Getting Data In

Community Activity

Problems with setting sourcetype through transformations.conf This is driving me mad - have gone through the documentation and responses to queries in here but still can't get sou... by quixand Path Finder in Getting Data In 08-09-2011 0 1	0	1
Labels not working on forms I am creating a criteria form for a report. When I use "text" fields, the labels work fine. But if I use radio or d... by timmy13 Communicator in Getting Data In 08-09-2011 0 1	0	1
enter arbitrary date on a form, convert to unix time, and search based on date range I'm probably making this too complicated, but I sense this should be easier than I'm making it out to be and I can't ... by jeff Contributor in Getting Data In 08-09-2011 0 2	0	2
Can I run the universal forwarder with a 4.1x indexer? Can I run a 4.2 universal forwarder with a 4.1x indexer, and a 4.1x deployment server? We are in the process of upgr... by sf_user_199 Path Finder in Getting Data In 08-09-2011 1 1	1	1
Universal forwarder windows to syslog doesn't work I am trying to get the Universal Forwarder to forward event logs (System and Security) from Windows to syslog on Linu... by mmather67 Path Finder in Getting Data In 08-08-2011 1 4	1	4
Log time differs from time on splunk host I'm running splunk in windows where the time is in PST. I read logs in GMT time, so when I search for most recent, i... by suhprano Path Finder in Getting Data In 08-08-2011 0 1	0	1
Indexing xml log file input I have a log file wherea typical line entry is as below ... I am trying to construct REGEX to be included in the "tra... by desi-indian Path Finder in Getting Data In 08-08-2011 1 4	1	4
Logs with no timestamp incorrectly getting date from file name I have a sourcetype where Splunk is correctly getting the time stamp from the events, but the events don't contain a ... by gpullis Communicator in Getting Data In 08-06-2011 1 4	1	4
Collect Windows Version Is there a recommended best-practice for collecting the version of windows that a certain Splunk-instance is running ... by sdwilkerson Contributor in Getting Data In 08-05-2011 1 1	1	1
How do I process rar files on a Windows Splunk install? I thought that Splunk would read compressed files and load them, however it is telling me the rar file is a binary. ... by approachct Path Finder in Getting Data In 08-05-2011 0 2	0	2
What's a best practice for ignoring Windows 2008 security events Like most of us with Windows servers, I'm fighting with keeping my license usage down in the face of Windows Server 2... by gpullis Communicator in Getting Data In 08-05-2011 0 1	0	1
Splunk, monitor file changes and MD5 checksum Hi all, I'm trying to index a log file which consists of some counters. This file doesn't change a lot as counters a... by cyrillefranchet Explorer in Getting Data In 08-05-2011 1 2	1	2
Distance between a Search Head and an Indexer We are looking at merging Splunk instances between different data centers and having a single Search head cluster. I ... by fk319 Builder in Getting Data In 08-05-2011 0 2	0	2
Index just filenames in a directory Is it possible to just index a directory of filenames? I have a directory containing gobs of logfiles. I really don't... by cejohnson Explorer in Getting Data In 08-04-2011 0 2	0	2
Search for failed inputs I indexed 365 files (a daily IIS log for a year) and according to the TailingProcessor:FileStatus there were some tha... by chca Path Finder in Getting Data In 08-03-2011 0 2	0	2
Problems with a dynamic input header in a scripted input I have a number of custom scripted inputs that use the dynamic input header (*SPLUNK* key=val) to establish vario... by Lowell Super Champion in Getting Data In 08-03-2011 0 1	0	1
How do you override "source" on a oneshot? I'm using oneshot to do a one-time import of data: splunk add oneshot $(pwd)/mydata -sourcetype mytype -index main ... by Ron_Naken Splunk Employee in Getting Data In 08-03-2011 9 4	9	4
SUF sending to one port from many hosts, events overlap each other IGNORE this question/problem. Bad search skills led to bad conslusion. About 30 Splunk Universal Forwarders sendin... by twinspop Influencer in Getting Data In 08-03-2011 0 4	0	4
Does the UF use props.conf and/or transforms.conf or not? If I am reading http://splunk-base.splunk.com/answers/27373/universal-forwarder-and-propsconf-and-transformsconf corr... by nisse Explorer in Getting Data In 08-02-2011 1 2	1	2
Why is the batch processor not honouring the metadata header? Something's up with the batch processor. I send the following file to a sink and it doesn't set any of the metadata f... by Marinus Communicator in Getting Data In 08-02-2011 0 1	0	1
Splunk could not find a controller to import for the following module: "Splunk.Module.Test". I am working on a custom module that extends the SingleValue module. I couldn't get the custom module to work correct... by hoffmandirt Explorer in Getting Data In 07-29-2011 0 2	0	2
sourcetype=tcp-raw I'm using a forwarder (regular) to forward TCP input to indexer. The events are being forwarded correctly to the ind... by pmr Explorer in Getting Data In 07-29-2011 0 3	0	3
Preferred placement of files to be monitored (which inputs.conf) My indexer is on Linux, but all the forwarders are on Windows. I've been putting the file names being monitored into... by RVDowning Contributor in Getting Data In 07-28-2011 1 1	1	1
SSL on universal, heavy, and splunk server? Reading the questions that reference SSL certificates for splunk data I'm confused. If I simply use SSL to encrypt d... by byronschwab Engager in Getting Data In 07-28-2011 1 1	1	1
Don't store "success" log entries Is there a way to make it so Splunk will discard a log entry that comes in with a certain substring in the message su... by jmorello Engager in Getting Data In 07-28-2011 1 1	1	1