Getting Data In

Community Activity

Way to insert/create field based on source? I have a need (OK, it's a desire) to create a field that I can search on based on an input. The particular field I w... by mfrost8 Builder in Getting Data In 12-11-2011 2 6	2	6
Splunk stopped indexing some files Hi, We are indexing a directory on one of our servers (/sonic/logs) and Splunk suddenly stopped indexing a few of th... by jaydee77ca New Member in Getting Data In 12-09-2011 0 3	0	3
Time stamp parsing not seeming to work Using Splunk 4.2.4 on Windows XP I am a newbie trying to parse my FTP logs that have time stamps that look like 04... by esi_splunk New Member in Getting Data In 12-08-2011 0 1	0	1
Cleaning up props.conf, \| (OR) not working for multiple sources I have the following in props.conf [source::udp:32001] TZ = UTC TIME_FORMAT = %b %d... by jeff Contributor in Getting Data In 12-08-2011 0 3	0	3
Does Splunk have production-ready REST interfaces to input data? The title says it, my question is if Splunk supports REST interfaces for simply inputting data. I read about this to... by mahbe Engager in Getting Data In 12-08-2011 0 3	0	3
Recommended no of forwarders for a receiver I would like to find out if there's a recommended value for no of universal forwarders to connect to a receiver. We h... by wanling Path Finder in Getting Data In 12-08-2011 0 3	0	3
Monitoring FTP gz files Hi, I am planning a Splunk deployment that involves indexing large number of gz files FTP from multiple sources. Can ... by alextsui Path Finder in Getting Data In 12-08-2011 0 3	0	3
Lookups not working I am running splunk4.2.2 on Linux servers On My search-heads under /app/splunk/etc/system/local props.conf entrie... by desi-indian Path Finder in Getting Data In 12-07-2011 0 5	0	5
Deleting data from summary index or any index? I am summarizing my data every minute but I do not need that data after one hour. So I have schedule another search t... by asingla Communicator in Getting Data In 12-07-2011 0 2	0	2
File Eating I am eating NESSUS.V1 files from our Nessus contiues monitoring system Nessus puts the output from the scan in XML f... by hartfoml Motivator in Getting Data In 12-07-2011 0 7	0	7
How to define the listening port on a specific interface for universal forwarder deployment At the moment the universal forwarder client is listening locally for deployment on port 8089, but on all interfaces ... by phaelf Explorer in Getting Data In 12-07-2011 0 1	0	1
HPUX 11.11 or AIX 4.x compatibility? A customer in manufacturing who is already using Splunk to monitor their database systems wants to start monitoring s... by gpburgett Splunk Employee in Getting Data In 12-07-2011 0 1	0	1
can't find the file (source) i set a input (directory) and i use command "splunk list monitor" splunk list monitor command result: \\aaasvr\iis-pi... by ypfbkg Explorer in Getting Data In 12-06-2011 0 2	0	2
text files being ignored We have below monitor stanza in inputs.conf file [monitor:///usr/sap/IXD/SYS/profile] disabled = false index = erp ... by Rajshekhar New Member in Getting Data In 12-06-2011 0 7	0	7
'daily indexing volume limit exceeded' still showing up after removing reference to large data source Have Splunk v4.2.4 installed as stand-alone (trial license). Imported a huge file and got the 'daily indexing volum... by gmodeloh Engager in Getting Data In 12-06-2011 0 2	0	2
How to prevent this from being sent to indexer from heavy forwarder I know there have been quite a few messages on this, but I am still confused. I am trying to configure my heavy forwa... by rcavallo New Member in Getting Data In 12-06-2011 0 3	0	3
Can I inject events into Splunk via a script? Splunk supports scripted inputs (where splunk calls a script and indexes the results). But what about the reverse: c... by Justin_Grant Contributor in Getting Data In 12-05-2011 3 8	3	8
Multiple sourcetypes from single directory source SQL Server puts both the ERRORLOG and SQLAGENT logs in the same directory. When Splunk automatically assigns a source... by jordans Path Finder in Getting Data In 12-05-2011 2 2	2	2
Change Universal Forwarder index I'm trying to change were universal forwarders information gets indexed. Example: Universal forwarder configured to... by hgclowns Engager in Getting Data In 12-05-2011 0 1	0	1
Override source key in inputs.conf Hello, We are helping our indexers get through a bout of too-many-sources. We've applied the short-term solution (a... by mixolydian Path Finder in Getting Data In 12-05-2011 1 3	1	3
Why splunk forwarder not send the same data from WinEventLog:Security This is what I get from universal forwarder : Message=Security Enabled Global Group Member Removed: Member Nam... by TheGU Path Finder in Getting Data In 12-04-2011 0 1	0	1
formatting Windows Eventlog in Unix Splunk Using Splunk indexer (Linux)+ Forwarder v4.2.4 at some Windows Servers. Forwarding is working but cant see details of... by sneuser New Member in Getting Data In 12-04-2011 0 2	0	2
cannot download splunk 4.2.4 I have tried to download splunk-4.2.4-110225-linux-2.6-amd64.deb but: 1. The browser (firefox and chrome) hasn't st... by pervoliner Engager in Getting Data In 12-02-2011 3 8	3	8
Indexing Latency Chart It would be both useful and interesting to be able to graph the indexing latency for various data sources or hosts ov... by rotten Communicator in Getting Data In 12-01-2011 5 3	5	3
totally redundant 2 node cluster How to accomplish? Right now, I have two indexers with distributed search, but they each have separate indexes, so i... by mmattek Path Finder in Getting Data In 12-01-2011 0 4	0	4