Getting Data In

Community Activity

forward data to a syslog server We're trying to forward data to a syslog server from a splunk server. However, seems that the hostname and process id... by acalvo Explorer in Getting Data In 01-25-2012 2 6	2	6
No time or host in forwarded syslog messages I have a Splunk indexer (splunk-4.0.9-74233-linux-2.6-x86_64.rpm) sending cooked data to a Splunk forwarder (active_g... by nisse Explorer in Getting Data In 01-25-2012 2 5	2	5
Difference between monitor and fschange [1] May I know what are the differences between using monitor or fschange? [2] Is there a documentation about fschan... by Nicholas_Key Splunk Employee in Getting Data In 01-25-2012 2 2	2	2
Filtering with a UF before indexing I've seen a number of posts about this with varied responses. Here's what I'm trying to do: We have some web acces... by Branden Builder in Getting Data In 01-25-2012 0 7	0	7
Dynamic lookup file name in Transforms.conf Hi, We have a cron job which periodically updates the lookup file. The file name is of the format lookup_mmddyyyy.cs... by sscandoit Explorer in Getting Data In 01-25-2012 1 2	1	2
Directory Names I am new to splunk and am trying to set up a monitored directory. It appears that when browsing for an existing dire... by dzilk Engager in Getting Data In 01-25-2012 1 2	1	2
UF and Indexers, problem with props.conf We are converting from a single Splunk instantance to a cluster. At this time we are also implementing Universal For... by fk319 Builder in Getting Data In 01-25-2012 0 5	0	5
Splunk indexer is not sending to syslog - please help Hi, I've tried everything. I have read all the answers and docs. A cannot force splunk indexer to forward all events... by awalesa New Member in Getting Data In 01-25-2012 0 12	0	12
How do I send Windows Event logs to Splunk Indexer installed in Linux? Hi Splunkers, I am very new to Splunk and would like to monitor Windows servers, how do I configure the Windows boxe... by tomero2011 Engager in Getting Data In 01-24-2012 0 1	0	1
DateParserVerbose issue I indexed a huge log with data that is going back to 2006. However when I try to search on this data it doesn't show... by gnovak Builder in Getting Data In 01-24-2012 0 12	0	12
Filtering Windows logs at Source with Universal Forwarder Hi Splunk Gurus We have problem with Splunk on Windows. Windows sends way to many events and logs to splunk indexer,... by nitinthakur New Member in Getting Data In 01-24-2012 0 3	0	3
addtional host data in the index, but not displaying data on the graph Hello, I have been try to configure the windows app to display data from additional hosts, but without success. We ... by davidfreer New Member in Getting Data In 01-23-2012 0 1	0	1
How do I set hostname without syslog I have a UF sending logs to my indexer. The UF receives logs, via syslog, from several other systems. All my UFs, i... by I_am_Jeff Communicator in Getting Data In 01-23-2012 0 3	0	3
Sending certain logs from UDP port 514 to specific indexes We have some Cisco devices that are sending syslog via port 514 natively (no splunk forwarder installed, obviously). ... by aferone Builder in Getting Data In 01-23-2012 2 21	2	21
Not Seeing Monitored Files from Forwarder in My Indexer I'm testing Splunk with the following configuration: Splunk 4.3 indexer and Splunk Universal Forwarder 4.3 on a separ... by scaldwell1 New Member in Getting Data In 01-23-2012 0 1	0	1
monitor csv data I am performing the following test in my env, props.conf [newcsvtest] REPORT-newcsvtest = newcsvtest SHOULD_LINEMERG... by schava2 Explorer in Getting Data In 01-22-2012 0 1	0	1
Many 4663 Win Events for the same file Dear Colleagues, I am configuring Splunk to listen my File Server in the WMI Security Events. Splunk is listening we... by mgaleti New Member in Getting Data In 01-22-2012 0 1	0	1
coldToFrozenDir per index I was running a cold to frozen script that moved the forzen files into a separate directory per index. /opt/splunk/... by imacdonald2 Path Finder in Getting Data In 01-20-2012 0 1	0	1
Why is my universal forwarder not evenly spreading events coming from a high-traffic input input across all indexers? I have noticed that universal forwarders receiving data from a high-traffic input will fail to distribute events even... by hexx Splunk Employee in Getting Data In 01-20-2012 3 2	3	2
Syslog from Firewall issue I asked my Firewall admin to change the port for syslog to the Splunk indexer. He changed it from 514 to 1514. He s... by hartfoml Motivator in Getting Data In 01-20-2012 0 2	0	2
transforms.conf fields are visible but returns zero rows when clicked/selected My props and transforms.conf work fine and I am able to see the fields on the GUI of search heads ( We are running s... by desi-indian Path Finder in Getting Data In 01-20-2012 0 4	0	4
Splunk server stops taking client data Situation: I log into to splunk and find that data is not present when it should be. I log into the client machine w... by jgauthier Contributor in Getting Data In 01-20-2012 0 9	0	9
How much data can i index per second on a single indexer? I've already got my single indexer spec'd to handle under 100Gigs a day and it meets the requirements. However i am ... by Chris_R_ Splunk Employee in Getting Data In 01-19-2012 2 3	2	3
Removing Header row after outputcsv command What are some of the methods that I can remove the header row after running the 'outputcsv' command in my search? He... by efelder0 Communicator in Getting Data In 01-19-2012 1 2	1	2
Timestamp in every single line in multiline events I've configured my splunk to recieve data from syslog via udp. The application uses a SyslogAppender in it's log4j co... by rSteinbrenner New Member in Getting Data In 01-19-2012 0 2	0	2