Forums: SplunkGeneral
Topics 1–20 of 1289
| Log in to add a new topic | Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Adding additional servers to *Nix app?
(Not tagged)
I am evaluating the latest Splunk release and is there a way to add additional servers to monitor in the *Nix application (CPU, memory, disk etc)?
|
BigBirdy
Posts |
3
|
26 hours ago... |
|
Create new Field and Assign existing field in transforms.conf
(Not tagged)
Hello,
I am running into an issue where I want to report on the number of logins by server and user. The issue I have is that it appears in the windows 2003 server security event log the user is defined by the username field. However, in Windows 2008 server it is Account Name.
So if I did ...
|
kholleran
Posts |
2
|
2 days ago... |
|
How do I remove Sources?
(Not tagged)
HI
How do I remove Sources?
THX
|
howardhon
Posts |
–
|
4 days ago... |
|
Clear Windows Logs?
(Not tagged)
I'm not running Splunk, just evaluating for use in the next few months. Is it possible to make Splunk archive and then clear the security logs on Windows clients?
|
jh_hopkins
Posts |
–
|
9 days ago... |
|
Converting incoming GMT on events
(Not tagged)
We have added tickets from our ticketing system into splunk. However I had to add "DATETIME_CONFIG = NONE" because it was reading them in the future and erroring. How can I update that sourcetype to read that field as event creation time while converting that GMT to local time?
|
tavor999
Posts |
–
|
16 days ago... |
|
auditing data sent to splunk
(Not tagged)
i'm trying to determine how much data i am sending to splunk on a monthly basis. is there an easy way to determine this?
|
dolt
Posts |
–
|
17 days ago... |
|
DB2 Table Lookups
(Not tagged)
I am looking into the possibility of using Splunk to collect data from our DB2 tables. I have seen some older documentation about using scripts to collect such data, however I haven't been able to find anything relating to more recent releases of Splunk. I was wondering if anyone has any recent documentation ...
|
bryancrabtree
Posts |
1
|
23 days ago... |
|
MacOS 10.6 64-bit support?
(Not tagged)
I'm curious when we might see 64-bit support under 10.6. I was under the impression we were going to see it with 4.1, but alas, it is not the case.
Thanks!
|
staze
Posts |
1
|
23 days ago... |
|
Splunkd vs. SplunkWeb
(Not tagged)
Hi Splunkers,
here is an odd issue. I have just installed 4.1.3 on my Win2008 64bit System with the services using an domain account we have created for Splunk. Now when i start the Splunkd service all is fine until i start the SplunkWeb service, at which the Splunkd service terminates. If I then ...
|
wpeters
Posts |
2
|
24 days ago... |
|
Search Results Not Displayed in Outlook?
(Not tagged)
Has anyone else come across this issue?
Outlook 2007 does not display scheduled search results - it truncates the message. The source is intact and the message is displayed properly in mobile clients, including OWA.
***Begin Message****
"Saved search results.
Name: 'Failed Remote Logons | ...
|
gzebrasky
Posts |
2
|
1 month ago... |
|
Lightforwarder to another Indexer
(Not tagged)
Hi,
I have set the LightForwarder on one of my Windows servers.
How can I set the Splunk server to receive this data and index it as another indexer instead of the "main" index?
Thanks
Cheers,
Chee Siong
|
csoh
Posts |
1
|
1 month ago... |
|
PdhCollectQueryData failed
(Not tagged)
In the splunkd.log I see the following message:
06-11-2010 16:30:54.424 ERROR ExecProcessor - message from "D:\applic\Splunk\bin\splunk-perfmon.exe -noui"
ERROR splunk-perfmon - runPerfMon: PdhCollectQueryData failed with status (0x800007d5): No data to return.
Does someone know what this means ...
|
omlojoha
Posts |
1
|
1 month ago... |
|
Index-time field extraction not searchable
(Not tagged)
When I use double-quotes in my index-time field extractions, the meta-data is not searchable. I've seen this problem on 4.0.11 and 4.1.3.
**Sample text:**
{{results=AA,BB,CC CC,DD}}
**Transforms.conf without double-quotes:**
{{REGEX = ^results=(.*?),(.*?),(.*?),(.+)$}}
{{FORMAT = key1::$1 ...
|
dottom
Posts |
1
|
1 month ago... |
|
Dashboard? View? Am I missing something?
(Not tagged)
I'm designing an advance dashboard, using the advance Splunk xml; however I'm a little confused at the moment. What is the difference between a dashboard and a view?
Using the Splunk web, I am able to generate a simple dashboard - and upon navigating to the .xml file, I can see that splunk web uses ...
|
klee310
Posts |
1
|
2 months ago... |
|
reload configuration
(Not tagged)
Hi, is there any way to reload configurations by splunk web rather that restart splunk after i have modified eventtype.conf and transform.conf, thanks.
Dianbo
|
dianbo
Posts |
8
|
2 months ago... |
|
Search Help
(Not tagged)
I am relatively new to Splunk and need help with the search lingo. What I want to do is return results from a Windows Security Event log that shows me a list of usernames, the number of logins, and the last time they logged in. I got the first part (list of usernames and number of logins) with:
host="HOST" ...
|
kholleran
Posts |
2
|
2 months ago... |
|
Cisco Ironport Web
(Not tagged)
I'm having a hard time getting the ironport web data to fill in correctly. I'm very new to splunk so i'm sure thats some of my problem. I have a script that pulls the current access log every half hour or so and then drops it in a directory on my splunk machine. I then added a data import for files ...
|
josephand
Posts |
3
|
2 months ago... |
|
IronPort logging
(Not tagged)
What subscriptions do I need to create on the IronPort to use with the IronPort App? I assumed it would be the Access Log but it doesn't give the option to specify a SYSLOG server.
|
joellytle2010
Posts |
–
|
2 months ago... |
|
Splunk - newbie
(Not tagged)
i'm newbie to splunk and i'm trying to get splunk monitor a capture file from Wireshark.
i set wireshark to capture traffic on a cap file and had splunk to monitor that file.
I'm trying to see captured traffic and search inside that cap file to no avail.
Any help?
|
offtheboxuser
Posts |
–
|
2 months ago... |
|
Parse Windows Event log
(Not tagged)
Hello,
I need to parse out the message field in a windows event log.
For example:
Message=Successful Network Logon: User Name: USER Domain: DOMAIN Logon ID: () Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos
I need to be able to parse on Logon Type: 3 within transforms.conf ...
|
kholleran
Posts |
6
|
2 months ago... |
Log in to add a new discussion