Getting Data In

Community Activity

Next debug steps for Windows file monitor input? I'm trying to monitor files on a Windows server and it isn't working. I've placed a few stanzas like this into etc/d... by gowen Path Finder in Getting Data In 04-13-2012 2 7	2	7
Set Current only for all in WMI.conf? We are a 90% Windows environment. Since we upgraded to 4.3.1, the WMI log format has changed ever so slightly. While ... by I-Man Communicator in Getting Data In 04-13-2012 0 1	0	1
rewrite _raw from universal forwarder not working... I have the following stansas deployed to lightweight forwarders running Windows: props.conf [WinEventLog:Security] ... by jeff Contributor in Getting Data In 04-13-2012 0 6	0	6
How can one get the host and source IP addresses in the event logs instead of hostname ? Hi, How can one get the host and source IP addresses in the event logs instead of hostname in either places. It is c... by sahil_singh Explorer in Getting Data In 04-13-2012 0 7	0	7
Creating index centrally Hi, Is there any way of creating indexes on several indexers centrally? For a fairly small indexer-farm, it isn't mu... by echalex Builder in Getting Data In 04-12-2012 0 2	0	2
universalfowarder syslog receive and send hi universalforwarder receives and send the syslog data to do? If possible, how do? by khyoung7410 Communicator in Getting Data In 04-12-2012 0 2	0	2
Looping through a Macro using a csv lookup? I have a request from a user who wants to get some stats from the Exchange App around specific users. Namely they're... by Brian_Osburn Builder in Getting Data In 04-12-2012 3 2	3	2
how to sett forwarers to index on path and file name Is it possible to set up forwarders to index data on the path of the file and a portion of the file name automaticall... by jbirchall1 New Member in Getting Data In 04-12-2012 0 2	0	2
Does maxVolumeDataSizeMB in indexes.conf do anything? As far as I can tell, setting maxVolumeDataSizeMB does not trigger bucket moves and has no impact at all. Does anyone... by eugenekogan Explorer in Getting Data In 04-12-2012 0 6	0	6
Error installing any app When I try to install any app from the zipped file, I get an error like: There was an error processing the upload. L... by tchristian New Member in Getting Data In 04-12-2012 0 3	0	3
Props/transforms rewrite of _raw is adding a blank event Hi, I am using a props/transforms TRANSFORM to add the source (log file) name to the _raw log event line. props.con... by Glenn Builder in Getting Data In 04-12-2012 0 1	0	1
Charset Encoding Hi guys, I have installed Splunk 4.3 on a MAC OSX 10.7. I am trying to index data with non utf encoding. I have tri... by kenchisho Path Finder in Getting Data In 04-12-2012 0 3	0	3
Choosing the correct timestamp Hi, I'm having a weird problem with recognizing timestamps. The actual timestamp looks like this: [2012-04-11 11:24:... by echalex Builder in Getting Data In 04-12-2012 0 4	0	4
Can I run multiple Universal Forwarders on Windows Server 2008? I have a Universal Forwarder looking at a directory holding our proxy logs. New logs are dumped into the directory e... by wbfoxii Communicator in Getting Data In 04-12-2012 1 3	1	3
universal forwarder please I need help , I deployed a universal forward by following tutorial "distributed deployement manual" The un... by sarah89 Path Finder in Getting Data In 04-12-2012 1 16	1	16
Filtering and sending only specific data Hi again, I got one question in filtering and routing to indexer. i got my props like this: pros.conf [WinEven... by JPValadas Explorer in Getting Data In 04-12-2012 0 9	0	9
Segregation of incoming data In our environment (mid-size enterprise with remote sites) we have our primary indexer on dedicated hardware. All dat... by sconnors Engager in Getting Data In 04-12-2012 0 5	0	5
Indexing content that may contain in-line gzip We need to index content that may contain in-line gzip (or other compression) content. We do not need to search on th... by johnamcafee New Member in Getting Data In 04-11-2012 0 1	0	1
Why won't Splunk re-index my data? I wanted to see how Splunk would index my data, so I configured it to index a few files into a 'test' index. Now tha... by Mick Splunk Employee in Getting Data In 04-11-2012 3 6	3	6
Major discrepancy between per_sourcetype_thruput and tcpin_connections - which is right? I'm looking at a Splunk instance right now that is getting 99+% of its data as one particular sourcetype, from two he... by Jason Motivator in Getting Data In 04-11-2012 1 5	1	5
warning and violations, how to reduce my indexed volume ? Hi I have a license pool for X Gb per day, and I blow it every almost every single day. How to selectively reduce m... by mataharry Communicator in Getting Data In 04-11-2012 1 3	1	3
Explain this transform v4.3 sles 11.1 can you explain for me this transform [csafields] REGEX = ^[^\\|]+\\|([^\\|]+)\\|([^\\|]+)\\|([^\\|]+)\\|([^... by cvajs Contributor in Getting Data In 04-11-2012 0 8	0	8
want to have Mutiline log file as single event - props.conf My log goes like this. I want all contents between "BeginEvent" and "EndEvent" as a single event. Any help? Will grea... by ma_anand1984 Contributor in Getting Data In 04-11-2012 0 4	0	4
Forwarder keeps monitoring after app undeployed Hi, I'm just setting up a deployment server and created a simple app to test it. The app was installed fine on my un... by echalex Builder in Getting Data In 04-11-2012 0 5	0	5
Splunk going down in events indexed All day, I've been watching the amount of events indexed in Splunk go up and down. It stays in the 1.8-1.9 billion e... by nkitmitto Explorer in Getting Data In 04-10-2012 1 1	1	1