Getting Data In

Thread Info

Merging multiline events

Greetings! I am trying to merge 2 lines into 1 event but having problems. Appreciate advice on my steps taken S...

by Explorer in

Adding new data to index with a new sourcetype

I want add some files from a directory to be monitored by splunk, but I also want to give it a new sourcetype called ...

by Explorer in

Can Splunk monitor a subversion url for changes?

I would like to monitor a subversion repository for changes. Is this something I can do with Splunk?

by Engager in

LWF send source name when raw

Is there a way to make Light Forwarder include the name of the file it is sending events from (i.e. source) when send...

by Splunk Employee in

Multiple timestap formats and subsecond with two digits only

Hi everybody, is it possible to teach a custom datetime.xml that my subsecond field is only two digit long? I hav...

by Builder in

Backed Up Indexers

According to my Deployment monitor app one of my indexer shows backed up. I need help find out if it is some thing du...

by Path Finder in

Changing sourcetype of incoming TCP syslogs

Hi everyone. Quite new to the product, I am struggling a bit. All my logs are coming through syslog on TCP 514 and...

by Explorer in

WinEvent Filtering on Heavy Forwarder

Hi, Trying to send all eventIDs from WinEventLog:Security to NullQueue with the exception of 592 and 593. Still getti...

by Engager in

HOWTO: throw away portions of an event

I have a very talkative data source that I only want a few fields - not entire events - from. How do I keep the parts...

by Motivator in

Can I route based on wildcard source

Can I say this? [source::/usr/local/blackboard/*] TRANSFORMS-routing=otherRouting In my inputs, I have pretty ...

by Path Finder in

How to get rid of a sourcetype?

Somehow I've managed to get three different sourcetypes for syslog appearing in my search results: "syslog" 2,049,...

by Explorer in

Actions Menu Export Results TitleBar module

Hey, I have a Titlebar module in my form with the following code: <module name="TitleBar" layoutPanel="vie...

by Motivator in

Checking machines' status from outside a firewall

I have a Win7 PC on which I would like to run splunk, but the majority of machines (mostly UNIX) I would like to moni...

by New Member in

Attempting to index a apache logs directory

I am attempting to index a apache logs directory. We use cronolog to split our apache log files We have a sub dir...

by New Member in

How to configure Splunk to collect windows system & security logs via WMI

I'm trying to configure splunk to collect system and security logs via WMI from workstations. I don't know who is at ...

by Explorer in

Help to create a new data input via REST API, plz

I'm trying to configure splunk via REST API. Can anybody show working POST-request to create new data input? Just 1 c...

by New Member in

Scripted VB Input with Linux Indexers

Hello We run a Splunk system where our Indexers are all on Linux and our forwarders are light forwarders across Wi...

by Communicator in

How can I manually move buckets from WARM to COLD

We recently made several indexes.conf file changes, notably changing our bucket size from 5GB to 1GB. Along with this...

by Path Finder in

ERROR BucketMover - coldToFrozenScript exited with non-zero status: exited with code 1

I checked splunkd.log today and all i see is this: 06-02-2010 14:04:00.013 INFO BucketMover - will attempt to freeze:...

by Splunk Employee in

Change hostname for syslog sourcetype ?

Hi, I am trying to override the default hostname that is being set for the syslog entries on /var/log/messages. Th...

by Explorer in

Splunk, VMWare, Syslog and non-default port

We're trying to setup some test monitoring of a VMWare ESX host (not ESXi). Because our Splunk instance does not run ...

by Builder in

Filtering events from forwarder at indexer

I'm trying to filter noisy events that have recently pushed us over license usage. The events come from a lightweight...

by Influencer in

Daily indexing volume limit exceeded shown on forwarder

Hi, I have installed Splunk on serverA. ServerA is configured to monitor local events and at the same time is pull...

by Contributor in

Reducing maxWarmDBCount below current warm bucket count.

Hi, To utilise some additional space that I have brought online, I have configured the colddb path to use new stor...

by Explorer in

Duplicate files being indexed

Using the Unix App, monitoring Radius log files. /var/log/radius/radius.log Current log file gets renamed and gzipped...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Merging multiline events

Adding new data to index with a new sourcetype

Can Splunk monitor a subversion url for changes?

LWF send source name when raw

Multiple timestap formats and subsecond with two digits only

Backed Up Indexers

Changing sourcetype of incoming TCP syslogs

WinEvent Filtering on Heavy Forwarder

HOWTO: throw away portions of an event

Can I route based on wildcard source

How to get rid of a sourcetype?

Actions Menu Export Results TitleBar module

Checking machines' status from outside a firewall

Attempting to index a apache logs directory

How to configure Splunk to collect windows system & security logs via WMI

Help to create a new data input via REST API, plz

Scripted VB Input with Linux Indexers

How can I manually move buckets from WARM to COLD

ERROR BucketMover - coldToFrozenScript exited with non-zero status: exited with code 1

Change hostname for syslog sourcetype ?

Splunk, VMWare, Syslog and non-default port

Filtering events from forwarder at indexer

Daily indexing volume limit exceeded shown on forwarder

Reducing maxWarmDBCount below current warm bucket count.

Duplicate files being indexed

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions