cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
dveith
Explorer
Member since: ‎09-24-2010
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎09-24-2010
Activity Feed
View All

Checkpointing scripts for subsequent invocations

by in Getting Data In
‎04-06-2011 10:28 PM
‎04-06-2011 10:28 PM
I'm writing an Add-on script for the universal forwarder that will read several log files containing complex data and reformat the data so that Splunk can more easily parse it. Does my script need to implement it's own logic for "where it left off last time it was invoked" or does Splunk help with that somehow? In other words, is it possible to have 'monitor' functionality, but with my own custom script? Thanks. ... View more

Re: W3C Fields With Light Forwarder - Still don't ...

by in Getting Data In
‎09-24-2010 10:13 PM
‎09-24-2010 10:13 PM
Hi, I will submit an enhancement request. And before I saw you note I got it working sending to a null queue. Thanks for your help!! ... View more

Re: W3C Fields With Light Forwarder - Still don't ...

by in Getting Data In
‎09-24-2010 09:24 PM
‎09-24-2010 09:24 PM
gkanapathy, this worked well. Except the header records make it through now too. How can I eliminate them? ... View more

Re: W3C Fields With Light Forwarder - Still don't ...

by in Getting Data In
‎09-24-2010 03:55 PM
‎09-24-2010 03:55 PM
Thank you for your excellent response. We do have different sets of fields for different web sites on the same IIS servers so we will need to specify multiple sourcetypes and fields. Thanks for that tip too. It's things like this that still make me feel that Windows is still a second-class citizen to Splunk. ... View more

W3C Fields With Light Forwarder - Still don't have...

by in Getting Data In
‎09-24-2010 12:18 AM
2 Karma
‎09-24-2010 12:18 AM
2 Karma
Please advise. Linux Splunk Server 4.1.5 Light forwarder is installed on Windows IIS web Servers Trying to get W3C Extended fields available for searching on the Splunk Server. the data is forwarded, just not with fields defined. Windows IIS Servers have this inputs.conf [default] host = servername [monitor://C:\WINNT\system32\LogFiles\W*\ex*.log] SOURCETYPE = iis Records also display with source types "IIS" "IIS-1" IIS-5" on the Splunk server. What the best way to configure this to the IIS logs have their W#C Extended fields available for searching? thanks. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM
Karma from
View All