Getting Data In

Community Activity

Can I run multiple Universal Forwarders on Windows Server 2008? I have a Universal Forwarder looking at a directory holding our proxy logs. New logs are dumped into the directory e... by wbfoxii Communicator in Getting Data In 04-12-2012 1 3	1	3
universal forwarder please I need help , I deployed a universal forward by following tutorial "distributed deployement manual" The un... by sarah89 Path Finder in Getting Data In 04-12-2012 1 16	1	16
Filtering and sending only specific data Hi again, I got one question in filtering and routing to indexer. i got my props like this: pros.conf [WinEven... by JPValadas Explorer in Getting Data In 04-12-2012 0 9	0	9
Segregation of incoming data In our environment (mid-size enterprise with remote sites) we have our primary indexer on dedicated hardware. All dat... by sconnors Engager in Getting Data In 04-12-2012 0 5	0	5
Indexing content that may contain in-line gzip We need to index content that may contain in-line gzip (or other compression) content. We do not need to search on th... by johnamcafee New Member in Getting Data In 04-11-2012 0 1	0	1
Why won't Splunk re-index my data? I wanted to see how Splunk would index my data, so I configured it to index a few files into a 'test' index. Now tha... by Mick Splunk Employee in Getting Data In 04-11-2012 3 6	3	6
Major discrepancy between per_sourcetype_thruput and tcpin_connections - which is right? I'm looking at a Splunk instance right now that is getting 99+% of its data as one particular sourcetype, from two he... by Jason Motivator in Getting Data In 04-11-2012 1 5	1	5
warning and violations, how to reduce my indexed volume ? Hi I have a license pool for X Gb per day, and I blow it every almost every single day. How to selectively reduce m... by mataharry Communicator in Getting Data In 04-11-2012 1 3	1	3
Explain this transform v4.3 sles 11.1 can you explain for me this transform [csafields] REGEX = ^[^\\|]+\\|([^\\|]+)\\|([^\\|]+)\\|([^\\|]+)\\|([^... by cvajs Contributor in Getting Data In 04-11-2012 0 8	0	8
want to have Mutiline log file as single event - props.conf My log goes like this. I want all contents between "BeginEvent" and "EndEvent" as a single event. Any help? Will grea... by ma_anand1984 Contributor in Getting Data In 04-11-2012 0 4	0	4
Forwarder keeps monitoring after app undeployed Hi, I'm just setting up a deployment server and created a simple app to test it. The app was installed fine on my un... by echalex Builder in Getting Data In 04-11-2012 0 5	0	5
Splunk going down in events indexed All day, I've been watching the amount of events indexed in Splunk go up and down. It stays in the 1.8-1.9 billion e... by nkitmitto Explorer in Getting Data In 04-10-2012 1 1	1	1
List of checkpoint libraries necessary for lea-loggrabber Hi, I'm getting ready to deploy the splunk Lea-Loggrabber client (32-bit) on RH6 64-bit OS. Would anyone happen to ha... by jbsplunk Splunk Employee in Getting Data In 04-10-2012 5 1	5	1
Incorrect hostname for Cisco WAAS Logs I've got a weird issue with some Cisco WAAS devices identifying their hostname correctly in Splunk. We are in the pro... by lukemarrott Engager in Getting Data In 04-10-2012 0 3	0	3
Receiver not receiving newly added index and data from sender! I am currently successfully forwarding data of a created index from a sender to a receiver, the issue is I have creat... by Dark_Ichigo Builder in Getting Data In 04-09-2012 0 3	0	3
Data Index Question - Data Also On Indexer Not Indexing Hello Everyone, I currently have an indexer (one box) which also has data that I want to index. I specified the loca... by A4orce84 New Member in Getting Data In 04-09-2012 0 2	0	2
Generate graph from 'CPU RAM process' log How should I configure the Search (and Report) so to get a CPU & RAM line chart (the values not a count) by process? ... by splunk_zen Builder in Getting Data In 04-09-2012 0 3	0	3
migrate data from single splunk indexer, split to two new indexers (sanity check) I have a plan to migrate data from a single splunk indexer to two separate indexers, reconfiguring the production sys... by jeff Contributor in Getting Data In 04-09-2012 1 2	1	2
Multi-value fields not populating for index Hello, I think i'm doing something wrong, but i've read through all the manuals and can't figure out what it is! I h... by ccollord Explorer in Getting Data In 04-09-2012 0 2	0	2
Remove Raw data from splunk server We are running splunk 4.2.3 on a RHEL 5.7 server and nearly 250 universal forwarders forwarding data to this splunk s... by npandith Explorer in Getting Data In 04-08-2012 0 2	0	2
universal forwarder hello can we install the splunk instance as an indexer and universal forwarder in the same machine and try to forwar... by sarah89 Path Finder in Getting Data In 04-08-2012 0 2	0	2
connection error from forwarder I configured a splunk instance on a linux server and added forwarder to another remote splunk instance. I also config... by mihika Engager in Getting Data In 04-08-2012 1 3	1	3
Which Logback Appender to use to send new events to splunk via REST reciever endpoint? May i know which Logback appender should i use if i want to create new events using the Splunk's REST receivers endpo... by misteryuku Communicator in Getting Data In 04-07-2012 0 4	0	4
How to upgrade forwarders with deployment server? I want to upgrade several forwarders. They are deployment clients. How to do this? by micropotato Engager in Getting Data In 04-07-2012 1 4	1	4
Timestamp broken up by a \| I have events in a file with fields separated by "\|" (e.g. blah\|blah\|20120406\|095040\|blah\|blah). Can I use this to ... by ubko Explorer in Getting Data In 04-06-2012 0 4	0	4