The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by bosburn
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Pushing Windows inputs to a different index?
In: SplunkAdministration
(Not tagged)
Interesting, if I set up the monitoring via the website/gui on the windows server, it doesn't put this ...
I'm attempting to set up a windows instance which will act as a forwarder to our main linux indexer. ... |
3
|
23 months ago... | |
|
Why is splunk throwing data into multiple indexes?
In: SplunkAdministration
(Not tagged)
Whoops, I see what is happening.
it's setting the home path to the same path for all the indexes.
Guess ...
I'm seeing some odd behavior that I can't quite figure out. I'm seeing the same data being populated ... |
1
|
23 months ago... | |
|
Trying to accomplish a couple of things but failing in all..
In: SplunkAdministration
(Not tagged)
Thanks! I'll try that tomorrow.
That link is awesome btw..
Woohoo, this works. Even got the extract to work. I never used the group names functionality in regex ... The logs are not access_common. Maybe I'm going about this the wrong way. I want to set Splunk ... Changed the regex for the rule to this: # CSC Apache Logging [rule::csc_apache_logging] sourcetype ... **First thing I'm trying to accomplish:** Okay, I'm trying to set up a sourcetype set up on a rule ... |
7
|
23 months ago... | |
|
A question around custom sourcetypes
In: SplunkAdministration
(Not tagged)
Did it a little easier way.
./splunk train is a wonderful thing ;)
Okay, I think I missed a portion of the manual regarding "search time" field extractions and "index ... It's setting the source type the file name - which is if I had to guess it the default. It does pick ... I've switched it to lower case and it doesn't look like it's working either. I'm really kind of confused ... Hi - I'm playing with splunk with the hope to start using it as a centralized logging location for our ... |
6
|
24 months ago... | |
|
Missing file when installing on Solaris 3.3.1-39933
In: SplunkAdministration
(Not tagged)
That fixed the issue.
Thanks!
I've checked the installation documentation but couldn't find any information on this. Unzip, and ... |
3
|
42 months ago... |