Getting Data In

Discussions

Thread Info

Can I route some data as syslog output to multiple destinations?

I am indexing data feeds A and B and want to forward just data from B as syslog to servers X and Y (cloning the data ...

by Splunk Employee in

Can i tell splunk not to index the first X lines of a file?

I have a logfile that has headers in the first two lines of the file. Imagine something like the output of UNIX' "top...

by Splunk Employee in

Multiple Timestamps

My events have two different times in them, one from when the dns server processed them, and then another is added to...

by Explorer in

Disabling type "Informational" with splunk for windows

I have a linux indexer. I forward with the light forwarder from about 200 windows boxes. On the indexer I don't wa...

by New Member in

no events returning for any search jobs (api call)

i am not recieving any xml for /services/search/jobs/<sid>/events ... but i get xml for /services/search/jobs/<sid...

by Contributor in

splunk forwarder

I am planning to integrate Splunk data with MARS, would the cloning option work for Non-Splunk receiver as well? Or i...

by Path Finder in

Event Filtering not working

We are trying to filter events from the Windows Event Log that are pulled using WMI. Here is the transforms.conf: ...

by Communicator in

Multiple Transactions in a Single Search

I am trying to link events from two separate sourcetypes together that have different fields available. The "corps_ap...

by Engager in

Using fschange to monitor Windows filesystem

I'm trying to set up fschange to monitor a folder on one of our servers (running Splunk v4.1.2) using the following s...

by SplunkTrust in

Run external Linux command from within search.

I need to run a shell script or Linux command inside my search to obtain external Ldap information. I have a UserID t...

by Engager in

WMI in windows 2000

I have polled wmi query from windows 2000 to splunk, as there is not PerfFormattedData class. I use PerfRawData, but ...

by Path Finder in

Scripted Input - Windows Indexer - Linux Host

Looking for the best way to collect Disk Free Space from a Linux box to a Windows Indexer. Company policy wont let me...

by New Member in

how to install downloaded Splunk apps on windows without untar

Windows doesn't have a built-in way to unpack the .tar.gz format used by Splunk apps downloaded from Splunkbase. What...

by Contributor in

how to do I install a splunk instance

where do I find the software for splunk instance. I want to collect the syslog or events from a remote client.

by Engager in

Pulling logged in users via REST API

How would one get a list of all the users logged in via the API In a ruby script i tried this... (POST seems odd f...

by Contributor in

Finding forwarders that are 3.4.x and older.

I have a around 800 forwarders in my distributed environment.Most of them would be 3.4.11 or 3.3.x and only around 50...

by Communicator in

Large WMI environment questions

This question is helpful, but I have a client who needs more detail on a WMI-polling environment. Ideally a conferenc...

by Motivator in

Best way to monitor tens of thousands of GZipped files?

I'm at a client now that needs to import files from their centralized log server, where they have tens of thousands o...

by Motivator in

What are the reasons to use multiple receiving ports for Splunk forwarders?

When setting up an indexing server to receive data from Splunk forwarders, are there good technical or management rea...

by Splunk Employee in

What does the queue named AQ? How did it get blocked?

In the splunkd.log I see this error message: 06-02-2010 09:42:31.344 INFO TailingProcessor - failed to i...

by Splunk Employee in

Getting Data In

Discussions

Can I route some data as syslog output to multiple destinations?

Can i tell splunk not to index the first X lines of a file?

Multiple Timestamps

Disabling type "Informational" with splunk for windows

no events returning for any search jobs (api call)

splunk forwarder

Event Filtering not working

Multiple Transactions in a Single Search

Using fschange to monitor Windows filesystem

Run external Linux command from within search.

WMI in windows 2000

Scripted Input - Windows Indexer - Linux Host

how to install downloaded Splunk apps on windows without untar

how to do I install a splunk instance

Pulling logged in users via REST API

Finding forwarders that are 3.4.x and older.

Large WMI environment questions

Best way to monitor tens of thousands of GZipped files?

What are the reasons to use multiple receiving ports for Splunk forwarders?

What does the queue named AQ? How did it get blocked?

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Compare data for 1 hour

Windows event logs - BSD syslog format

Splunk Enterprise Free trial: HTTP Event Collector...

Index file updates inconsistently with "collect" c...

For inputs.conf, can the time_before_close setting...

Getting Data In

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >