Getting Data In

Community Activity

Lookups not working I am running splunk4.2.2 on Linux servers On My search-heads under /app/splunk/etc/system/local props.conf entrie... by desi-indian Path Finder in Getting Data In 12-07-2011 0 5	0	5
Deleting data from summary index or any index? I am summarizing my data every minute but I do not need that data after one hour. So I have schedule another search t... by asingla Communicator in Getting Data In 12-07-2011 0 2	0	2
File Eating I am eating NESSUS.V1 files from our Nessus contiues monitoring system Nessus puts the output from the scan in XML f... by hartfoml Motivator in Getting Data In 12-07-2011 0 7	0	7
How to define the listening port on a specific interface for universal forwarder deployment At the moment the universal forwarder client is listening locally for deployment on port 8089, but on all interfaces ... by phaelf Explorer in Getting Data In 12-07-2011 0 1	0	1
HPUX 11.11 or AIX 4.x compatibility? A customer in manufacturing who is already using Splunk to monitor their database systems wants to start monitoring s... by gpburgett Splunk Employee in Getting Data In 12-07-2011 0 1	0	1
can't find the file (source) i set a input (directory) and i use command "splunk list monitor" splunk list monitor command result: \\aaasvr\iis-pi... by ypfbkg Explorer in Getting Data In 12-06-2011 0 2	0	2
text files being ignored We have below monitor stanza in inputs.conf file [monitor:///usr/sap/IXD/SYS/profile] disabled = false index = erp ... by Rajshekhar New Member in Getting Data In 12-06-2011 0 7	0	7
'daily indexing volume limit exceeded' still showing up after removing reference to large data source Have Splunk v4.2.4 installed as stand-alone (trial license). Imported a huge file and got the 'daily indexing volum... by gmodeloh Engager in Getting Data In 12-06-2011 0 2	0	2
How to prevent this from being sent to indexer from heavy forwarder I know there have been quite a few messages on this, but I am still confused. I am trying to configure my heavy forwa... by rcavallo New Member in Getting Data In 12-06-2011 0 3	0	3
Can I inject events into Splunk via a script? Splunk supports scripted inputs (where splunk calls a script and indexes the results). But what about the reverse: c... by Justin_Grant Contributor in Getting Data In 12-05-2011 3 8	3	8
Multiple sourcetypes from single directory source SQL Server puts both the ERRORLOG and SQLAGENT logs in the same directory. When Splunk automatically assigns a source... by jordans Path Finder in Getting Data In 12-05-2011 2 2	2	2
Change Universal Forwarder index I'm trying to change were universal forwarders information gets indexed. Example: Universal forwarder configured to... by hgclowns Engager in Getting Data In 12-05-2011 0 1	0	1
Override source key in inputs.conf Hello, We are helping our indexers get through a bout of too-many-sources. We've applied the short-term solution (a... by mixolydian Path Finder in Getting Data In 12-05-2011 1 3	1	3
Why splunk forwarder not send the same data from WinEventLog:Security This is what I get from universal forwarder : Message=Security Enabled Global Group Member Removed: Member Nam... by TheGU Path Finder in Getting Data In 12-04-2011 0 1	0	1
formatting Windows Eventlog in Unix Splunk Using Splunk indexer (Linux)+ Forwarder v4.2.4 at some Windows Servers. Forwarding is working but cant see details of... by sneuser New Member in Getting Data In 12-04-2011 0 2	0	2
cannot download splunk 4.2.4 I have tried to download splunk-4.2.4-110225-linux-2.6-amd64.deb but: 1. The browser (firefox and chrome) hasn't st... by pervoliner Engager in Getting Data In 12-02-2011 3 8	3	8
Indexing Latency Chart It would be both useful and interesting to be able to graph the indexing latency for various data sources or hosts ov... by rotten Communicator in Getting Data In 12-01-2011 5 3	5	3
totally redundant 2 node cluster How to accomplish? Right now, I have two indexers with distributed search, but they each have separate indexes, so i... by mmattek Path Finder in Getting Data In 12-01-2011 0 4	0	4
Prevent header row from being indexed I am receiving duplicate header rows in my output.csv. How do I prevent the header row from being indexed? my props.... by efelder0 Communicator in Getting Data In 12-01-2011 0 1	0	1
Wildcard for subfolders I need to index a CSV file that gets created daily in a folder with that day's name on it. So today's path is ..lo... by joshftx Explorer in Getting Data In 11-30-2011 0 3	0	3
Importing data Hello, I am going to set Splunk up on a test rig for work as a possible tool that might be used. If snare is install... by j666gak Communicator in Getting Data In 11-30-2011 0 1	0	1
Getting "unclean shutdown detected" alerts and "fast recovery" prompts on splunkd start-up after 4.2 upgrade Since I upgraded my indexer to 4.2, I very frequently see the following output on Splunk start-up : [root@splunk-inde... by hexx Splunk Employee in Getting Data In 11-30-2011 5 4	5	4
Can multiple indexers write to a single index My question is about Splunk topology. Can multiple indexer processes write to a single physical index? Or is there ... by jamesoconnell Path Finder in Getting Data In 11-30-2011 1 12	1	12
Inputs.conf I have this in my inputs.conf _whitelist=(\.log\|log$\|^messages\|^secure\|mesg$\|cron$\|acpid$\|\.out) Can anyone help me... by hartfoml Motivator in Getting Data In 11-30-2011 1 3	1	3
Splunk forwarder not working Hello I couldnt see the log files indexed in splunk Could you please help and mafdetlogindexer is the index name in t... by vramali1 New Member in Getting Data In 11-29-2011 0 2	0	2