×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
cjosephson
Engager
Member since: ‎04-06-2015
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎04-06-2015
Activity Feed
View All

Re: How to troubleshoot "Unspecified upload Error"...

by in Getting Data In
‎08-18-2015 04:37 PM
‎08-18-2015 04:37 PM
Sorry, issue is the same error but with free splunk 6.2.3 running on ubuntu. ... View more

Re: How to troubleshoot "Unspecified upload Error"...

by in Getting Data In
‎08-18-2015 03:05 PM
‎08-18-2015 03:05 PM
Having the same issue with a 5MB CSV file ... View more

Re: Setting options for host regex not working as ...

by in Splunk Search
‎07-16-2015 03:40 PM
‎07-16-2015 03:40 PM
It appears to. I see the /opt/splunk/etc/system/local/props.conf DATETIME_CONFIG = CURRENT option. ... View more

Re: Setting options for host regex not working as ...

by in Splunk Search
‎07-16-2015 02:58 PM
‎07-16-2015 02:58 PM
It is syslog data. The machines send the data straight to our single splunk server (we have no forwarders). Does this count as structured data? I do realize it would only be valid for new events and that I need to restart. I was using the logger command to generate new events and check the timestamps. If i use btool, " ./splunk btool check", there is no output, which I assume means success. There are no unusual messages in stdout that appear when I restart splunk either. ... View more

Setting options for host regex not working as expe...

by in Splunk Search
‎07-15-2015 05:36 PM
‎07-15-2015 05:36 PM
We have a set of hosts that all begin with the letter 'm' and we want to set DATETIME_CONFIG = CURRENT for them. If I configure by source, like so, I get the behavior I want (all incoming events relabeled with our local server's TZ): [source::udp*] DATETIME_CONFIG = CURRENT However, if I try to do this based on the hostname instead of the source, it just uses the UTC timestamp the data arrived with. [host::m*] DATETIME_CONFIG = CURRENT I saw this post: http://answers.splunk.com/answers/138280/timezone-setting-not-working-for-host-set-from-host-regex.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev So I also tried [host::(m*)] , but it had no effect. Why is the host regex setting not behaving as I expect? Even if fully specify a hostname without a wildcard, it won't apply the setting for that host. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All