| | Installed Splunk on Windows machine and in the task manager I see these two processes running by default. How can I ... 2 2 | 2 | 2 | |
| | I notice there is support for fifo's as inputs. Are there any benefits to using a fifo or is it just support for thos... 1 2 | 1 | 2 | |
| | I've reduced the log retention timeout so that the disk footprint doesn't grow. Is there any way to remove anything ... 2 2 | 2 | 2 | |
| | Hi I am trying to filter events on a LightWeightForwarder, but they don't get dropped. Is there a way to debug this?... 1 4 | 1 | 4 | |
| | A query to count tag=pci entries by eventtype (and happens to be part of the application): tag=pci | stats count by ... 4 5 | 4 | 5 | |
| | I've followed the instructions on http://www.splunk.com/base/Documentation/4.0.9/Developer/DefaultApp to set the defa... 6 2 | 6 | 2 | |
| | I looked at the report for timestamping errors and found a fair amount of errors. I’ve been following the Splunk blo... 0 5 | 0 | 5 | |
| | If I have a field value that is URL encoded then base-64 encoded, is it possible to have Splunk decode this field bef... 3 7 | 3 | 7 | |
| | Apart from the fact that a lightforwarder does not have a web UI, what are the main differences between the 2 apps? 0 2 | 0 | 2 | |
| | Hi I have set up a light weight forwarder that appears to be getting data to the indexer. But I can't search for an... 2 2 | 2 | 2 | |
| | I'm trying to configure a search Time Window for my Splunk roles. I've read the documentation but can't find instruc... 1 1 | 1 | 1 | |
| | Seeing this error in splunkd.log on a splunk indexer when running a saved search. What does it mean? 2 1 | 2 | 1 | |
| | I'm trying to configure LDAP auth for Splunk. I'm running into an issue where AD is only giving me 1000 entries and ... 2 2 | 2 | 2 | |
| | In the installation manual it shows how once you have indexed some data by using the "du -shc hot_v*/rawdata" command... 1 1 | 1 | 1 | |
| | I need to do the following on my forwarder: Forward all data received and gathered by the forwarder to Splunk indexe... 1 1 | 1 | 1 | |
| | [I heard this question on an internal mailing list, but it seemed generally relevant so asking it here too] I have a... 1 2 | 1 | 2 | |
| | The use of LINE_BREAKER is a bit cryptic to me... ok, a lot. But I think I've managed to figure out how to break my ... 0 6 | 0 | 6 | |
| | When I've created a new index. how can I direct certain sourcetypes to be indexed in that new index, rather than into... 0 1 | 0 | 1 | |
| | What I'm trying to do: at index time, create a multiline event based on a unique ID. In the data sample below, I nee... 2 6 | 2 | 6 | |
| | Sometimes Splunk sets the sourcetype on an incoming file as breakable_text or too_small. What determines these sourc... 1 1 | 1 | 1 | |
| | I'm trying to use Splunk to monitor both runtime metrics and configuration state of a server application like JBoss o... 2 4 | 2 | 4 | |
| | I don't want to restart splunk right now, but the UI is giving my and my users an annoying message saying I need to r... 2 2 | 2 | 2 | |
| | I'm thinking about using the DEDUP commend to solve the following problem: I have an event with an ID field and I'd l... 2 1 | 2 | 1 | |
| | Are there ways in Splunk to monitor and index any activity on Windows Registry? 2 1 | 2 | 1 | |
| | I will have 100GB coming in per day, with an expectation of 20 concurrent users at any given time, with probably arou... 2 1 | 2 | 1 | |
