Forums: SplunkAdministration
Topics 1–20 of 884
| Log in to add a new topic | Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Missing WMI Instances
(Not tagged)
I have created custom perf counters. I see them in PerfMon just fine, but when I try to add them to Splunk, I don't see any instances. The WMI category and fields are there. However, when I choose "Selected" under Available Instances the box is empty. If I choose "All" then I simply don't get any data ...
|
esc67
Posts |
–
|
4 hours ago... |
|
Splunkd service does not start
(Not tagged)
After adding a search in the {{savedsearches.conf}} file, i restarted splunk, but the {{splunkd}} service did not start.
I removed the supposedly //offending// search (!?) to see if i had provoked the crash, but the service did not start either.
Rebooted the server :-) , but this did not do any ...
|
marcelofinki
Posts |
3
|
11 hours ago... |
|
Setting sourcetype in props.conf on a Windows server
(Not tagged)
Most (nearly all) of the information that I'm finding for using a [source:: ] statement in the props.conf to set sourcetype=something is done in non Windows syntax and I am having issues with this in Windows. I have tried a couple different variations, but basically I am looking to set a sourcetype ...
|
cpenkert
Posts |
11
|
13 hours ago... |
|
The need to search for a hosts defined "hosttag"
(Not tagged)
I am searching for a host but would also like to add in all the host's hosttag associated with it.
A simple: host=servername hosttag=* doesn't work
I thought there might be a way to add it within Fields, but that didn't work either.
Is there a way within 3.4.9 to add a host's hosttag ...
|
pstein
Posts |
–
|
13 hours ago... |
|
Adding ODBC in Windows
(Not tagged)
I've been reading the guides on how to add an ODBC data source into Splunk but strangely there's no database table input option in the data inputs section. Any ideas?
|
macsen
Posts |
–
|
23 hours ago... |
|
SplunkLightForwarder
(Not tagged)
Hi
Complete newbie to splunk.
I have looked through the admin doc and followed the instructions to set up SplunkLightForwarder but it completely fails - when I restart splunk , the splunkweb still comes up and nothing seems to have changed.
One other thing is at the moment in dev I have access ...
|
splunkles99
Posts |
6
|
26 hours ago... |
|
Mutiplexing Feeds
(Not tagged)
Hi Guys
I have a question. I previously solved a event mutiplexing problem using the Splunk header, which I've been advised is no longer supported at least in the way I was using it. I received events from numerous log files (time ordered). I inserted a header before each event indicating the host, ...
|
mvanaswegen
Posts |
–
|
2 days ago... |
|
Display Results
(Not tagged)
Is there away to set the default to display 100 results in the UI, Splunk >> Manager » Searches and reports ??
The default is currently 25 and I want to change it..
|
anon1m0us
Posts |
–
|
3 days ago... |
|
Basic Questions
(Not tagged)
I have just installed a copy of Splunk to test it for our company. I have 2 basic questions, appreciate if some one can take some time to answer those:
1. I understand that incoming data is indexed and raw data is compressed when it is into Splunk. Where is the actual raw data available ? Is that ...
|
sureshchinta
Posts |
2
|
3 days ago... |
|
Unique Keys In Inputs.conf
(Not tagged)
Is there anyway to add a completely unique key into each monitor entry? For example we have:
[monitor:///opt/edesign/glassfish/nodeagents/webg_agent/webg-w3/logs]
[monitor:///opt/edesign/glassfish/nodeagents/webg_agent/webg-w4/logs]
The host for these is webg which is not specific enough ...
|
h1d3m3
Posts |
4
|
3 days ago... |
|
Splunk backup of indexes
(Not tagged)
Hi all,
Can you tell me what you are doing for splunk's backup ?
How do you backup your hot indexes ?
Can you tell me if the following procedure is "the way to go" ?
Backup Splunk indexes
---------------------------------
Force via crontab every day before backup a roll from hot to warm with ...
|
donypie
Posts |
6
|
3 days ago... |
|
crash
(Not tagged)
|
ariegel
Posts |
-1
|
4 days ago... |
|
Basic setup question
(Not tagged)
Despite having hundreds of pages of manuals and endless forums entries in front of me, I'm unable to find the answer to what I think should be a simple question.
I have a search server (ServerA) and a index server (serverB).
Where in the configuration/setup do I tell ServerA to search against the ...
|
cpenkert
Posts |
2
|
4 days ago... |
|
Forwarder in 4.0.6 isn't sending IIS log file data
(Not tagged)
Hi all,
I just upgraded a forwarder from 4.0.3 to 4.0.6 on our Windows 2003 Server which forwards to our main splunk installation on CentOS. After my upgrade, logs generated by our applications still work, but I'm unable to properly get the IIS log data. If I run the following command.
{{splunk ...
|
tnine
Posts |
2
|
4 days ago... |
|
forwarding/receiving and 4.x
(Not tagged)
In splunk 3.x, when forwarding, server information appeared in (splunk home)/etc/system/local/outputs.conf.
Where is this data in splunk 4.x? I thought it would be in (splunk home)/etc/apps/SplunkForwarder/local but it's not.
I miss the 'view topology' option that was in 3.x but is not in 4.x. ...
|
rgonzale6
Posts |
3
|
4 days ago... |
|
Log file not broken up into individual events
(Not tagged)
I'm new to splunk, but I've been working for 3 days straight to figure out how to simply input a log and have Splunk index each line as an individual event. Unfortunately, it seems to group random numbers of lines together into individual groups. Can anyone point me in the right directtion?
Some ...
|
kdrent
Posts |
1
|
5 days ago... |
|
RFC 5424
(Not tagged)
I am new to Splunk. How do I configure a source type for RFC 5424 compliant syslog messages?
|
RalphGoers
Posts |
1
|
7 days ago... |
|
Multiple different credentials
(Not tagged)
Hi,
I have Splunk installed on a Windows box with services running as a Domain Admin Service Account. I am able with the Windows App to get Event Logs (as an example) off multiple servers.
However, I also have the *nix app installed as we have multiple Linux and HP Servers installed. However each ...
|
Chrispy_Duck
Posts |
2
|
8 days ago... |
|
Unable to index files
(Not tagged)
i am running Splunk 4.0.6 with a demo enterprise license and am having problems adding several syslog generated files into splunk.
I use syslog to store remote syslog streams from routers on our network.
I am trying to monitor all of these files:
-rw-r----- 1 root root 2522 2009-11-12 07:53 ...
|
TheCowStir
Posts |
1
|
8 days ago... |
|
Examples of monitoring disk usage, reporting invalid logins etc.
(Not tagged)
Could you provide some specific examples of monitoring disk usage, invalid logins etc.. in a Windows systems? I tried diskspace <= 10% etc...
Thank you in advance.
MM
|
Voltaire
Posts |
1
|
8 days ago... |
Log in to add a new discussion