	4