Getting Data In

Discussions

Thread Info

retrying a scripted input after a failure

[I heard this question on an internal mailing list, but it seemed generally relevant so asking it here too] I have...

by Contributor in

Is it possible to tell LINE_BREAKER to stop eating my angle bracket?

The use of LINE_BREAKER is a bit cryptic to me... ok, a lot. But I think I've managed to figure out how to break my X...

by Splunk Employee in

How do I group lines into a single event at index-time?

What I'm trying to do: at index time, create a multiline event based on a unique ID. In the data sample below, I need...

by Splunk Employee in

What are the default sourcetypes and how are they determined?

Sometimes Splunk sets the sourcetype on an incoming file as breakable_text or too_small. What determines these source...

by Path Finder in

monitoring hundreds of metrics and/or configuration items: how to do efficiently?

I'm trying to use Splunk to monitor both runtime metrics and configuration state of a server application like JBoss o...

by Contributor in

Can I monitor Windows Registry with Splunk?

Are there ways in Splunk to monitor and index any activity on Windows Registry?

by Splunk Employee in

How can I monitor a directory full of mixed types of logfiles while explicitly applying sourcetypes?

I have a directory /logdir and it contains various types of files, such as apache logs, syslog files, local applicati...

by Splunk Employee in

How do I set a hostname?

What do I need to do to set the correct hostname for an event?

by Splunk Employee in

My coldtofrozen script seems to hang splunk, what can I do?

When my selected coldToFrozenScript runs, which can take 10 minutes, the splunk search interface stops working until ...

by Splunk Employee in

I can't see data I know is indexed

I have data indexed but the "all indexed data" dashboard module is empty. Searching for * over all time produces no r...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

retrying a scripted input after a failure

Is it possible to tell LINE_BREAKER to stop eating my angle bracket?

How do I group lines into a single event at index-time?

What are the default sourcetypes and how are they determined?

monitoring hundreds of metrics and/or configuration items: how to do efficiently?

Can I monitor Windows Registry with Splunk?

How can I monitor a directory full of mixed types of logfiles while explicitly applying sourcetypes?

How do I set a hostname?

My coldtofrozen script seems to hang splunk, what can I do?

I can't see data I know is indexed

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

OTEL splunk_hec receiver how to handle invalid tok...

Best Practices for Handling High-Cardinality Dimen...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...