The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by m@
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
splunk and fortigate firewall / how to fetch data from hardware firewall syslogs
In: SplunkAdministration
(Not tagged)
Yeah what CarielTjuh said. If you are successfully receiving UDP events from other devices and you ...
|
13
|
33 months ago... | |
|
Old Versions Moved?
In: SplunkAdministration
(Not tagged)
You can find them here: http://www.splunk.com/page/previous_releases
|
2
|
36 months ago... | |
|
splunkweb fails to start
In: SplunkAdministration
(Not tagged)
if forwarding resumes when you disable the lwf that sounds like you may have two forwarder configurations ...
|
13
|
38 months ago... | |
|
Problems with the metadata command and 3.3.2
In: SplunkGeneral
(Not tagged)
In case you didn't notice this was fixed in 3.3.3.
Sorry for not updating the thread sooner
|
6
|
42 months ago... | |
|
Splunk not accepting updated reverse DNS
In: SplunkAdministration
(Not tagged)
since these entries are sourcetyped as syslog could host extraction be coming into play? The default ...
|
7
|
46 months ago... | |
|
NIST Standard
In: SplunkGeneral
(Not tagged)
The short answer is that Splunk is a tool that can help make you compliant with each of the standards.
I'll ...
|
2
|
49 months ago... | |
|
Where are HowTos located?
In: SplunkGeneral
(Not tagged)
Most of the how to topics are in the process of being ported to our new documentation structure. Instructions ...
|
2
|
50 months ago... | |
|
How do I capture multiple lines as one event?
In: SplunkAdministration
(Not tagged)
You are not limited to using a sourcetype, you can also specify a specific source
[source::/foo/bar/data.log]
BREAK_ONLY_BEFORE_DATE ...
|
1
|
55 months ago... | |
|
MonitorWare agent and Splunk license - Where do I find it?
In: SplunkGeneral
(Not tagged)
Monitorware keys are issued at the time the license is generated. In order for this to happen Monitorware ...
|
1
|
55 months ago... | |
|
I downloaded the addon, now what do I do?
In: SplunkApplications
(Not tagged)
This particular Add-on contains a [http://www.splunk.com/doc/3.1.1/admin/BundlesIntro bundle]. You ...
|
2
|
56 months ago... | |
|
New Indexes Options
In: SplunkAdministration
(Not tagged)
Yup you want to use the values in the default indexes.conf.
The defaults for splunk add index will ...
|
2
|
56 months ago... | |
|
How do you log a Novell Netware server to Splunk?
In: SplunkGeneral
(Not tagged)
There are a few ways you can do this:
* One way to do it is the way that you initially tried. Not sure ...
|
1
|
56 months ago... | |
|
filtering out data using custom fields
In: SplunkSearchAndAlert
(Not tagged)
I'm the first to admit that SQL fu su not the strongest but I think the query that you are trying is ...
|
2
|
57 months ago... | |
|
Do I need to explicitly create a data input for the logs created by Splunk itself?
In: SplunkAdministration
(Not tagged)
Nope. Splunk is configured to eat its own log files out of the box. By default these logs are sent ...
|
1
|
57 months ago... | |
|
Backing up Splunk
In: SplunkAdministration
(Not tagged)
This is where larger architectural decisions come into play. If youare feeding data into Splunk via ...
|
4
|
57 months ago... | |
|
how do I tail a log file that has a $ in the name of the file?
In: Junk
(Not tagged)
Does it work if you add the input via the CLI or the conf file? $ is a reserved character so it may ...
|
1
|
57 months ago... | |
|
Host - Segment in Path
In: SplunkGeneral
(Not tagged)
I suspect that you have a sourcetype specified for this input that includes a hostname extraction property. ...
|
1
|
57 months ago... | |
|
Can I password protect the Splunk page on the free version?
In: SplunkGeneral
(Not tagged)
User authentication is a function of an enterprise license. If you need to secure your free Splunk ...
|
2
|
57 months ago... | |
|
Did Splunk take away "ctrl click" when adding to a search in v3.x.x?
In: SplunkSearchAndAlert
(Not tagged)
The default click behavior has changed in 3.0 but you can change your individual preferences. Check ...
|
1
|
57 months ago... | |
|
Install failed
In: SplunkGeneral
(Not tagged)
First thing you want to do is ensure that you installed the correct version of Splunk for your OS. ...
|
3
|
57 months ago... |