Getting Data In

Community Activity

Collect Windows Version Is there a recommended best-practice for collecting the version of windows that a certain Splunk-instance is running ... by sdwilkerson Contributor in Getting Data In 08-05-2011 1 1	1	1
How do I process rar files on a Windows Splunk install? I thought that Splunk would read compressed files and load them, however it is telling me the rar file is a binary. ... by approachct Path Finder in Getting Data In 08-05-2011 0 2	0	2
What's a best practice for ignoring Windows 2008 security events Like most of us with Windows servers, I'm fighting with keeping my license usage down in the face of Windows Server 2... by gpullis Communicator in Getting Data In 08-05-2011 0 1	0	1
Splunk, monitor file changes and MD5 checksum Hi all, I'm trying to index a log file which consists of some counters. This file doesn't change a lot as counters a... by cyrillefranchet Explorer in Getting Data In 08-05-2011 1 2	1	2
Distance between a Search Head and an Indexer We are looking at merging Splunk instances between different data centers and having a single Search head cluster. I ... by fk319 Builder in Getting Data In 08-05-2011 0 2	0	2
Index just filenames in a directory Is it possible to just index a directory of filenames? I have a directory containing gobs of logfiles. I really don't... by cejohnson Explorer in Getting Data In 08-04-2011 0 2	0	2
Search for failed inputs I indexed 365 files (a daily IIS log for a year) and according to the TailingProcessor:FileStatus there were some tha... by chca Path Finder in Getting Data In 08-03-2011 0 2	0	2
Problems with a dynamic input header in a scripted input I have a number of custom scripted inputs that use the dynamic input header (*SPLUNK* key=val) to establish vario... by Lowell Super Champion in Getting Data In 08-03-2011 0 1	0	1
How do you override "source" on a oneshot? I'm using oneshot to do a one-time import of data: splunk add oneshot $(pwd)/mydata -sourcetype mytype -index main ... by Ron_Naken Splunk Employee in Getting Data In 08-03-2011 9 4	9	4
SUF sending to one port from many hosts, events overlap each other IGNORE this question/problem. Bad search skills led to bad conslusion. About 30 Splunk Universal Forwarders sendin... by twinspop Influencer in Getting Data In 08-03-2011 0 4	0	4
Does the UF use props.conf and/or transforms.conf or not? If I am reading http://splunk-base.splunk.com/answers/27373/universal-forwarder-and-propsconf-and-transformsconf corr... by nisse Explorer in Getting Data In 08-02-2011 1 2	1	2
Why is the batch processor not honouring the metadata header? Something's up with the batch processor. I send the following file to a sink and it doesn't set any of the metadata f... by Marinus Communicator in Getting Data In 08-02-2011 0 1	0	1
Splunk could not find a controller to import for the following module: "Splunk.Module.Test". I am working on a custom module that extends the SingleValue module. I couldn't get the custom module to work correct... by hoffmandirt Explorer in Getting Data In 07-29-2011 0 2	0	2
sourcetype=tcp-raw I'm using a forwarder (regular) to forward TCP input to indexer. The events are being forwarded correctly to the ind... by pmr Explorer in Getting Data In 07-29-2011 0 3	0	3
Preferred placement of files to be monitored (which inputs.conf) My indexer is on Linux, but all the forwarders are on Windows. I've been putting the file names being monitored into... by RVDowning Contributor in Getting Data In 07-28-2011 1 1	1	1
SSL on universal, heavy, and splunk server? Reading the questions that reference SSL certificates for splunk data I'm confused. If I simply use SSL to encrypt d... by byronschwab Engager in Getting Data In 07-28-2011 1 1	1	1
Don't store "success" log entries Is there a way to make it so Splunk will discard a log entry that comes in with a certain substring in the message su... by jmorello Engager in Getting Data In 07-28-2011 1 1	1	1
not indexing after cleaning eventdata So i created an app folder... and indexes.conf .. and an inputs.conf to monitor a directory. I then restarted splunk... by hiddenkirby Contributor in Getting Data In 07-28-2011 1 11	1	11
extracting from logs before indexing to server Hi Is there a way to extract a part of log event before it being indexed to splunk server for example Below is the ... by dhs_harry08 Path Finder in Getting Data In 07-28-2011 0 2	0	2
How do I "watch" a specific log file and only send updates based on specific strings? I need to watch log files for certain error strings only. Ideally this would be done on the machine that contains th... by sdickson New Member in Getting Data In 07-27-2011 0 1	0	1
Cannot figure Universal forwarder out I have done 3-4 days of research and have been striking out. Here is the process that I follow. I install the unive... by chrisscott1 New Member in Getting Data In 07-26-2011 0 1	0	1
Splunk API paging I'm running into an issue with using the Splunk API and it only returning 30 records. I've searched the Splunk API, ... by Zambonilli Explorer in Getting Data In 07-26-2011 0 2	0	2
How do I read just one file in a app? I want to be able to push down a single application which contains an inputs.conf to monitor files on a Oracle RAC sy... by approachct Path Finder in Getting Data In 07-25-2011 0 1	0	1
Missing data - Splunk is showing random gaps in the 'indexed data' timeline and safeService warning in Splunkd.log My Splunk instance is constantly indexing data 24*7, but I've noticed some gaps in the indexed data timeline recently... by mctester Communicator in Getting Data In 07-25-2011 3 3	3	3
Checking multiple Regex against once sourcetype I'm trying to define multiple REGEX for one sourcetype. Because the events can vary massively I need to have differen... by Drainy Champion in Getting Data In 07-22-2011 2 1	2	1