The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by rgonzale6
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
First match or last match in transforms.conf?
In: SplunkAdministration
(Not tagged)
From here... http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles
My assumption ...
|
3
|
27 months ago... | |
|
forwarding/receiving and 4.x
In: SplunkAdministration
(Not tagged)
thanks! Useful command, that.
On further review, it looks like the receiving server is documented ...
In splunk 3.x, when forwarding, server information appeared in (splunk home)/etc/system/local/outputs.conf. Where ... |
3
|
27 months ago... | |
|
possibly to finagle anonymizer/masking to do what I need to do?
In: SplunkAdministration
(Not tagged)
I've got two different data sources coming in. I can't change the formatting of the messages. They ...
|
1
|
31 months ago... | |
|
querying on multiple items
In: SplunkGeneral
(Not tagged)
of course! This is basically IPSEC VPN login data being syslog'd to our splunk server. The file would ...
I have a list of ~500 usernames. I want to query splunk to see if a data point exists for each of them. ... |
2
|
31 months ago... | |
|
Tranactions, fields +, and excluding search responses that contain NULL values.
In: SplunkAdministration
(Not tagged)
works! many thanks!
of course! Here's an example of the 'start': Jun 1 12:33:58 (FQDN of sending host) Juniper: 2009-06-01 ... To break it down...our splunk instance is eating IPSEC VPN logs. I use this transaction command to ... |
7
|
33 months ago... | |
|
Troubel with Scripted Inputs
In: SplunkAdministration
(Not tagged)
Using pl2bat and wrapping my perl script in a batch filed worked, just fyi. (for my case)
I'm having a similar error. Splunk for Windows, scripted input using ODBC connection to do a SQL query ... |
7
|
33 months ago... | |
|
Admin>Applications Missing
In: SplunkApplications
(Not tagged)
What version of splunk are you running? I'm not sure if those 'tabs' existed before 3.4.5.
|
7
|
34 months ago... | |
|
UDP:514 does not show as source, sourcetype, or host after adding network data input
In: SplunkAdministration
(Not tagged)
Are these events routing to the main index? If they're not, they won't show up on main's dashboard.
Also, ...
|
2
|
35 months ago... | |
|
Parsing Active Directory Logs
In: SplunkAdministration
(Not tagged)
I've been able to do the proper REGEX to pull what I needed to pull. thanks for your response!
I've got some AD logs in text form and I'm trying to load them into splunk for indexing. I've installed ... |
2
|
35 months ago... | |
|
forcing roll from warm-->cold?
In: SplunkGeneral
(Not tagged)
I've recently inherited an existing splunk implementation and I've noticed something odd. I'm seeing ...
|
1
|
37 months ago... | |
|
Forcing timezone offset
In: SplunkGeneral
(Not tagged)
wow, thanks. Will investigate!
Gotcha, thanks for the response! I'm taking in syslog data and find it necessary to have the timestamp be in UTC time rather than local. ... |
5
|
37 months ago... | |
|
Saved searches not alerting correctly
In: SplunkSearchAndAlert
(Not tagged)
That returns multiple events, mostly resembling this:
12-09-2008 12:20:06.217 INFO SavedSplunker ...
Assuming my thinking is right (might not be, I'm new to splunk) here is what's happening: I have ... |
3
|
39 months ago... |