| | We have a LWF on Linux that is forwarding to our indexer. We're a little tight on space, but in my experience the LWF... 1 3 | 1 | 3 | |
| | Since I usually turned of splunkd service on my local machine and only turn it back on when I need to do some log sea... 0 1 | 0 | 1 | |
| | This is probably pretty straightforward but on my search head the following will not return any results: index=train... 1 1 | 1 | 1 | |
| | Sorry for the cross post but after posting i saw a recommendation to use this forum instead of splunk.com I am havin... 1 6 | 1 | 6 | |
| | I'm trying something that's probably pretty simple. When I use the dashboard editor to make a dashboard consisting of... 1 2 | 1 | 2 | |
| | I just downloaded and installed splunk 4.1.4 and installed on WIN7 laptop. Upon reboot of my system, the CPU pegged ... 1 8 | 1 | 8 | |
| | I have a fschange stanza configured as such [fschange:/path/to/file] disabled = false pollPeriod = 300 fullEvent = t... 1 3 | 1 | 3 | |
| | Got the following: One field with 4 types of values/functions and another field that is the status of those functions... 0 2 | 0 | 2 | |
| | I know that from version 4 onward, use of the earliest and latest time parameters are preferred over the older startm... 1 1 | 1 | 1 | |
| | I'm following the instructions here and can't get it to even recognize the lookup. Did I miss something? My transfor... 1 8 | 1 | 8 | |
| | Does anyone know if the Splunk for IMAP app support indexing attachments? For example, when setting up the Splunk f... 0 3 | 0 | 3 | |
| | I'm trying to create a table which shows the following: - Domain Client_IP Client_User Cou... 0 4 | 0 | 4 | |
| | Hey, How would I go about writing a search that is able to show me how many events are found in a particular index (... 0 6 | 0 | 6 | |
| | I've been using the default "main" index for all my indexing. I'm at the point where I think it would be best to bran... 1 5 | 1 | 5 | |
| | Hi... I'm trying to import 'thousands' of old event logs into Splunk to setup a searchable database.... I can enter... 2 3 | 2 | 3 | |
| | I would like to migrate my indexed data from Splunk 3.3.4 on a Sparc Solaris 10 platform to Splunk 4.1.4 on a Linux (... 0 2 | 0 | 2 | |
| | I have a view with 2 blocks (similar but different in layout) on the page that look like this. <module name="Nul... 2 2 | 2 | 2 | |
| | Is it possible to pass a replacementMap argument through a viewRedirector link? If that's a mangled question, what... 2 3 | 2 | 3 | |
| | I'm trying to take data from specific systems and, after indexing it, forward it to a third party for other analysis.... 3 3 | 3 | 3 | |
| | we have a license for our QA environment for 500MB. We wanted to have the same functions (deployment, alerts, securit... 4 2 | 4 | 2 | |
| | Hi, Now I know you can set the following in indexes.conf maxTotalDataSizeMB = 500000 which sets the max size of the ... 1 8 | 1 | 8 | |
| | Hi, We're working with Splunk on Amazon's EC2 service (Ubuntu). At the moment we're working off a standard instance... 1 3 | 1 | 3 | |
| | I am writing an app for my team to use. Let's call the app xyz. The app will make use of various inputs, saved search... 0 2 | 0 | 2 | |
| | Hi I am new to splunk so please bear with me if this is a noob kinda question. I am taking syslogs from our Cisco AS... 0 4 | 0 | 4 | |
| | hello everybody, following is the event that i'm trying to capture with rex. [2010-08-05 17:51:11,661][info] INFO c... 0 8 | 0 | 8 | |
