| I need a regex that can process all security events with eventid 540 that don't contain $, SYSTEM, or ANONYMOUS LOGON... by chowell Explorer in Splunk Search 06-28-2010 0 2 | 0 | 2 | ||
| I have noticed that Splunkd.log is recording the following error: web_service.log:2010-06-27 12:21:18,769 ERROR Tr... by olopez77 Explorer in Monitoring Splunk 06-28-2010 2 1 | 2 | 1 | ||
| We have an index that gets around 2million events/hour and it seems not a sizable number of events are not making it ... by Chris_R_ Splunk Employee 2 1 | 2 | 1 | ||
| I'm monitoring CPU usage on a Windows server. What's the best way to create a search/alert if CPU usage goes over 80... by Michael_Wilde Splunk Employee 3 1 | 3 | 1 | ||
| I am scheduling this search(Daily Indexed Volume): index=_internal source=*metrics.log splunk_server="*" | eval MB=k... by apro Path Finder in Splunk Search 06-28-2010 0 2 | 0 | 2 | ||
| I set the custom time to June 14 11:48:00 -> June 14 11:48:05. I then click on search and the log info is shown but ... by nigelowen New Member in Getting Data In 06-28-2010 0 2 | 0 | 2 | ||
| Hi there, I am in the process of planning a roll out of splunk to our network, however, I am stuck on the indexes. I... by aaronnicoli Path Finder in Getting Data In 06-28-2010 0 6 | 0 | 6 | ||
| Is there anyway I could verify if there is any variable which could be used to extract hostname for inputs.conf? inst... by heterodyned Path Finder in Getting Data In 06-27-2010 0 4 | 0 | 4 | ||
| Hello, I encountered errors which made some of my flash charts in form shows: Results Error: 400 - Encounte... by kalitbri Explorer in Dashboards & Visualizations 06-26-2010 0 2 | 0 | 2 | ||
| I'm running splunk version 4.0.7 on Windows Server 2008 SP2 x86-64. It's work fine for a couple months. After environ... by kongchantem Engager in Getting Data In 06-26-2010 1 1 | 1 | 1 | ||
| I am indexing data feeds A and B and want to forward just data from B as syslog to servers X and Y (cloning the data ... by Dan Splunk Employee 1 3 | 1 | 3 | ||
| How do you properly set a source matching stanza in props to be lower than the default stanza matching priority? Per... by Lowell Super Champion in Getting Data In 06-26-2010 2 3 | 2 | 3 | ||
| I have a logfile that has headers in the first two lines of the file. Imagine something like the output of UNIX' "to... by Michael_Wilde Splunk Employee 0 1 | 0 | 1 | ||
| I have a scenario where I would like to do a two-layered lookup. I'm essentially doing an IP address lookup against ... by Lowell Super Champion in Splunk Search 06-25-2010 6 4 | 6 | 4 | ||
| My events have two different times in them, one from when the dns server processed them, and then another is added to... by mawwx3 Explorer in Getting Data In 06-25-2010 1 5 | 1 | 5 | ||
| Below are the first 7 lines of a file that I want to index. The additional lines all look like line 7. Can I have it ... by nate1 Explorer in Splunk Search 06-25-2010 1 2 | 1 | 2 | ||
| I have a linux indexer. I forward with the light forwarder from about 200 windows boxes. On the indexer I don't wan... by nbennett New Member in Getting Data In 06-25-2010 0 3 | 0 | 3 | ||
| Hi, I want to customize a form search as it described in http://www.splunk.com/base/Documentation/latest/Developer/T... by dianbo_1 Path Finder in Dashboards & Visualizations 06-25-2010 1 1 | 1 | 1 | ||
| I am logged as Admin in my system and I noticed that the "Global Summary dashboard" does take into consideration all ... 2 2 | 2 | 2 | ||
| License Violations continue daily even though I have taken the daily indexing down below the Allowance. With a 500Mb ... by juanb Explorer in Installation 06-25-2010 1 6 | 1 | 6 | ||
| Can I use eventtype=myevent with |metadata? example: | metadata type=hosts | eventtype=group_A I know tags work, ... by thall79 Communicator in Splunk Search 06-25-2010 0 1 | 0 | 1 | ||
| I have what I think should be a simple search, but I'm not quite able to come up with a way to do it. Ultimately I g... by mfrost8 Builder in Splunk Search 06-25-2010 1 3 | 1 | 3 | ||
| I'm trying to correlate start and stop events and having a much harder time than what the documentation implies in or... by ericdp Explorer in Splunk Search 06-25-2010 1 5 | 1 | 5 | ||
| When we are browsing log files for problems, we often don't know exactly what we're looking for. But in a short peri... by r31floyd Engager in Splunk Search 06-25-2010 0 4 | 0 | 4 | ||
| i am not recieving any xml for /services/search/jobs/<sid>/events ... but i get xml for /services/search/jobs/<sid>/... by hiddenkirby Contributor in Getting Data In 06-25-2010 2 3 | 2 | 3 |
Splunk has training and education options for everyone, whether it's your first or fiftieth deployment.