Getting Data In

Community Activity

How does Splunk handle udp data streams? Hello, When I stream UDP data to Splunk using a script to pipe Apache access logs via scripts. The splunk server co... by williamsweat Path Finder in Getting Data In 04-20-2011 1 4	1	4
Forwarding to multiple indexes Hi, I have following inputs.conf [script://$SPLUNK_HOME/etc/apps/appa/bin/script1.sh] index = index1 sourcetype = s... by manuarora Explorer in Getting Data In 04-20-2011 0 4	0	4
4.2.1 on AIX 6.1 I noticed support for AIX 6.1 as of Splunk 4.2. Great! Then I noticed support for AIX 6.1 taken away with Splunk 4.... by Branden Builder in Getting Data In 04-20-2011 0 2	0	2
Optimizing custom log formats I read a post on the site describing how an optimum custom log format for Splunk would take the form: <timestamp> ke... by travispowell Path Finder in Getting Data In 04-19-2011 0 3	0	3
monitor a directory that isn't always there I believe that if a directory mentioned in a monitor statement is not there when splunk starts up, the directory will... by vbumgarner Contributor in Getting Data In 04-19-2011 0 1	0	1
Universal Forwarder Repeated Migration If I have a 4.2 Universal Forwarder (Windows) installed on a machine that was migrated from 4.1.x and still has the o... by trevorford New Member in Getting Data In 04-19-2011 0 1	0	1
Why are my events splitting by second and not each timestamp My props.conf has: [server] MAX_TIMESTAMP_LOOKAHEAD = 0 SHOULD_LINEMERGE = true #BREAK_ONLY_BEFORE_DATE = true BREAK... by willthames Path Finder in Getting Data In 04-19-2011 2 7	2	7
Can you treat overrided sourcetypes savely as normal sourcetypes? I have a single source and my main config is based on overided sourcetypes. So is it save to build all configs (FIELD... by Starlette Contributor in Getting Data In 04-18-2011 0 2	0	2
Trim whitespace in indexed files Hi, We are indexing a substantial number of XML files. These files have between 30% and 50% of white space that can ... by oscargarcia Path Finder in Getting Data In 04-15-2011 0 4	0	4
sourcetype not getting set I have the following confs inputs: [monitor:///opt/logs/\.prd/\/\*EndAudit.csv] disable = false index = foo pro... by bmayer00 Engager in Getting Data In 04-15-2011 0 1	0	1
Unable to sync Timezone between CDT and GMT I am attempting to bring data together from servers sitting in GMT in line with the logs from servers sitting in CMT,... by MasterOogway Communicator in Getting Data In 04-15-2011 1 3	1	3
Forwarding data for only selected hosts I have one splunk indexer that receives data from a variety of hosts. I want to also forward the data coming in from ... by brianm1002 New Member in Getting Data In 04-15-2011 0 1	0	1
Link to download source files Hi, We have a system with many indexed small xml files. Is it possible to have a link/view that displays the full co... by oscargarcia Path Finder in Getting Data In 04-15-2011 0 2	0	2
Splunk not breaking events correctly Hi I'm forwarding logs into Splunk from a database trace file via monitor through a LWF. Example file content is a... by shanleyj Explorer in Getting Data In 04-15-2011 0 2	0	2
How To Better Deal with Gaps in Remote Data I need to figure out how I can gracefully revise data that's already been indexed. My use case is this: We are monit... by David Splunk Employee in Getting Data In 04-14-2011 1 2	1	2
Can universal forwarders detect and forward newly created logs Can Splunk universal forwarders handle and forward newly created log files? I would like to forward data as raw logs ... by suhprano Path Finder in Getting Data In 04-14-2011 2 1	2	1
IIS Timezone Help I think i'm going mad. I'm a brand new user who's eval-ing splunk, seems powerful but i'd like to get all my logs in... by brandnew_users Explorer in Getting Data In 04-14-2011 0 3	0	3
Indexing some, but not all files I know there are similar questions, but not exactly and the answers don't seem to apply. Also, I'm a noob so forgive... by charlesm Explorer in Getting Data In 04-14-2011 0 3	0	3
universal forwarder with more than one outputs.conf I need to figure mine collection of universal forwarders to sent information to distinct tcp ports... Basicaly: ... by mamaral Path Finder in Getting Data In 04-14-2011 0 2	0	2
Saving Search Results Hello, I am very new to Splunk. I have got it up and running on a Linux Box and analyzing some IIS logs and everythi... by mdumka Engager in Getting Data In 04-13-2011 1 2	1	2
Extracting Timestamp From csv Hello. I'm having an issue when indexing a csv file. The format of the data is like this. Employee,Date,Dept,Hours,H... by RicoSuave Builder in Getting Data In 04-13-2011 0 5	0	5
missing fields in linux installtion compared to windows I had splunk running on a windows machine with my cisco asa 5505 sending syslogs too it and I was able to see destina... by terryblair New Member in Getting Data In 04-13-2011 0 1	0	1
Filtering events on indexer received from LightForwarder I'm trying to filter some events on an indexer that I'm not interested in. I have a single indexer/search node and th... by mburbidg Explorer in Getting Data In 04-13-2011 0 2	0	2
Simple field extraction with data index from /var/spool/splunk Not working...... I'm testing field extractions on some new logs. I created simple regex to extract server names fr... by tkropp Path Finder in Getting Data In 04-13-2011 0 2	0	2
Changing the index on forwarded data I have one Splunk indexer that both indexes and forwards the data to a second Splunk indexer. The name of the index ... by brianm1002 New Member in Getting Data In 04-13-2011 0 3	0	3

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS) We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

Getting Data In

How does Splunk handle udp data streams?

Forwarding to multiple indexes

4.2.1 on AIX 6.1

Optimizing custom log formats

monitor a directory that isn't always there

Universal Forwarder Repeated Migration

Why are my events splitting by second and not each timestamp

Can you treat overrided sourcetypes savely as normal sourcetypes?

Trim whitespace in indexed files

sourcetype not getting set

Unable to sync Timezone between CDT and GMT

Forwarding data for only selected hosts

Link to download source files

Splunk not breaking events correctly

How To Better Deal with Gaps in Remote Data

Can universal forwarders detect and forward newly created logs

IIS Timezone Help

Indexing some, but not all files

universal forwarder with more than one outputs.conf

Saving Search Results

Extracting Timestamp From csv

missing fields in linux installtion compared to windows

Filtering events on indexer received from LightForwarder

Simple field extraction with data index from /var/spool/splunk

Changing the index on forwarded data

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation