The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: SplunkGeneral: Suggestions, pointers for a tech support operation

Previous Topic: How Are Indexes Limited?  |   Next Topic: Multiple Indexes on single host and the ability to search against both in the same query


Posts 1–1 of 1
1
posted by: jgt10  |  posts
date: October 16, 2008
permalink

I'm looking at Splunk to help in a technical support operation. We ask customers for logs from various machines and need to analyze them.

What I envision is taking the logs and dropping them into a system somewhere and having Splunk index and analyze them.

What I need help with is figuring how to:
- setup Splunk to know about where I drop the logs.
- How to tell it there are new ones and to index them.
- Where and how I begin the process of describing the various log message formats.

I'd love any sort of pointers, suggestions, examples or comments. Do not hesitate to point me to the existing documentation, just please be specific about where in them I need to look.

Thanks!

JGT