Splunk Enterprise

Community Activity

How do I route data to specific index based on a field? Hi, I would like to know how to route data to a specific index based on a value in a field. I have a series of data... by melonman Motivator in Splunk Enterprise 03-31-2015 5 8	5	8
Delete existing Splunk Light events/logs from web-interface I know about "splunk clean eventdata ...", but I want to do this action from web-interface. It's very important featu... by avmik New Member in Splunk Enterprise 03-26-2015 0 4	0	4
Need help to configure indexer and forwarder Need help to configure indexer and forwarder. This what i have done till now. But somehow i don't see my forwarder m... by chittari New Member in Splunk Enterprise 03-06-2015 0 3	0	3
What files from an index bucket does hunk archive to hdfs or s3? When Hunk archives data from a Splunk bucket to HDFS or S3, what exactly is it archiving? The entire bucket? Or jus... by Jeremiah Motivator in Splunk Enterprise 02-13-2015 0 9	0	9
How do I remove a contact from our Splunk support contact list ? A colleague has left the company and I want his name and access to be removed. Thanks by cbrood New Member in Splunk Enterprise 01-28-2015 0 2	0	2
Splunk cannot index $SPLUNK_HOME/var/log When I search index=_internal, log from $SPLUNK_HOME/var/log cannot be indexed. I check splunkd.log and found out the... by daniel_splunk Splunk Employee in Splunk Enterprise 01-26-2015 0 1	0	1
Can't get started... I've followed the installation instructions for FreeBSD but am not able to start splunk as a non-root user upon boott... by snickered Path Finder in Splunk Enterprise 11-08-2014 0 3	0	3
Splunk DB Connect compatibility with Splunk Enterprise 6.2 Is there a timeline for compatibility with Splunk Enterprise 6.2.x? Thanks! by nragusa Engager in Splunk Enterprise 11-03-2014 1 2	1	2
DateParserVerbose - Failed to parse timestamp Warning We have a log file in our environment which writes a timestamp followed by a lot of data on new lines. The number of ... by srubik New Member in Splunk Enterprise 09-24-2014 0 3	0	3
Multiple Canvas Flash Timelines within a view Following on from this old question I found; http://splunk-base.splunk.com/answers/38387/43-multiple-flashtimeline-pa... by Drainy Champion in Splunk Enterprise 09-09-2014 2 3	2	3
is there an 'ISIN' function ins splunk? Hi, in some table-oriented programming languages, there is an 'isin' function which returns true if the input is in ... by ccfenix New Member in Splunk Enterprise 07-11-2014 0 1	0	1
Copy the indexed bucket to another index path Is it possible for me to copy the specific Index bucket to another Index path, Eg: I want to copy the indexed data f... by splunker12er Motivator in Splunk Enterprise 06-30-2014 0 3	0	3
Splunk & IPv6 I'm reading in Splunk answers that pure IPv6 host is not supported. Are there any plans on adding IPv6 support to th... by DTERM Contributor in Splunk Enterprise 05-19-2014 2 2	2	2
Unable to use DBConnect when server.conf:requireClientCert=true Hi, as soon as I set server.conf [sslConfig] requireClientCert = true I can see these entries in splunkd.log: Sp... by abonuccelli_spl Splunk Employee in Splunk Enterprise 04-08-2014 0 1	0	1
Splunk 6 compatibility I'm wondering if there are any plans to update this app for Splunk 6. When I try and run it on my instance I get the... by devights Engager in Splunk Enterprise 03-28-2014 0 2	0	2
How to change splunkforwarder status from Configured but inactive, to Active? I established splunk on Solaris server indexerhost, and splunk successfully searches events on indexerhost. Then, I e... by gregcoats Explorer in Splunk Enterprise 03-11-2014 3 3	3	3
Disable What's new in Splunk 6.0 How do I disable this popup? It is really annoying. And why are the apps sorted in reverse order? That's just plain d... by kmattern Builder in Splunk Enterprise 03-07-2014 2 2	2	2
host_regex help Hi, I need to set the host field, based upon the hostname in my file. I know that this is done via host_regex, but ... by a212830 Champion in Splunk Enterprise 02-26-2014 0 11	0	11
Index Not Search by default on Search Head I have a cluster of 2 peers, 1 master and one search head using splunk version 6. The 2 indexers receive logs sending... by shangshin Builder in Splunk Enterprise 01-24-2014 1 5	1	5
Update from 6.0 to 6.0.1 I've just noticed that 6.0.1 is released. I have a 6.0 tarball install. Not having done this before, is the normal w... by bowesmana SplunkTrust in Splunk Enterprise 01-08-2014 0 3	0	3
Splunk Prerelease 6.0.0.2 and WS2003 This isn't so much of a question as it is informative. We recently got a copy of Splunk 6.0.0.2, do not use it on Win... by ShaneNewman Motivator in Splunk Enterprise 12-31-2013 0 1	0	1
Restarted Splunk Now Missing All Data I restarted Splunk and now I am missing all of my data before today (this data was loaded after I restarted I believe... by andrewkenth Communicator in Splunk Enterprise 12-10-2013 0 5	0	5
Virtualisation of Splunk both Indexers and analysers I guess there are two parts to this question: 1. what is the groups experience with VMWare based Splunk deployments ... by aplant New Member in Splunk Enterprise 12-09-2013 0 2	0	2
CloudTrail Setup Hello, I've been trying to configure Cloud Trail using SplunkforAWS App. Even after completing all steps listed in t... by rmadabhushanam Engager in Splunk Enterprise 12-03-2013 2 1	2	1
Index and forward, intermediate Splunk Indexer not forwarding data I am trying to implement a multiindexer environment where my two indexers are on different version of Splunk. IDX1 is... by somesoni2 Revered Legend in Splunk Enterprise 12-02-2013 1 1	1	1