Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Windows WMI configuration

Hi, Is there a way to configure how Splunk get the data from WMI for event logs, ex: how often Splunk check the ho...

by Engager in

WMI event logs manager

Hi, I defined over 60 hosts in Remote Windows Event log manager on splunk but when I go back in the manager I only...

by Engager in

How does the connection process work when querying a large number of WMI hosts for statistics (not eventlogs)

If have 100 desktops i want to collect a few statistics from.. say every 30s... does Splunk make 100 queries every 30...

by Splunk Employee in

Best Practices for Multi-User Search Performance

Hey guys, I currently have a 3-server architecture (2 central indexers with 1 search head). We are looking to hav...

by Contributor in

Could you provide more monitoring detail on a directory monitored via batch/sinkhole ?

I have 10's of thousands of files(tarballs) i want to monitor via batch/sinkhole. [batch:///var/log/archived_files...

by Splunk Employee in

How to get Splunk to work with Sawmill server?

Hi, At the moment we have had number Ironport appliances deployed but their log files being uploaded to FTP server...

by Engager in

How do I make a report save to a share on a different server every 24 hours?

I run a report every 24 hours, and I want to make the .csv results file available to multiple users afterwards. Can I...

by Splunk Employee in

Monitoring changes to configuration files

Trying to monitor changes to configuration files. Followed this article: http://www.splunk.com/base/Documentation/...

by Path Finder in

Access splunk manager from a public URL

I have splunk hosted on a win2k machine with IIS7.5 running. How do I configure splunk so I can access it from my loc...

by New Member in

Flashtimeline renders events at wrong time for users in different timezones

We have users that are in another timezone (30 minutes off the servers) and events in their flashtimeline are appeari...

by Path Finder in

How do I install the Cisco MARS Archive add-on?

How do I install and configure the Cisco MARS archive add-on on Splunkbase?

by Splunk Employee in

syslog using Splunk

Hi, can anyone tell me if I could do this using Splunk: Log from particular host to a particular directory, Archive l...

by New Member in

Experiences rolling frozen storage into HSM (Hierarchal Storage Management)

Does anyone have experience integrating splunk with a hierarchal storage management system (like AMASS, Legato, or Ti...

by SplunkTrust in

Some of my indexes have stopped indexing...

For some reason, looks like 2-3 of my indexes have stopped indexing. The monitor point to the indexes is pointed to d...

by Contributor in

How to send a notification when the my iindexer process through a certain amount of forwarded data

I want a search that will tell me the total throughput of my indexing server, and then setup a notification if that t...

by Path Finder in

Regarding how to splunk TripWire logs

I would like to splunk TripWire events so that I can search and correlate them with my other security, syslog, and ap...

by Splunk Employee in

follow tail returning jumbled mess

I’m currently getting a new log source ready for production, and I almost have it except for one issue. I’m forwardin...

by Communicator in

How do I strip out part of the timestamp so I only get the date?

I am trying to build a report where I want to summarize the number of events for an entire year by day sorting by hos...

by Communicator in

Mulltiline XML extraction...

So I have an xml formatted log added as a source, sourcetype'd as WSE_audit, and I'm trying to get it to basically sp...

by Path Finder in

Scripted input not showing up in search results

env[home] = linux, centos, splunk 4.0.11, everything on one test box cat /opt/splunk/etc/apps/unix/bin/uname.sh ...

by Communicator in

Getting Data In

Discussions

Windows WMI configuration

WMI event logs manager

How does the connection process work when querying a large number of WMI hosts for statistics (not eventlogs)

Best Practices for Multi-User Search Performance

Could you provide more monitoring detail on a directory monitored via batch/sinkhole ?

How to get Splunk to work with Sawmill server?

How do I make a report save to a share on a different server every 24 hours?

Monitoring changes to configuration files

Access splunk manager from a public URL

Flashtimeline renders events at wrong time for users in different timezones

How do I install the Cisco MARS Archive add-on?

syslog using Splunk

Experiences rolling frozen storage into HSM (Hierarchal Storage Management)

Some of my indexes have stopped indexing...

How to send a notification when the my iindexer process through a certain amount of forwarded data

Regarding how to splunk TripWire logs

follow tail returning jumbled mess

How do I strip out part of the timestamp so I only get the date?

Mulltiline XML extraction...

Scripted input not showing up in search results

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!

Sign up now >

Bitbucket and Splunk Integtion

Windows Defender Endpoint / ATP via Azure Event Hu...

monitor security windows events with syslog

EPO version 5.10 cannot connect with Db Connect ve...

Deployment server not available on a dedicated for...

Getting Data In

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!

Sign up now >