Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources.

The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a host service known as Splunk Storm.

Useful links

73 questions

votes

2 answers

Alternative solution to replace aging swatch

We are using swatch installation to sort through 3-5 gig worth of networking syslog and alert us on patterns , we are using splunk to index and search the data but splunk alerting capabilities are seriously lacking. I wondering what are folks using…

cisco syslog splunk

asked Jun 22 '12 at 14:48

Irfan

votes

4 answers

Splunk How do I get syslog to send data into splunk from remote machines

If I install the splunk forwarder, I can get the remote data into my splunk install, and index my logs, and searching is great. But I have a number of router devices and other devices that run syslog, and can export their logs somewhere. How can I…

syslog splunk

asked Dec 28 '11 at 22:36

Mister IT Guru

1,178
3
15
35

votes

2 answers

How can I configure logs as data source from remote unix server in splunk?

How can I configure splunk with log files residing on remote unix servers? Normally I log into putty to a linux server, from there I ssh into another company server and I navigate through directories and perform my operations mainly as cat, zcat…

logging splunk

asked Dec 15 '11 at 13:36

cypronmaya

votes

3 answers

Any QUICK hints for starting off with Splunk

Just downloaded a trial of Splunk, and am thinking of using it to monitor a Windows server base, with the associated apps, e.g.: o Windows event logs / WMI queries (for Windows O/S, SQL Server, Exchange, etc) o Apache/Jboss/Tomcat logs o Oracle…

windows monitoring log-files splunk alerting

asked Nov 13 '10 at 17:51

Simon Catlin

5,232
3
17
20

votes

2 answers

format of the log file format for splunk

The current log file name I have is: catalina.2010-02-24.log. I want to add this for splunk indexing, but i am running into problems, since there is no static file name, since everyday tomcat renames the log…

splunk

asked Feb 24 '10 at 22:16

RainDoctor

4,422
3
23
25

vote

0 answers

Using Splunk DB Connect 3 in a large environment with connection pool

I am wondering if anyone can speak from experience with using DB Connect for a large number of sql server instances, each of which installed (so about 2,000 separate instances total). We currently use this to track the ms sql error log, perfmon,…

sql-server splunk

asked Oct 21 '19 at 20:35

datadawg2000

vote

1 answer

Does Splunk have a "heartbeat" feature?

I run an application with fairly chatty logs, which we are forwarding to Splunk. Users are building custom alerts (as well as searches and even dashboards) for themselves. We are increasingly relying on this forwarder and it is time to begin…

heartbeat splunk

asked Sep 21 '19 at 00:20

Mikhail T.

2,338
1
24
55

vote

1 answer

How to process core-dumps with Splunk?

We are managing an application, which some times crashes and dumps core. We have a script, which outputs the application's stack from the core -- and some other details useful for debugging. Can Splunk be configured to invoke a script upon…

unix dump splunk

asked Jan 29 '18 at 15:49

Mikhail T.

2,338
1
24
55

vote

2 answers

Benefits of using WEF instead of SIEM collectors

Aside from the deployment overhead of a log collector agent on servers from which I want to collect events (using GPO, SCCM etc.), are there any added benefits for using Windows Event Forwarding to my SIEM?

windows logging windows-event-log splunk

asked Apr 23 '17 at 09:05

Franko

vote

1 answer

Simpana CommVault logs and Splunk

What is the best way to get CommVault log data into Splunk? I don't see a Splunk app developed for CommVault, and CommVault generates a lot of log data. It would be extremely beneficial to collect and manage it with Splunk. Has anyone successfully…

splunk commvault

asked Sep 24 '16 at 16:54

Bede

vote

2 answers

how to monitor web app availability with splunk?

I've recently downloaded and installed a Splunk 4.0.4 Server Enterprise trial (running on Windows Server 2008 if that matters), and now I want to set it up to monitor a few web pages in addition to the logs I'm already watching with Splunk. I…

monitoring http network-monitoring url splunk

asked Oct 23 '09 at 01:21

Justin Grant

vote

0 answers

How do audit file permissions changes over CIFS?

I have a few windows file servers but am slowly changing to Freenas/ZFS boxes which are working much better however I can't figure out how to audit when people change permissions to critical folders. On windows I enable object-level auditing via…

security cifs truenas audit splunk

asked Jan 19 '16 at 23:16

Guldan

vote

3 answers

Splunk SAML SSO from an IdP with Apache mod_mellon fails

I am trying to configure SSO from an IdP to Apache with mod_mellon and mod proxy to splunk. Environment: Ubuntu 14.04; Apache 2.4.7; mod-auth-mellon 0.7.0. Apache configured with the mellon-generated key / cert on default ssl site. mod proxy is…

single-sign-on splunk saml

asked Nov 30 '15 at 13:55

Brett

vote

1 answer

Splunk 6: “Cannot preview on this Splunk instance”

I have a distributed Splunk 6 environment with which I am working through the installation of a new Technology Add-on. On my forwarder I am trying to add a new Data Input... Settings > Data inputs > Files & directories > New then select my file and…

splunk

asked Aug 28 '15 at 18:24

user1801810

vote

1 answer

Segmenting syslog logs and access to those logs

I'm trying to figure out if what I'm trying to accomplish is possible or not. What I want is to have all my devices send logs to a syslog server, then have Splunk pull logs for everything EXCEPT my firewalls. Then I need another service (managed)…

syslog splunk

asked Jul 29 '14 at 19:17

LDJS

Prev 1

3 4 5 Next