Getting Data In

Community Activity

Archiving frozen data to another location I want to archive my frozen data to another location which is not on my indexers. Is the simple way to do this, to s... by johndunlea Explorer in Getting Data In 05-19-2011 1 3	1	3
fschange generates false update events I've set up file monitoring with fschange: [fschange:C:\TEMP\test.txt] index = main recurse = false followLinks = fa... by kkuminsky Path Finder in Getting Data In 05-19-2011 0 1	0	1
Direct csv lookup vs. custom search command We currently have an in-line csv table lookup that is used in both summary and normal index searches. Due to the nee... by beaumaris Communicator in Getting Data In 05-18-2011 1 1	1	1
Extracting fields from a multi line log, with mulitple itterations of data Hello, I am extracting logs from the results of a screen scrape on Cisco load balancers. I used to use some Perl co... by jamesdon Path Finder in Getting Data In 05-18-2011 0 2	0	2
App to monitor forwarder -> indexer connection? Is there an app or collection of saved searches anybody has that would monitor and graph out all parts of the TCP con... by muebel SplunkTrust in Getting Data In 05-18-2011 3 2	3	2
Universal forwarder 4.2.1 "leave_playpen: can't chdir back to ' ' Hi Guys I have tried to install the universal forwarder on a jailed FreeeBSD 8.0 server but after running: pkg_add ... by wishlist Explorer in Getting Data In 05-17-2011 0 1	0	1
WMI vs Perfmon: No Local Processes? I noticed while comparing the default configs for WMI and Perfmon that there's a LocalProcesses query in WMI that lac... by adamw Communicator in Getting Data In 05-17-2011 3 3	3	3
Is there a solution (yet) for setting the TZ for a syslog host? If I recall correctly, there wasn't a way to set/offset the TZ for a syslog host. Has this changed? by the_wolverine Champion in Getting Data In 05-17-2011 1 3	1	3
query for time I need a query that will extract all log data between (say) 10:00 PM and 10:00 AM. What is the best way to accomplis... by DTERM Contributor in Getting Data In 05-17-2011 1 5	1	5
Light forwarder can't find index? I have a server side index named dev4. However, when configuring my forwarder using this command: splunk add monitor... by dlindsay New Member in Getting Data In 05-17-2011 0 3	0	3
Search for non-indexed message Hi All~ I am trying to build a query to generate a list/table that shows me devices that have not sent in a specific... by tsukasa Explorer in Getting Data In 05-17-2011 0 1	0	1
installing python2.6 for universal forwarder What's the recommended way to install python2.6 into /opt/splunkforwarder? If I were running Fedora 13, I think I co... by amh New Member in Getting Data In 05-17-2011 0 2	0	2
How to forward already indexed data after converting Splunk into a Forwarder I configured my original Splunk installation to forward data to newer, faster hardware but noticed only data after th... by wbordeau Explorer in Getting Data In 05-17-2011 0 1	0	1
Windows Splunk - difficulty changing default password from CLI I'm working on some scripts to install Splunk and configure several things right off the bat, under several different... by s6a9d6u9s New Member in Getting Data In 05-17-2011 0 2	0	2
Data sampling from a large log file We have an application log that generates event timings. This log far exceeds our Splunk license if we consumed it f... by nowplaying Explorer in Getting Data In 05-16-2011 0 5	0	5
Forwarding to a specific Index Hello, Here is my current syntax for installing my Splunk forwarders: msiexec.exe /i \\fileshare.domain.local Splun... by dbutch1976 Explorer in Getting Data In 05-16-2011 0 6	0	6
splunk for unix I have splunk for unix installed on universal forwarder and it sends data to splunk indexer(receiver).cpu.sh is confi... by bwenge Explorer in Getting Data In 05-16-2011 0 1	0	1
Batch File Hi, Does anyone of you know how to run a batch file in the background. meaning I just want it to be invisible not mi... by cassie90 New Member in Getting Data In 05-16-2011 0 7	0	7
How to anonymize part of event If I have data and I want to anonymize a part of an event (extracted field, let's say user), I want to keep the origi... by Starlette Contributor in Getting Data In 05-16-2011 1 2	1	2
How to monitor remote linux servers from a RedHat server? I just installed splunk on RedHat enterprise 5, and want to know how to monitor remote linux servers from RedHat serv... by Alan_Bradley Path Finder in Getting Data In 05-15-2011 1 2	1	2
outputs.conf defaultGroup wildcard not working Based on the docs ( http://www.splunk.com/base/Documentation/4.2.1/Deploy/Configureforwarderswithoutputs.confd#Define... by mw Splunk Employee in Getting Data In 05-15-2011 0 3	0	3
Modify sourcetype host extraction I noticed that I receive logs from a single linux system with two different host names. Some inputs are files in th... by FRoth Contributor in Getting Data In 05-15-2011 2 1	2	1
Best Practise: Different Log Sources How do you handle different source types? Do you create an index for every type of source i.e. an index called "unix"... by FRoth Contributor in Getting Data In 05-14-2011 0 1	0	1
lines not breaking in old (rolled) log files so I have a case where my line breaks are fine in the Director.log but in Director.log.20100517 00-20-29##20.log ... by mmattek Path Finder in Getting Data In 05-13-2011 0 1	0	1
sedcmd no longer being applied after upgrade to 4.2 I have a splunk indexer running on Linux that i recently upgraded to 4.2 and a lightforwarder running on a windows 2k... by ajs07635 Explorer in Getting Data In 05-13-2011 1 1	1	1