Getting Data In

Community Activity

Sending certain logs from UDP port 514 to specific indexes We have some Cisco devices that are sending syslog via port 514 natively (no splunk forwarder installed, obviously). ... by aferone Builder in Getting Data In 01-23-2012 2 21	2	21
Not Seeing Monitored Files from Forwarder in My Indexer I'm testing Splunk with the following configuration: Splunk 4.3 indexer and Splunk Universal Forwarder 4.3 on a separ... by scaldwell1 New Member in Getting Data In 01-23-2012 0 1	0	1
monitor csv data I am performing the following test in my env, props.conf [newcsvtest] REPORT-newcsvtest = newcsvtest SHOULD_LINEMERG... by schava2 Explorer in Getting Data In 01-22-2012 0 1	0	1
Many 4663 Win Events for the same file Dear Colleagues, I am configuring Splunk to listen my File Server in the WMI Security Events. Splunk is listening we... by mgaleti New Member in Getting Data In 01-22-2012 0 1	0	1
coldToFrozenDir per index I was running a cold to frozen script that moved the forzen files into a separate directory per index. /opt/splunk/... by imacdonald2 Path Finder in Getting Data In 01-20-2012 0 1	0	1
Why is my universal forwarder not evenly spreading events coming from a high-traffic input input across all indexers? I have noticed that universal forwarders receiving data from a high-traffic input will fail to distribute events even... by hexx Splunk Employee in Getting Data In 01-20-2012 3 2	3	2
Syslog from Firewall issue I asked my Firewall admin to change the port for syslog to the Splunk indexer. He changed it from 514 to 1514. He s... by hartfoml Motivator in Getting Data In 01-20-2012 0 2	0	2
transforms.conf fields are visible but returns zero rows when clicked/selected My props and transforms.conf work fine and I am able to see the fields on the GUI of search heads ( We are running s... by desi-indian Path Finder in Getting Data In 01-20-2012 0 4	0	4
Splunk server stops taking client data Situation: I log into to splunk and find that data is not present when it should be. I log into the client machine w... by jgauthier Contributor in Getting Data In 01-20-2012 0 9	0	9
How much data can i index per second on a single indexer? I've already got my single indexer spec'd to handle under 100Gigs a day and it meets the requirements. However i am ... by Chris_R_ Splunk Employee in Getting Data In 01-19-2012 2 3	2	3
Removing Header row after outputcsv command What are some of the methods that I can remove the header row after running the 'outputcsv' command in my search? He... by efelder0 Communicator in Getting Data In 01-19-2012 1 2	1	2
Timestamp in every single line in multiline events I've configured my splunk to recieve data from syslog via udp. The application uses a SyslogAppender in it's log4j co... by rSteinbrenner New Member in Getting Data In 01-19-2012 0 2	0	2
does scripted input need to belong to an app Hi, I'm a splunk newbie. I want to collect data via snmp and display it on charts/graphs. Does the scripted input ne... by a212830 Champion in Getting Data In 01-19-2012 0 1	0	1
Upgrade to 4.3: AttributeError: 'str' object has no attribute 'os_startIndex' After an upgrade from 4.2.4 to 4.3 on Windows 2008 R2 Server (64bit) I get the following error after the login: 500 ... by FRoth Contributor in Getting Data In 01-19-2012 0 3	0	3
Applying NullQueue REGEX to ALL sources Hi Guys - I'm trying to remove "DEBUG" messages from ALL inputs. What do I put in props.conf to apply a transform t... by tewner Explorer in Getting Data In 01-19-2012 1 2	1	2
Via CLI why did "add forward-server" work and "add search-server" failed? Why i use "add forward-server" is work, but "add search-server" failed? [root@proxy splunkforwarder]# bin/splunk hel... by haway Engager in Getting Data In 01-18-2012 1 2	1	2
wildcard in inputs.conf splunktcp stanza? Hi guys, Is it possible to limit a splunk receiver via host wildcard. So curently I have in inputs.conf [splunktcp:... by mark Path Finder in Getting Data In 01-18-2012 3 1	3	1
Accessing remote REST API in a search Is it possible for Splunk to natively run a search against a remote Splunk REST API from within a search? For exampl... by mundus Path Finder in Getting Data In 01-18-2012 1 1	1	1
splunk date and time variables Hi, I have a requirement to create a dashboard view of events occuring from Friday last week to Thrusday running week... by theertpr Explorer in Getting Data In 01-18-2012 0 1	0	1
Editing props.conf after adding source? Is there a way, in the GUI, to edit props.conf after creating a new source (and after indexing)? If not, where can I... by ehs New Member in Getting Data In 01-18-2012 0 1	0	1
Multiple indexes and license limits Does data indexed in two separate indexes count twice against the license limit? by steve Path Finder in Getting Data In 01-17-2012 0 2	0	2
Using Splunk to forward data to third party servers I was wondering if anyone is currently using Splunk forwarders as the means by which they receive all log data and th... by jaoui Path Finder in Getting Data In 01-17-2012 0 5	0	5
Monitor remote directory I want to monitor a directory that resides on another machine which has a Splunk forwarder on it. There is one specif... by Sheela Path Finder in Getting Data In 01-17-2012 0 1	0	1
Disabling line breaking not working I'm trying to index a bunch of plugin files such that each file is a single event. I've tried almost every combinati... by mundus Path Finder in Getting Data In 01-17-2012 1 7	1	7
Splunk won't correctly recognize timestamp Why splunk won't correctly recognize this timestamp? 120129092233 my props.conf TIME_FORMAT=%Y%m%d%H%M%S TIME_PRE... by pero1234 Path Finder in Getting Data In 01-17-2012 2 3	2	3