Thread Info | |||||
---|---|---|---|---|---|
All, I noticed discussions on how to prevent Splunk from stripping priority levels from UDP Syslog messages.
Will ...
by
scornish
Engager
in
Getting Data In
05-27-2010
|
3
|
1
| |||
Is there a way to pass the result of a savedsearch to a script? For example, if the search returns:
suser duser sh...
by
ubko
Explorer
in
Getting Data In
05-26-2010
|
2
|
2
| |||
Some events flow into the Splunk instance via syslog sockets.
For a brief period of time, the sourcetypes that cam...
by
sdwilkerson
Contributor
in
Getting Data In
05-27-2010
|
1
|
3
| |||
I have a .csv file that I'm indexing. There is no timestamp information in the .csv file, but there is a date in the ...
by
lyndac
Contributor
in
Getting Data In
05-26-2010
|
2
|
5
| |||
strptime() format expression examples
Below are some sample date formats with strptime() expressions that handle t...
by
hiddenkirby
Contributor
in
Getting Data In
05-26-2010
|
0
|
8
| |||
Splunk always seems to get this wrong. I have the following in a vain effort to correct this
TIME_PREFIX=^
TIME...
by
parallaxed
Path Finder
in
Getting Data In
04-23-2010
|
2
|
10
| |||
Is there a way to set tags based off a wild card value?
IE I have the following hosts and I want to apply the 'tes...
by
Yancy
Path Finder
in
Getting Data In
05-25-2010
|
0
|
2
| |||
I am expecting to see each record as an event, but the result is not as expected. Some records are displayed as indiv...
by
msenthilganesh
New Member
in
Getting Data In
05-26-2010
|
0
|
1
| |||
If we have an indexer configured w/a raid 5 or raid 6 array is this going to negatively affect performance?
by
Chris_R_
Splunk Employee
in
Getting Data In
03-05-2010
|
2
|
4
| |||
I am currently running a eval version of Splunk 4.0.9 on a Windows 2008 64Bit Host. Our purchase of Splunk has been a...
by
littlejef
Engager
in
Getting Data In
05-24-2010
|
1
|
1
| |||
Hi, we are currently testing a Palo Alto app sec firewall and are sending some test logs over to the central indexer ...
by
balbano
Contributor
in
Getting Data In
05-25-2010
|
0
|
6
| |||
I would like to deploy Light Forwarders at our remote locations to act as a syslog server. Can light forwarder be con...
by
Genti
Splunk Employee
in
Getting Data In
05-25-2010
|
2
|
2
| |||
I've found how to get data from a remote users Security Log but we are after a centralised area to keep these logs. I...
by
wdc
New Member
in
Getting Data In
05-25-2010
|
0
|
3
| |||
I am revisiting splunk to see if it will meet our goals. Right now I am working on the initial index of our data gath...
by
ASW3382
New Member
in
Getting Data In
05-24-2010
|
0
|
4
| |||
Our indexer and all forwarders are running 4.1.2. Recently we developed a need to send events from our forwarders in ...
by
Jaci
Splunk Employee
in
Getting Data In
05-21-2010
|
1
|
3
| |||
What is the relationship between size of logs received by Splunk indexing servers versus indexing volume? On the load...
by
Genti
Splunk Employee
in
Getting Data In
05-24-2010
|
0
|
1
| |||
I have a deployment server app with a single inputs.conf file.
[tcp://localhost:9997]
sourcetype = tcp-raw
index =...
by
Jaci
Splunk Employee
in
Getting Data In
05-14-2010
|
1
|
2
| |||
I have the following in inputs.conf:
[udp://32004]
host = custom_host
connection_host = n...
by
jeff
Contributor
in
Getting Data In
05-18-2010
|
3
|
3
| |||
Hi,
I have a development support question.
We have an application that is integrated with splunk. We have a C...
by
mctester
Communicator
in
Getting Data In
05-20-2010
|
2
|
1
| |||
we only want to save the log info for 2 weeks. I tried to set this up by modifying the frozen time, but it doesn’t se...
by
dcroteau
Splunk Employee
in
Getting Data In
05-21-2010
|
1
|
3
| |||
Suppose I splunk a file and it is gzip'd on disk under the appropriate Splunk index directory.
Then let's say I c...
by
maverick
Splunk Employee
in
Getting Data In
05-22-2010
|
1
|
1
| |||
Forwarding a question:
"... attempting to setup a lookup table. Each time I save an automatic lookup it always ret...
by
Genti
Splunk Employee
in
Getting Data In
05-21-2010
|
0
|
1
| |||
If our app's inputs.conf uses an index other than "main" (e.g. a custom index for our app) does our app's setup UI (o...
by
Justin_Grant
Contributor
in
Getting Data In
05-12-2010
|
1
|
5
| |||
Does a forwarder keep using the initial TCP connection to the indexing server, or does it close the connection after ...
by
Jaci
Splunk Employee
in
Getting Data In
05-21-2010
|
2
|
1
| |||
Hi there. I'm new to splunk. Having a bit of trouble getting my head around it ( I know SQL well ) .
I want to get...
by
return2health
Engager
in
Getting Data In
05-21-2010
|
1
|
2
|