×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
noahjscales
Explorer
Member since: ‎07-20-2010
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 3
Member Since ‎07-20-2010
Activity Feed
View All

Re: New free license Splunk install running *NIX t...

by in Getting Data In
‎07-24-2010 03:04 AM
1 Karma
‎07-24-2010 03:04 AM
1 Karma
It looks like the four Data Inputs created by *NIX, including the Files and Directory Data Input for the /var/log directory, were disabled inside the Manager. So a quick click on 'enable' for each got me halfway there. I had a few custom logs sitting in the directory, so I modified the whitelist regex to include patterns for the names of the files, and now I'm all set! ... View more

Re: How do I get my Splunk server to start reading...

by Splunk Employee in Getting Data In
‎07-30-2010 07:09 AM
‎07-30-2010 07:09 AM
Noah, you can ask another question with more specifics but what you want to do can be achieved using props/transforms.conf. Check the following: http://www.splunk.com/base/Documentation/4.1.4/Admin/Advancedsourcetypeoverrides ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM
Karma from
View All