Getting Data In

Discussions

Thread Info

Proper syntax for urls.conf with multiple URLs

Can someone clarify the syntax for multiple urls in the urls.conf file please for the WebMon? The app is only picking...

by Explorer in

Univeral forwarder not forwarding

I have a problem with a universal forwarder as i configured on a domain controller to use with splunk app for active ...

by Path Finder in

Handle log rolling and index today's log file and yesterday's log file

we have a scenario where we roll logs everyday. we want splunk to index log file for today and log file for yesterday...

by New Member in

Using Splunk as a log forwarder itself?

I'm looking at Splunk to possibly replace a Kiwi Syslog server, however I don't see one of the features that Kiwi pro...

by New Member in

Getting Data into iseries app

I have multiple feeds coming into UDP:514, from this input I have ASA, ESA, and as400 data coming in. I have recently...

by Path Finder in

Splunk JMS Modular Input v1.2.2

I believe I have the JMS Modular Input app installed and running. How do I configure this to monitor a JMS queue on a...

by New Member in

Windows Event logs in syslog format

All our windows servers are sending security event logs to a central syslog server - they are not in Windows event lo...

by New Member in

Do I need to restart a license slave if I change license master?

If I need to move to another license master, do I have to restart my indexer?

by Splunk Employee in

Is Splunk the right tool for ESXTOP?

Hello All, I'm outputting VMware esxtop data to a csv and was wondering if splunk was the right tool to index and ...

by New Member in

Index time not same as log message time

I just setup another splunk server. Foolishly I forgot to turn on NTP and the system clock was way off. The first chu...

by Communicator in

spliting multiple feed that use udp:514

I have multiple systems reporting over UDP:514. I want to separate the iron port email, Cisco ASA's, iseries as400, a...

by Path Finder in

UF tries to open two connections at the same time on the same outbound port

On several servers, the universal forwarder tries to open up two connections at the same time on the same outbound po...

by Splunk Employee in

Monitor different sourcetype in sub-directories

I have to monitor two source types in this following directory structure \\Server\Path\{can be any name}.log == > ...

by Communicator in

scripted input to run at top of minute

Is it possible to tell Splunk to run a scripted input every 5 min at the top of the minute. Ie Script run at 11:05:00...

by Splunk Employee in

indexing, segmenting segments, pre-search

I am a splunk newbie, so some obvious explanations might need further clarification. What I have: Advanced medi...

by New Member in

How To Seperate WinEventLog events from two different domains

Hey Everyone, I currently have events coming in from two different domains. I'm doing various transforms on the in...

by Explorer in

Find events occurring only between 08:00 and 17:00 M-F for the Month

Hi, for an up time report - currently stumped. A CSV log that contains a Time column - values formatted as: 1/01/2...

by Path Finder in

Deployment Problems with SCCM

I am currently testing deployment of the universal forwarder. The end goal is to have it on all windows computers so ...

by Path Finder in

Multiple WMI sources in PROPS.conf

Complete newb here, any help appreciated! props.conf [WMI:WinEventLog:Security] TRANSFORMS-set= setnulla,parse2003...

by New Member in

Can universal forwarder be set to always send entire csv file?

I am trying to incorporate company name information into sales/subscription charts for business leaders to use in pre...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Proper syntax for urls.conf with multiple URLs

Univeral forwarder not forwarding

Handle log rolling and index today's log file and yesterday's log file

Using Splunk as a log forwarder itself?

Getting Data into iseries app

Splunk JMS Modular Input v1.2.2

Windows Event logs in syslog format

Do I need to restart a license slave if I change license master?

Is Splunk the right tool for ESXTOP?

Index time not same as log message time

spliting multiple feed that use udp:514

UF tries to open two connections at the same time on the same outbound port

Monitor different sourcetype in sub-directories

scripted input to run at top of minute

indexing, segmenting segments, pre-search

How To Seperate WinEventLog events from two different domains

Find events occurring only between 08:00 and 17:00 M-F for the Month

Deployment Problems with SCCM

Multiple WMI sources in PROPS.conf

Can universal forwarder be set to always send entire csv file?

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Why am I receiving warning in Splunk log for timed...

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...