Getting Data In

Community Activity

LINEBREAKER Help with snort logs All, Below are the logs prior to splunk interpreting them. I want to split each event with a regex based on the line... by I-Man Communicator in Getting Data In 09-20-2011 0 4	0	4
Perfmon iis stats aggregation I've got the Universal Forwarder installed on all our web servers. Every 5 minutes they are posting "Total Bytes Sent... by twinspop Influencer in Getting Data In 09-20-2011 1 2	1	2
How can I change the user as which the Windows universal forwarder runs? I have installed the Windows universal forwarder to send local data only. Now I want to configure it to run as a diff... by afternoon Engager in Getting Data In 09-20-2011 1 3	1	3
Where does the "fwdinfo" sourcetype come from? I see some useful info in _internal under the fwdinfo sourcetype, fwd source. However, I can't figure out where this ... by Jason Motivator in Getting Data In 09-19-2011 1 2	1	2
Local Server Time Hey, Is there a Splunk module or some alternative (easy) method of displaying the local time in the navigationHeader... by Ant1D Motivator in Getting Data In 09-19-2011 0 3	0	3
Splunk Receiving I have several servers sending WinEventLogs to my server. I have not control of the remote servers, so I would like ... by fk319 Builder in Getting Data In 09-18-2011 1 2	1	2
Can't get a blacklist to work - please help! I'm trying to get a blacklist in my inputs.conf to work correctly, but it's just not happening. It seems so simple...... by Branden Builder in Getting Data In 09-16-2011 0 5	0	5
Cannot see host on the Splunk server I need help on my Splunk server. I cannot see the host the splunk server. here is what my setup went: 1) install ful... by triptrops Explorer in Getting Data In 09-14-2011 0 3	0	3
How to detect Splunk log ingestion failure? I'm working with Splunk setup to copy and index disk logs from remote servers using scheduled rsync transfer. The r... by sonam Explorer in Getting Data In 09-14-2011 0 4	0	4
concat two fields into one ok, we have a field defined (user), and for another sourcetype I have the extracts already occurring for appUser and ... by mmattek Path Finder in Getting Data In 09-14-2011 0 10	0	10
Can't find "local" dir under /opt/splunk/etc/apps/search Hello, I was trying to set a new lookup table, and locate props.conf and transforms.conf, but wasn't able to find t... by oreni Explorer in Getting Data In 09-14-2011 0 1	0	1
Splunk prevents application to log Hi, I'm testing Splunk to monitoring the log of an application. The logs are generated with log4j. When I configure ... by laurentjehu Engager in Getting Data In 09-14-2011 0 1	0	1
ExecProcessor - Ignoring my new script ERROR ExecProcessor - Ignoring: "\\C:\Program Files\Splunk\etc\apps\test\bin\intodns.py" This new scripted input I ... by jordans Path Finder in Getting Data In 09-13-2011 0 2	0	2
How do I configure data inputs for .csv files with dynamic field headers for a new event on each line Running 4.2.1, we are monitoring many csv files that differ on listed fields. We have splunk configured to dynamicall... by fox Path Finder in Getting Data In 09-13-2011 0 2	0	2
my monitored file is always skipped because it has the same name, or an identical header. Hi I am trying to have splunk monitoring a log file. But splunk indexed it once, and since is skipping it every time... by mataharry Communicator in Getting Data In 09-13-2011 3 3	3	3
Why am I getting this WMI DCOM error? Currently, I'm using WMI to pull WinEvents from 17 Windows running on VMs. They are each the exact same and were buil... by maverick Splunk Employee in Getting Data In 09-12-2011 0 3	0	3
Splunk recognizing Julian Date and Elapsed Seconds I am feeding a log event into Splunk that has a julian date and a time that consists of seconds since midnight: 245... by maverick Splunk Employee in Getting Data In 09-12-2011 2 4	2	4
how to configure retirement policy? I'm trying to make indexes retire after 60 seconds, here is how my indexes.conf looks like: [default] frozenTimePeri... by giovere Path Finder in Getting Data In 09-12-2011 0 4	0	4
How do we index NetApp .evt files on a UNIX box? We have several NetApps that require log retention. Getting log events to Splunk appears to be an odd configuration.... by I_am_Jeff Communicator in Getting Data In 09-09-2011 0 2	0	2
Do forwarders require indexes.conf? If i am setting up a heavy forwarder to monitor directories and tag indexes, do i need to create an indexes.conf on i... by jaoui Path Finder in Getting Data In 09-09-2011 0 1	0	1
Do forwarders require indexes.conf? If i am setting up a heavy forwarder to monitor directories and tag indexes, do i need to create an indexes.conf on i... by jaoui Path Finder in Getting Data In 09-08-2011 0 4	0	4
Use Fschange to monitor log files for errors I have a bunch of logs I've added to splunk and created sourcetypes for these logs. These logs are updated once a wee... by gnovak Builder in Getting Data In 09-08-2011 0 1	0	1
Can Splunk do this? I have a bunch of logs I've added to splunk and created sourcetypes for these logs. These logs are updated once a we... by gnovak Builder in Getting Data In 09-07-2011 0 2	0	2
Feature / workaround request: splitted authentication method Hello All, We are looking for the possiblity of having local authentication for part of the users, and RADIUS authen... by lutel Explorer in Getting Data In 09-07-2011 0 1	0	1
How do I exclude some windows events from being indexed?? Hi all!. I'm new with Splunk. I´m trying to exclude some events from being indexed but I really don´t know where to s... by pstamati Path Finder in Getting Data In 09-07-2011 3 8	3	8