Getting Data In

Community Activity

Filtering out header-only "events" after using MultiKV I've been tweaking the *NIX app by adding some charts with queries such as: index="os" sourcetype="who" host=$host$ ... by FunPolice Path Finder in Getting Data In 05-23-2011 1 3	1	3
Easiest way to get REST API data INTO SPLUNK? Team, I'm cobbling together a Splunk app that monitors twitter and facebook data available through their APIs, and I... by sondradotcom Path Finder in Getting Data In 05-23-2011 2 2	2	2
Monitoring Forwarder Uptime I am looking to set up a monitoring tool (HP's Sitescope) to "watch" our forwarders to ensure they are up. I am not ... by devonk Engager in Getting Data In 05-23-2011 2 1	2	1
force Splunk to start at the end of a file instead of where it left off after shutdown The ability for Splunk to start where it left off is a great feature. However, sometimes that feature hurts us. S... by seanlon11 Path Finder in Getting Data In 05-23-2011 3 6	3	6
How to delete a file entirely from an index? I have an input setup to monitor a folder where new log files get generated daily. Today however, a bad process gener... by zsimic Path Finder in Getting Data In 05-21-2011 0 1	0	1
Structured fields and values in json api results In your REST API documentation you have the following json example: // sample JSON output // https://localhost:8... by stevesq Explorer in Getting Data In 05-21-2011 0 3	0	3
How to filter event on splunk heavy forwarder? I setup splunk heavy forwarder and splunk indexer. I want to filter some event before indexed on splunk indexer. **... by anapat New Member in Getting Data In 05-21-2011 0 2	0	2
Installing Splunk as Indexer I am interested in using Splunk! as an indexer, but would like to query other servers/controllers in the network for ... by traillz New Member in Getting Data In 05-20-2011 0 1	0	1
Will A SAN volume manager cause issues with Splunk indexer? I would like to expand the SAN volumes as we go along rather than carving out ALL of the volume I think I will need a... by maverick Splunk Employee in Getting Data In 05-20-2011 3 2	3	2
Effects of syslog latency on a Unix application We have a latency-sensitive application that must have latent-free logging output. The app is written to log out to ... by beaunewcomb Communicator in Getting Data In 05-20-2011 1 2	1	2
Host Override I'm having trouble getting a host override to work. It appears Splunk is ignoring my transform (i assume because it's... by carmackd Communicator in Getting Data In 05-20-2011 1 4	1	4
truncate logs with syslog Hi, I'm using an UDP connection with syslog and Splunk. My problem is that Splunk only show me the firsts 2072 cha... by torbael Explorer in Getting Data In 05-19-2011 1 2	1	2
Archiving frozen data to another location I want to archive my frozen data to another location which is not on my indexers. Is the simple way to do this, to s... by johndunlea Explorer in Getting Data In 05-19-2011 1 3	1	3
fschange generates false update events I've set up file monitoring with fschange: [fschange:C:\TEMP\test.txt] index = main recurse = false followLinks = fa... by kkuminsky Path Finder in Getting Data In 05-19-2011 0 1	0	1
Direct csv lookup vs. custom search command We currently have an in-line csv table lookup that is used in both summary and normal index searches. Due to the nee... by beaumaris Communicator in Getting Data In 05-18-2011 1 1	1	1
Extracting fields from a multi line log, with mulitple itterations of data Hello, I am extracting logs from the results of a screen scrape on Cisco load balancers. I used to use some Perl co... by jamesdon Path Finder in Getting Data In 05-18-2011 0 2	0	2
App to monitor forwarder -> indexer connection? Is there an app or collection of saved searches anybody has that would monitor and graph out all parts of the TCP con... by muebel SplunkTrust in Getting Data In 05-18-2011 3 2	3	2
Universal forwarder 4.2.1 "leave_playpen: can't chdir back to ' ' Hi Guys I have tried to install the universal forwarder on a jailed FreeeBSD 8.0 server but after running: pkg_add ... by wishlist Explorer in Getting Data In 05-17-2011 0 1	0	1
WMI vs Perfmon: No Local Processes? I noticed while comparing the default configs for WMI and Perfmon that there's a LocalProcesses query in WMI that lac... by adamw Communicator in Getting Data In 05-17-2011 3 3	3	3
Is there a solution (yet) for setting the TZ for a syslog host? If I recall correctly, there wasn't a way to set/offset the TZ for a syslog host. Has this changed? by the_wolverine Champion in Getting Data In 05-17-2011 1 3	1	3
query for time I need a query that will extract all log data between (say) 10:00 PM and 10:00 AM. What is the best way to accomplis... by DTERM Contributor in Getting Data In 05-17-2011 1 5	1	5
Light forwarder can't find index? I have a server side index named dev4. However, when configuring my forwarder using this command: splunk add monitor... by dlindsay New Member in Getting Data In 05-17-2011 0 3	0	3
Search for non-indexed message Hi All~ I am trying to build a query to generate a list/table that shows me devices that have not sent in a specific... by tsukasa Explorer in Getting Data In 05-17-2011 0 1	0	1
installing python2.6 for universal forwarder What's the recommended way to install python2.6 into /opt/splunkforwarder? If I were running Fedora 13, I think I co... by amh New Member in Getting Data In 05-17-2011 0 2	0	2
How to forward already indexed data after converting Splunk into a Forwarder I configured my original Splunk installation to forward data to newer, faster hardware but noticed only data after th... by wbordeau Explorer in Getting Data In 05-17-2011 0 1	0	1