Search

geva · ‎04-22-2010

...ia HTTP (htaccess protected) and FTP. Due to how the log files are handled, their file names include the date. Due to these servers belonging to ISPs, I cannot install the normal Splunk f...

qtorque95 · ‎12-17-2018

...xplorer, renamed folder form "a4" to "b4" . And repeated Step1 and pointed to D:\b4 However, after running search on the new data input directory, get no results. Checked C:\Program Files\Splunk\e...

dstuder · ‎12-28-2018

In system/default/inputs.conf, I see a stanza like this ... [monitor://$SPLUNK_HOME/var/log/splunk] I don't see a file mask at the end of the path, so I assume that it is just going to i...

dl-it-serveradm · ‎11-29-2017

We have an issue where for some reason, Splunk stops reading a log file in a particular Data Input folder. The log is set to roll hourly. If we disable the Data Input, and then Re-Enable it, it s...

sloshburch · ‎03-06-2019

I have a mixed *nix and Windows environment and I'm currently collecting the Windows data with the Splunk Add-on for Microsoft Windows as event data. I want to start using the Splunk App for I...

Arkon · ‎07-29-2016

Hi, I noticed that, right after a log rotation, the data is not being indexed anymore. Data is still going through /var/log/myapp.log and /var/log/messages (rsyslog UDP), so it all arrives on the...

mmartin0926 · ‎05-03-2016

...erver. The Splunk server has been filled to capacity and the partition where we store its logs is at 100%. So it seems like Like Rotation was never setup. I read the info at this link below, b...

arunsony · ‎05-27-2017

I have a source as ///application.log in my inputs.conf.On the servers the application.log will be rolled when it fill up with 10Mb by creating the file name as application.12-13-2014.log and new file...

dfarland · ‎06-30-2010

The Splunk indexer and forwarders in my environment are configured to run as the "splunk" user for security reasons. Of course, this means that Splunk can no longer read root owned log files. The f...

jitsinha · ‎05-25-2015

...One issue with this is that Splunk will re-index all the files. Can anyone please suggest how to ignore the older files??/

Search

Search the Community

How can I add Apache logs from an external web hos...

deleted data input file directory. Then, renamed a...

Can you help me with some questions I have about t...

How can we programatically disable/enable a data i...

What is the best way to migrate Windows performanc...

Why does data stop getting indexed after a log rot...

Is there a recommended configuration for syslog-ng...

Seeing duplicate events in Search Results ?

How to monitor root owned logs while running Splun...

Rolled over issue with same header