Getting Data In

Community Activity

How Can I One-Time Index a File with "Normal" Processing? Short statement: I want to one-time import a file to splunk and have the events processed/indexed/identified/tagged ... by I_am_Jeff Communicator in Getting Data In 09-22-2011 1 2	1	2
custom Blacklist not working correctly Trying to make a custom blacklist for one of my input monitor points that excludes certain directories and filetypes ... by sushildabare Path Finder in Getting Data In 09-22-2011 0 1	0	1
Scripted Input Question Hey guys, Just read this and was left a little confused, (my first time using Splunk so please forgive me) http://... by daniel333 Builder in Getting Data In 09-21-2011 0 2	0	2
Set Time Zone for IIS logs - 4.2.3 I have added TZ=GMT to the props.conf under [iis] and restarted splunk. The Server is CST. From what I have read the... by RaudeWoods New Member in Getting Data In 09-20-2011 0 1	0	1
LINEBREAKER Help with snort logs All, Below are the logs prior to splunk interpreting them. I want to split each event with a regex based on the line... by I-Man Communicator in Getting Data In 09-20-2011 0 4	0	4
Perfmon iis stats aggregation I've got the Universal Forwarder installed on all our web servers. Every 5 minutes they are posting "Total Bytes Sent... by twinspop Influencer in Getting Data In 09-20-2011 1 2	1	2
How can I change the user as which the Windows universal forwarder runs? I have installed the Windows universal forwarder to send local data only. Now I want to configure it to run as a diff... by afternoon Engager in Getting Data In 09-20-2011 1 3	1	3
Where does the "fwdinfo" sourcetype come from? I see some useful info in _internal under the fwdinfo sourcetype, fwd source. However, I can't figure out where this ... by Jason Motivator in Getting Data In 09-19-2011 1 2	1	2
Local Server Time Hey, Is there a Splunk module or some alternative (easy) method of displaying the local time in the navigationHeader... by Ant1D Motivator in Getting Data In 09-19-2011 0 3	0	3
Splunk Receiving I have several servers sending WinEventLogs to my server. I have not control of the remote servers, so I would like ... by fk319 Builder in Getting Data In 09-18-2011 1 2	1	2
Can't get a blacklist to work - please help! I'm trying to get a blacklist in my inputs.conf to work correctly, but it's just not happening. It seems so simple...... by Branden Builder in Getting Data In 09-16-2011 0 5	0	5
Cannot see host on the Splunk server I need help on my Splunk server. I cannot see the host the splunk server. here is what my setup went: 1) install ful... by triptrops Explorer in Getting Data In 09-14-2011 0 3	0	3
How to detect Splunk log ingestion failure? I'm working with Splunk setup to copy and index disk logs from remote servers using scheduled rsync transfer. The r... by sonam Explorer in Getting Data In 09-14-2011 0 4	0	4
concat two fields into one ok, we have a field defined (user), and for another sourcetype I have the extracts already occurring for appUser and ... by mmattek Path Finder in Getting Data In 09-14-2011 0 10	0	10
Can't find "local" dir under /opt/splunk/etc/apps/search Hello, I was trying to set a new lookup table, and locate props.conf and transforms.conf, but wasn't able to find t... by oreni Explorer in Getting Data In 09-14-2011 0 1	0	1
Splunk prevents application to log Hi, I'm testing Splunk to monitoring the log of an application. The logs are generated with log4j. When I configure ... by laurentjehu Engager in Getting Data In 09-14-2011 0 1	0	1
ExecProcessor - Ignoring my new script ERROR ExecProcessor - Ignoring: "\\C:\Program Files\Splunk\etc\apps\test\bin\intodns.py" This new scripted input I ... by jordans Path Finder in Getting Data In 09-13-2011 0 2	0	2
How do I configure data inputs for .csv files with dynamic field headers for a new event on each line Running 4.2.1, we are monitoring many csv files that differ on listed fields. We have splunk configured to dynamicall... by fox Path Finder in Getting Data In 09-13-2011 0 2	0	2
my monitored file is always skipped because it has the same name, or an identical header. Hi I am trying to have splunk monitoring a log file. But splunk indexed it once, and since is skipping it every time... by mataharry Communicator in Getting Data In 09-13-2011 3 3	3	3
Why am I getting this WMI DCOM error? Currently, I'm using WMI to pull WinEvents from 17 Windows running on VMs. They are each the exact same and were buil... by maverick Splunk Employee in Getting Data In 09-12-2011 0 3	0	3
Splunk recognizing Julian Date and Elapsed Seconds I am feeding a log event into Splunk that has a julian date and a time that consists of seconds since midnight: 245... by maverick Splunk Employee in Getting Data In 09-12-2011 2 4	2	4
how to configure retirement policy? I'm trying to make indexes retire after 60 seconds, here is how my indexes.conf looks like: [default] frozenTimePeri... by giovere Path Finder in Getting Data In 09-12-2011 0 4	0	4
How do we index NetApp .evt files on a UNIX box? We have several NetApps that require log retention. Getting log events to Splunk appears to be an odd configuration.... by I_am_Jeff Communicator in Getting Data In 09-09-2011 0 2	0	2
Do forwarders require indexes.conf? If i am setting up a heavy forwarder to monitor directories and tag indexes, do i need to create an indexes.conf on i... by jaoui Path Finder in Getting Data In 09-09-2011 0 1	0	1
Do forwarders require indexes.conf? If i am setting up a heavy forwarder to monitor directories and tag indexes, do i need to create an indexes.conf on i... by jaoui Path Finder in Getting Data In 09-08-2011 0 4	0	4