Getting Data In

Community Activity

Short hostnames appear as IP address I have a problem where I can not find syslog messages for certain hosts based on the "host" field. e.g. the search h... by mhaverkamp New Member in Getting Data In 07-05-2011 0 1	0	1
Universal forwarder stops monitoring a file due to alleged lock I have a universal forwarder set up to monitor an apache access log, on a Windows machine. Every few days I get the f... by spock_yh Path Finder in Getting Data In 07-03-2011 0 1	0	1
will future versions of WMI not prefix all the sourcetype values with wmi? Just curious if this is in the roadmap. It's more than a little inconvenient that when people use WMI, the sourcetyp... by sideview SplunkTrust in Getting Data In 07-01-2011 1 1	1	1
Search Results With Surrounding Text Anyone know of a way to search for something and show results for that along with just a few lines around that result... by charlestips Explorer in Getting Data In 06-30-2011 1 1	1	1
How can I omit the timestamp and host that splunk automatically add to my logs hi guys, I've added my first logs in splunk today. I notice that in the beginning of each row splunk has added a pref... by dadi Path Finder in Getting Data In 06-30-2011 0 1	0	1
FreeBSD 8.2 support? Has anyone successfully installed splunk 4.2 on FreeBSD 8.x? I'm getting the following error output on FreeBSD 8.2 f... by wwwdrich Explorer in Getting Data In 06-29-2011 0 3	0	3
WMI EventLog Filtering Realization (Actions executed leading to the disruption): We are currently trying to poll Windows 2008 servers with ... by CerielTjuh Path Finder in Getting Data In 06-29-2011 1 4	1	4
Basic Windows Event filter via Universal Forwarder I've seen various answers to this general area of questioning, but I'm wondering what the current best practice is. ... by bcecka Engager in Getting Data In 06-29-2011 1 2	1	2
Internet access is denied when the splunk service is stopped I have just installed and setup splunk to pull my syslogs from my ASA 5510 firewall. All records are flowing correct... by l8nite4me Engager in Getting Data In 06-29-2011 3 2	3	2
multiple timezone in syslog events I am trying to extract the correct timezone and time from the syslog event below. Jun 28 17:32:44 10.xxx.xx.240 Jun... by EricPartington Communicator in Getting Data In 06-29-2011 1 1	1	1
How to export > 10000 Events to a .csv via CLI with good performance? Hello, in Splunk 3 we were exporting during night time via cronjob 1-hour chunks of data from the previous day via C... by tpaulsen Contributor in Getting Data In 06-29-2011 0 2	0	2
dynamic sourcetype extraction problems Hi all, I am trying to setup dynamic sourcetype extraction, but no luck. sample message has json: {"id":"someid","t... by Ultracpp Engager in Getting Data In 06-27-2011 1 2	1	2
How to extract fields from a single file containing multiple sourcetypes, each with multiline events ? My source file is like: ============================ App01trace 3 0 393222 0... by mzorzi Splunk Employee in Getting Data In 06-27-2011 0 2	0	2
No python.exe included with universal forwarder? I have a need to import older Windows .evt files into my splunk environment. Since the splunk server is on linux I g... by chadroberts Path Finder in Getting Data In 06-27-2011 0 9	0	9
"Latest Event" on main search dashboard 12 hours ahead? I have a Prod and QA instance of Splunk with 2 forwarders. Prod is v4.1.4, QA is v4.2.2. Both of them show a "lates... by mmletzko Path Finder in Getting Data In 06-24-2011 0 2	0	2
How to selectively index and forward with filtering? Is there a way to selectively index and forward by using filtering criteria such as hostname, sourcetype, or REGEX in... by dottom Path Finder in Getting Data In 06-24-2011 0 4	0	4
Splunk Heavy Forwarder Hi, Will Splunk support heavy forwarder in future or it's going to be decommitted? I'm asking because there are only... by Vladimir Path Finder in Getting Data In 06-24-2011 1 4	1	4
What's the syntax for monitoring a local windows directory or file? [monitor://C:\\program files\path\filename] doesn't seem to be working. by the_wolverine Champion in Getting Data In 06-23-2011 0 3	0	3
Forwarding and receiving pre setup I have a simple Forwarding and receiving setup 2 servers forwarding into a 3rd. Once everything setup, the receive... by gdawoud Engager in Getting Data In 06-23-2011 1 2	1	2
Making splunk act like tail -f $file Hi, I'm trying to get Splunk to do the equivalent of a tail -f $file. Specifically what I'm trying to do is get the... by dpaper Explorer in Getting Data In 06-22-2011 7 2	7	2
Can I index WMI from a Splunk instance running on Linux? I have many windows systems I want to grab WMI data from. I have Splunk installed on Linux and want to do WMI polli... by Simeon Splunk Employee in Getting Data In 06-22-2011 0 1	0	1
Error message: Your maximum disk usage quota has been reached There is an error message:Your maximum disk usage quota has been reached. usage=15808MB quota=10000MB user=admin. The... by HY Explorer in Getting Data In 06-22-2011 0 1	0	1
Expanding CSV to a Multi-Valued Field I have a comma-separated list of 3 random values in a field called randlist (syslog-like entries): Jun 22 10:39:46 b... by jbp4444 Path Finder in Getting Data In 06-22-2011 0 3	0	3
Temporarily stop indexing I would like to temporarily stop Splunk indexing for a couple hours while my QA group runs some volume/performance te... by steveirogers Communicator in Getting Data In 06-22-2011 1 5	1	5
Splunk not indexing data Hi, recently our splunk instance has not been indexing our data. All licenses are OK and we are not exceeding our lo... by a_dev Engager in Getting Data In 06-21-2011 1 3	1	3