Forums: Posted by splunkles99

Hi Has anyone worked out how to remove data from splunk that is over 30 days old? I had a look ...

I'll answer this myself ;-) Yep you can do this...just saw the entries on the indexer change to the ...
I think I might know the answer to this already but can anyone confirm the following: Can you deploy ...

OK cracked it Not sure if i's a bug or not but I was configuring the tcp port vi a the data inputs ...
Yep the index is there and I have mapped the admin user to it. I log on with the admin user account, ...
can you post you inputs.conf - I'm having similar issues - I can forward data from my splunklightforwarder ...

Hi I have forwarding and receiving working fine now until I try to encrypt the forwarding connection ...
Not sure if i's a bug or not but I was configuring the tcp port vi a the data inputs link on the mgmt ...
does the system/local/inputs.conf override /SplunLightForwarder/local/inputs.conf?
if I search using index="main" source="tcp:7772" then I get the same data displayed so it looks ...
If I go to the launcher app and select port 7772 I see current data and the search in the search bar ...
OK cheers can you see anything wrong with this? /opt/splunk/etc/apps/SplunkLightForwarder/local/inputs.conf [monitor://usr/local/apache2/logs] disabled ...
sorry for the typos - what I'm asking is where do I set the index = indexname and how do I map the data ...
Hi Guys I have an issue where I can set up a splunklightforwarder to forward data to a reciever ...

to get round the %20 issue you can put in a modrewrite rule with [EN] flags at the end - I had this ...
Had the same problem - you have to make sure that if your RP uses SSL then splunk also uses SSL - if ...

Brilliant Thanks!!
Hi Can you confirm if this worked in the end? I need to do something very similar and for me personally ...

given up on this - moved to having an apache RP using SSL in front of splunk with splunk doing AD au...
Hi Does anyone know if it's possible to integrate Splunk with PAM looking up to VAS? I have looked ...

Chowned everything to splunk user and everything still works a treat - thanks guys
cheers guys -I have it running after redploying from scratch, leaving everything running as the root ...
OK the penny dropped and rolled away..you do need to have the whole thing started and then run the ./splunk ...
Hi Thanks for getting back to me. I think the penny is starting to drop - am I correct in thinking ...
Hi Complete newbie to splunk. I have looked through the admin doc and followed the instructions ...