The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by jasonnadeau
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Can multiple splunkwebs use a single splunkd?
In: SplunkAdministration
(Not tagged)
Can you configure a few servers running splunkweb to access a single splunkd instance if you modified ...
|
1
|
29 months ago... | |
|
Splunk database
In: SplunkAdministration
(Not tagged)
you may need to re-index the data, which should be available on the host that sent it, or it may be ...
|
13
|
32 months ago... | |
|
Classify and search syslog-data by Facility
In: SplunkAdministration
(Not tagged)
Splunk strips priority code by default. You have to remember that Facilty Code * 8 + severity number ...
|
1
|
32 months ago... | |
|
Distributed Search and Splunkweb frontend
In: SplunkAdministration
(Not tagged)
I am looking into how to best configure my Splunk receiving servers for distributed searching and splunk ...
|
–
|
32 months ago... | |
|
Splunk 3.4.10 and Splunk 4.0.x
In: SplunkAdministration
(Not tagged)
Some questions on Splunk 3.4.10 and Splunk 4.0.x
I just installed Splunk 3.4.10 in one data center ...
|
2
|
34 months ago... | |
|
Install from Remote Desktop Connection
In: SplunkAdministration
(Not tagged)
Remote Console would be the wrong name but yes it is the same protocol in use RDP.
You can access ...
Microsoft RDP will provide you the same experience as if you were on the console. That being said you ... |
3
|
34 months ago... | |
|
Hostname for SplunkLightForwarder
In: SplunkAdministration
(Not tagged)
I made the changes to
$SPLUNK_HOME$/etc/system/local/inputs.conf
not the etc/apps/SplunkLightForwarder ...
In splunk 3.4.10 you can use this stanza in your inputs.conf to setup the hostname field. By default ... |
4
|
34 months ago... | |
|
How to change license to FREE version
In: SplunkGeneral
(Not tagged)
I will go out a limb and say it's probably like 3.4.10 version of splunk.
In $SPLUNK_DIR$/etc you ...
|
4
|
34 months ago... | |
|
Help! Splunk stopped working...
In: SplunkGeneral
(Not tagged)
Hope someone else can chime in here because I am out of ideas.
Nothing looks out of place to me. The trial enterprise license is still valid? When you perform a ... Can you post some more details for the community you may have posted in the ticket. Splunk version OS OS ... |
11
|
34 months ago... | |
|
Windows or Unix?
In: SplunkGeneral
(Not tagged)
IF you are comfortable with Linux or Unix I would recommend moving to that operating system. In 3.4.10 ...
|
6
|
34 months ago... | |
|
Editing automatically added UDP Data Inputs does not work
In: SplunkAdministration
(Not tagged)
As a work around you may want to edit your inputs.conf to label your logs as cisco_syslog.
|
1
|
34 months ago... | |
|
Index problem
In: SplunkAdministration
(Not tagged)
You might want to post your
{{$SPLUNK_DIR/etc/system/local/inputs.conf}}
This is where you changes ...
|
8
|
34 months ago... | |
|
Splunk Visio Stencils
In: SplunkRequest
(Not tagged)
You guys have a bunch of great visual aids in your documentation. Any chance we can get some of those ...
|
10
|
34 months ago... | |
|
The host_segment...
In: SplunkAdministration
(Not tagged)
I am running Splunk 3.4.10 and I have some servers delivery logs hours to a log directory in my splunk ...
|
1
|
34 months ago... | |
|
Combine these multiline events
In: SplunkAdministration
(Not tagged)
Yes the "~" is part of the stream, it is used to break up the events. I am trying your suggested LINEBREAKER ...
I am getting logs from an application that writes the output as follows: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... |
3
|
35 months ago... | |
|
Alert with RSS
In: SplunkAdministration
(Not tagged)
This might help going to take a shot at it today.
http://www.splunk.com/base/Documentation/latest...
Same problem here. The RSS feed link to just the hostname and are missing the FQDN |
3
|
35 months ago... |