Forums: SplunkPreview

Topic	Author	Replies	Latest Post
Unable to access splunk from a remote system on the same network. (Not tagged) Hello, I am testing a free version of Splunk on a linux box (Fedora 9 kernel 2.6.25-14.fc9.i686) and would like to allow my coworkers to access it, but when I attempt to open the web page from a remote system, I get this error in the web browser: The page cannot be displayed I am using this for ...	janerik Posts	4	14 days ago...
Service won't run as Windows Domain Account (Not tagged) Anytime I change the splunkd service in Windows to a Windows Domain login/pwd, it crashes. The service works fine when running as the local system account. Running as local system account I cannot get WMI to pull down the Windows Event logs from another Windows machine. Thanks, -Matt	gracim Posts	9	2 months ago...
Splunk 3.2.3 Windows crashing (it seems) randomly (Not tagged) Hi, I'm not sure if i can use the bug report thing without support contract? Anyway, about 2 months ago I set up splunk on a W2k3 server and it ran fine for some time but now it seems to crash more and more often (multiple times per day) Splunk 3.2.3 (build 35555) I noticed a wealth of errors ...	darkfader Posts	3	3 months ago...
write specified sourcetypes to index (Not tagged) Hello I'm new to Splunk and one of my first testings was to create a sourcetype reexp to filter special data. Now in the next step, I try to move this sourcetypes to a special index. My question now is, is this possible that splunk recognize that this data is in that format and write it to the ...	PeterBauer71 Posts	1	3 months ago...
Permission denied db-hot (Not tagged) While testing a new bundle I got this error message when the Windows version of the Preview restarted: Checking index files An unforeseen error occurred: Exception: <type 'exceptions.IOError'>, Value: [Errno 13] Permission denied: 'c:\\Program Files\\SplunkPreview\\var\\lib\\splunk\\defaultdb\\db\\db-hot\\rawdata\\10486464.gz' The ...	sfloyd Posts	1	3 months ago...
Help testing scripted event (Not tagged) Splunk: Windows Preview OS: Windows XP I have followed the instructions for scripted events. I have created a batchfile called "heh.bat" and placed it in the following folder "C:\Program Files\SplunkPreview\etc\bundles\scripts\bin". I have confirmed the script is executable. I added the following ...	sfloyd Posts	1	3 months ago...
How to monitor logs in other machine? (Not tagged) Hi folks: I'd to monitor logs update in some log directories located in a machine other than Splunk server machine, and I don't wanna install Splunk server everywhere. It seems add a File/Folder data input can only specify folders in local machine. If I know the root account, is it possible to ...	halcyon8 Posts	7	3 months ago...
Bugs (Not tagged) or maybe just ID10T errors as it seem other people are runing the preview just fine. I installed on a server 2003 after removing a 3.2.6 preview. I am running in to a couple of issues that may be bugs or may be me doing something wrong. 1. I cannot use a web browser on the local box to view the ...	ASW3382 Posts	3	3 months ago...
BUG: Cannot remove the Metrics.log tail process in 05142008 version (Not tagged) Could remove it in the old version. But now when I hit remove it says it removed it and it stays in the list.	gracim Posts	3	5 months ago...
Splunk Preview forwarder to Splunk 3.2.3 (Not tagged) Can a splunk preview be used as a forwarder to splunk 3.2.3? Or must the forwarder and the receiver match?	CamBam Posts	1	5 months ago...
Transaction Processor (Not tagged) This is a great feature to be added (I didn't find that the whole metaevents features was really that useful) but I'm still wondering how to do transitive events with it: I am supposed to be able to specify several fields like in metaevents but how should the fields be listed? Separating the fieldnames ...	gfoden Posts	6	5 months ago...
Memory usage? (Not tagged) Anyone else having memory leak issues? One two different test machines splunk preview started about between 50-80M and eventually grew to over 700M. (This was on WinXP and Win2003Server one set to store locally and one to only forward to non preview splunk server). CK	cker Posts	6	6 months ago...
RSS feed does not work after default installation (Not tagged) when creating a saved search i am choosing to create an rss feed but when i click the rss icon to view the feed i get a page not found error. what gives?	jjd228 Posts	–	8 months ago...
Windows: splunkd crashes when using UDP network inputs (Not tagged) I'm trying to get Eventlog to Syslog (guy from Purdue created it years ago) to spit data at Splunk for Windows. As soon as anything sends data splunkd immediately crashes. In fact, as a whole, splunkd is pretty unstable. I can get it to crash by sending brutal searches at it. The biggest whiner ...	bstjohn Posts	3	8 months ago...
Search modifiers (Not tagged) On Preview 3 Solaris/SPARC it seems like the search modifiers maxresults and readlimit do not work. Without those modifiers, a few events are returned. For the webinterface, maxresults works, but only through the preferences menu.	Burana400 Posts	1	8 months ago...
multikv.conf example (Not tagged) Can anybody give me a multikv.conf example? I guess this can be used for "iostat"-like output? Would like to play around with it a little bit... feedback guaranteed :-)	Burana400 Posts	2	8 months ago...
File System Monitor (Not tagged) First kudos to you! It's really great having access to preview functions... I've got a problem with fschange. I just want to monitor one file ( /home/myhome/hosts ). Nothing comes in. I then tried to apply a filter, but now all files under /home/myhome are sucked in (non-recursively) input.conf ...	Burana400 Posts	9	8 months ago...
WinEventLog (Not tagged) How does the WinEventLog processor work? I guess some fields are extracted automatically (event metadata like EventID, UserID etc), and the description is used as the event text. If I want to index additional fields from the event text, I guess this is done the same way as any other event?	Burana400 Posts	9	8 months ago...
Suggestion: Audit for Windows Registry (Not tagged) Auditing the windows registry would be a neat function. I'm thinking about a feature similar to filesystem change monitor, but instead working on files, it should work on the windows registry.	Burana400 Posts	1	9 months ago...
Fields and Saved Searches. (Not tagged) In you documentation you have a document about form searches http://www.splunk.com/doc/3.1.4/admin/FormSearch And an example is given like the following $TradeType=Accepted,Rejected,Hold$ This will give me a drop down in my search that gives me these three options in a dropdown. I want ...	Bulldoze Posts	–	9 months ago...

Log in to add a new discussion

close

Splunk.com