The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by RobertRi
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Split UDP input to various sourcetypes
In: SplunkAdministration
(Not tagged)
Hi
We would like to send varioues udp:514 events to the splunk indexer.
There is no possibility ...
|
1
|
23 months ago... | |
|
Splunk on cloned virtual machines
In: SplunkAdministration
(Not tagged)
Hi
Thanks for your answer, I have tested it in my virtual environment with 2 Windows machines, but ...
Hi Sometime it happens, that a machine with a productiv Splunk installation, will be cloned (VMWare). ... |
3
|
23 months ago... | |
|
Splunk on Linux Clusters
In: SplunkAdministration
(Not tagged)
The sourcetype is the same, the inputs.conf is ident on each server
For app1=cluster_app1 and app2=...
Hello I have a question about Splunk on a Linux Cluster. We have two physical machines called ... |
3
|
23 months ago... | |
|
Management Port 8089
In: SplunkAdministration
(Not tagged)
If I have understood it right all eventdata will be sent by default via port 9997. If I change the management ...
That's clear .. but is there a possibility to configure an other management port number on a few machines ... Hi In our environment, we use the port 8089 (default configuration) as the management port. Now ... |
5
|
23 months ago... | |
|
LDAP Authentication: Trusted Domain User
In: SplunkAdministration
(Not tagged)
Do you plan to implement this feature ?
Hi We use LDAP authentication for WebUI, which works fine. But know I have added a new user in ... |
3
|
23 months ago... | |
|
Reduce /opt/splunk/var/log/splunk output
In: SplunkAdministration
(Not tagged)
Actual I have 170MB of logfiles in the /opt/splunk/var/log/splunk directory on a Linux forwarder. ...
|
2
|
25 months ago... | |
|
Monitor Splunkforwarder
In: SplunkAdministration
(Not tagged)
What I have seen is, that log entries with "tcpin_connections" are only available, if the forwarder ...
Hi Sometimes it happens, that a forwarder doesn't send events to the indexer, because the filesystem ... |
1
|
25 months ago... | |
|
View available Forwarders
In: SplunkAdministration
(Not tagged)
Hi
In version 3.4 there was a view where I have seen all my available forwarders which sends data ...
|
1
|
26 months ago... | |
|
Upgrade Forwarder Silent
In: SplunkAdministration
(Not tagged)
thanks
One thing what I have seen after my first testupgrade is that the forwarder license has switched to ... Both and Unix [Revised on Sun, 10 Jan 2010 23:30:03 -0800] Linux rpm packages Hi I want to upgrade our Forwarders from 3.4 to 4 but I didn't find any information about command ... |
6
|
26 months ago... | |
|
Upgrade questions
In: SplunkGeneral
(Not tagged)
Hi
I have read the migrate instructions from 3 to 4 and I would like to know If I understand it right.
Under ...
|
1
|
26 months ago... | |
|
outputcsv order of fields
In: SplunkGeneral
(Not tagged)
Sorry the problem is not the outputcsv but the sendemail command
If I use the outputcsv command with ...
I use a search and display only a few fields in a specific order In this search I use outputcsv but ... |
2
|
30 months ago... | |
|
Transactionsearch with subsearch
In: SplunkGeneral
(Not tagged)
Hi
Yes thanks works perfect
I have an other question.
In this Search I extract the starttime and ...
found the known issues and the starttimeu is one issue in this version is it possible to convert the ... Something strange is happend ! Now I tried the command index=motis Nomad starttimeu=1250017527.0 ... Hi I have a problem with my search and hope that someone can help me My first search is a transaction ... |
6
|
30 months ago... | |
|
Move WMI Input to different Indexes
In: SplunkAdministration
(Not tagged)
I have read a post that wmi remote events have a specific behaviour at transformation time
Now I ...
I would split systems wich refers to a specific project That I have one Index with logs from application, ... Hello I have a problem with Splunk 3.4.3 on Windows and remote wmi. Here I will index the application ... |
4
|
33 months ago... | |
|
Transaction Search
In: SplunkAdministration
(Not tagged)
I have two logfiles
trans1.txt
trans1 sshd[100] authentication from 111.222.111.222
trans1 sshd[100] ...
Hello I have tried it with success with a subsearch and one trans1_pid value But how can I handle ... Maybe my post was a little bit cunfusing. What I want to do is, to search for a few field values and ... Hello I have a problem to link a linux message log with a tcp log and hope that someone can give ... |
6
|
35 months ago... | |
|
Multiline Regex Problem
In: SplunkAdministration
(Not tagged)
Hello
I have a problem with a multiline regex
This is my log sample, it has 40 to 50 lines with ...
|
1
|
36 months ago... | |
|
Splunk Index Concept
In: SplunkGeneral
(Not tagged)
Hi
In the past I made a few indexes for each Sourcetype. So I had one for IIS, WinEventlogs and ...
|
1
|
36 months ago... | |
|
Configure Dashboards for roles
In: SplunkAdministration
(Not tagged)
Hello
If I look in my prefs.conf, there I can find a lot of user sections, wich have different ...
|
1
|
36 months ago... | |
|
Splunk Licenses
In: SplunkAdministration
(Not tagged)
or maybe, do I have only to rename the splunk-forwarder.license to splunk.license ?
This license looks ...
Hi araitz I have tested it on an AIX box with version 3.4.3 but it doesnt work. I can enable the ... Hello I have a question about Splunk licenses. We bought an enterprise license for one Splunk ... |
5
|
37 months ago... | |
|
Add Timestamp at indexing time
In: SplunkAdministration
(Not tagged)
Hi
I have a logfile which don't change the modify date when new events are written.
With the alwaysOpenFile ...
|
1
|
38 months ago... | |
|
Differ Data Inputs
In: SplunkAdministration
(Not tagged)
Hi
I have a question about data inputs.
There I have an logfile directory, with two different ...
|
–
|
38 months ago... |