Getting Data In

Community Activity

Reindexing already indexed data and props/transforms.conf Hi All, Question about reindexing indexed data: I have a legacy 4.2.x splunk server running. Its set to index all d... by mark Path Finder in Getting Data In 01-26-2012 0 2	0	2
Search not coming upwith results for new hosts for non-admins We've recently changed out our servers and when I use the searches against these new hosts using my user I am not get... by jdibble Explorer in Getting Data In 01-26-2012 0 7	0	7
Setting up Forwarder and Testing So, I've installed and configured the Splunk forward on my Intranet Server. I'm trying to get the IIS logs from \Win... by bherbert Engager in Getting Data In 01-26-2012 0 3	0	3
Alternate timestamp for CSV files or forwarded data Does anyone know how we can use the timestamp of the file from the operating system as the timestamp for events? For ... by ngcgoon Explorer in Getting Data In 01-26-2012 0 4	0	4
forward data to a syslog server We're trying to forward data to a syslog server from a splunk server. However, seems that the hostname and process id... by acalvo Explorer in Getting Data In 01-25-2012 2 6	2	6
No time or host in forwarded syslog messages I have a Splunk indexer (splunk-4.0.9-74233-linux-2.6-x86_64.rpm) sending cooked data to a Splunk forwarder (active_g... by nisse Explorer in Getting Data In 01-25-2012 2 5	2	5
Difference between monitor and fschange [1] May I know what are the differences between using monitor or fschange? [2] Is there a documentation about fschan... by Nicholas_Key Splunk Employee in Getting Data In 01-25-2012 2 2	2	2
Filtering with a UF before indexing I've seen a number of posts about this with varied responses. Here's what I'm trying to do: We have some web acces... by Branden Builder in Getting Data In 01-25-2012 0 7	0	7
Dynamic lookup file name in Transforms.conf Hi, We have a cron job which periodically updates the lookup file. The file name is of the format lookup_mmddyyyy.cs... by sscandoit Explorer in Getting Data In 01-25-2012 1 2	1	2
Directory Names I am new to splunk and am trying to set up a monitored directory. It appears that when browsing for an existing dire... by dzilk Engager in Getting Data In 01-25-2012 1 2	1	2
UF and Indexers, problem with props.conf We are converting from a single Splunk instantance to a cluster. At this time we are also implementing Universal For... by fk319 Builder in Getting Data In 01-25-2012 0 5	0	5
Splunk indexer is not sending to syslog - please help Hi, I've tried everything. I have read all the answers and docs. A cannot force splunk indexer to forward all events... by awalesa New Member in Getting Data In 01-25-2012 0 12	0	12
How do I send Windows Event logs to Splunk Indexer installed in Linux? Hi Splunkers, I am very new to Splunk and would like to monitor Windows servers, how do I configure the Windows boxe... by tomero2011 Engager in Getting Data In 01-24-2012 0 1	0	1
DateParserVerbose issue I indexed a huge log with data that is going back to 2006. However when I try to search on this data it doesn't show... by gnovak Builder in Getting Data In 01-24-2012 0 12	0	12
Filtering Windows logs at Source with Universal Forwarder Hi Splunk Gurus We have problem with Splunk on Windows. Windows sends way to many events and logs to splunk indexer,... by nitinthakur New Member in Getting Data In 01-24-2012 0 3	0	3
addtional host data in the index, but not displaying data on the graph Hello, I have been try to configure the windows app to display data from additional hosts, but without success. We ... by davidfreer New Member in Getting Data In 01-23-2012 0 1	0	1
How do I set hostname without syslog I have a UF sending logs to my indexer. The UF receives logs, via syslog, from several other systems. All my UFs, i... by I_am_Jeff Communicator in Getting Data In 01-23-2012 0 3	0	3
Sending certain logs from UDP port 514 to specific indexes We have some Cisco devices that are sending syslog via port 514 natively (no splunk forwarder installed, obviously). ... by aferone Builder in Getting Data In 01-23-2012 2 21	2	21
Not Seeing Monitored Files from Forwarder in My Indexer I'm testing Splunk with the following configuration: Splunk 4.3 indexer and Splunk Universal Forwarder 4.3 on a separ... by scaldwell1 New Member in Getting Data In 01-23-2012 0 1	0	1
monitor csv data I am performing the following test in my env, props.conf [newcsvtest] REPORT-newcsvtest = newcsvtest SHOULD_LINEMERG... by schava2 Explorer in Getting Data In 01-22-2012 0 1	0	1
Many 4663 Win Events for the same file Dear Colleagues, I am configuring Splunk to listen my File Server in the WMI Security Events. Splunk is listening we... by mgaleti New Member in Getting Data In 01-22-2012 0 1	0	1
coldToFrozenDir per index I was running a cold to frozen script that moved the forzen files into a separate directory per index. /opt/splunk/... by imacdonald2 Path Finder in Getting Data In 01-20-2012 0 1	0	1
Why is my universal forwarder not evenly spreading events coming from a high-traffic input input across all indexers? I have noticed that universal forwarders receiving data from a high-traffic input will fail to distribute events even... by hexx Splunk Employee in Getting Data In 01-20-2012 3 2	3	2
Syslog from Firewall issue I asked my Firewall admin to change the port for syslog to the Splunk indexer. He changed it from 514 to 1514. He s... by hartfoml Motivator in Getting Data In 01-20-2012 0 2	0	2
transforms.conf fields are visible but returns zero rows when clicked/selected My props and transforms.conf work fine and I am able to see the fields on the GUI of search heads ( We are running s... by desi-indian Path Finder in Getting Data In 01-20-2012 0 4	0	4