Getting Data In

Thread Info

Sourcetypes Definition with lea_opsec

If I use lea_opsec to gather Checkpoint informations, I can define a simple data input for that. But if I get Loge...

by Splunk Employee in

Splunk on a Domain Controller

Is there any possibility to run an Splunk Forwarder on a Windows 2008 Domain Controller so that the Forwarder is runn...

by Splunk Employee in

where is the forwarded data?

I configured a linux forwarder. The receiving one is a windows splunk server. The splunkd.log says that events are...

by Engager in

Searching mulitple Time Fields within a record

Relatively new to splunk. I have a csv that has been splunked and splunk extracted the header record and assigned the...

by New Member in

Why is /etc/shadow being indexed? Does fschange index files?

unix [monitor:///etc] unix _blacklist = (/etc/shadow) system _rcvbuf = 1572864 unix _whitelist ...

by Communicator in

Disable loading of splunk-regmon

Hi, How can I stop the loading of splunk-regmon? I'm getting these errors: ERROR ExecProcessor - messag...

by Path Finder in

Splunk not receiving any events from custom (scripted) inputs

Hello, I created a windows executable which reads lines from a file and outputs to console and made Splunk run thi...

by Explorer in

merging data at index time or using the second date for the time stamp

I have a log that looks like this: 2010/06/28 12:44:21 - -ERROR(Version: 1.0 Buildguy from 2009-05-12 08.45.26) :...

by Engager in

Performance of Forwarder in high volume environment

Hello guys, I am estimating to receive firewall events of ~200K EPS from 10 core firewalls. My initial thoughts ar...

by Path Finder in

How to index current firmware version of Dell hardware?

How could I the capture firmware version of a Dell chassis/blade etc. and index it into Splunk?

by SplunkTrust in

Mail headers and received timestamps

I'm running a mail delivery test from outside our network to watch for long delays on delivery. Splunk is all set to ...

by Influencer in

Will Splunk index events older than existing indexed events (same source)

Hi all, I have a fairly basic (but confusing) question for you all. Essentially, this is the go...: For a prod ...

by Path Finder in

Cisco appz for all addresses

I'm in the process of figuring out the cisco-related apps and add-ons, and one notable point is that by default 10.* ...

by Contributor in

Is there a maximum number of forwarders per indexer?

Is there a maximum number of forwarders that a single indexer can support, or is the limiting factor on the indexer j...

by Motivator in

What is splunk's capacity for receiving UDP events/second?

We have an index that gets around 2million events/hour and it seems not a sizable number of events are not making it ...

by Splunk Employee in

Alerting on number of times something happens in a timeframe

I'm monitoring CPU usage on a Windows server. What's the best way to create a search/alert if CPU usage goes over 80%...

by Splunk Employee in

Custom time not working maybe locale issue

I set the custom time to June 14 11:48:00 -> June 14 11:48:05. I then click on search and the log info is shown but t...

by New Member in

Single log to multiple indexes

Hi there, I am in the process of planning a roll out of splunk to our network, however, I am stuck on the indexes....

by Path Finder in

hostname in inputs.conf

Is there anyway I could verify if there is any variable which could be used to extract hostname for inputs.conf? inst...

by Path Finder in

Why does Splunkd crash after start service for a few minutes.

I'm running splunk version 4.0.7 on Windows Server 2008 SP2 x86-64. It's work fine for a couple months. After environ...

by Engager in

Can I route some data as syslog output to multiple destinations?

I am indexing data feeds A and B and want to forward just data from B as syslog to servers X and Y (cloning the data ...

by Splunk Employee in

Setting a lower priority in props.conf

How do you properly set a source matching stanza in props to be lower than the default stanza matching priority? P...

by Super Champion in

Can i tell splunk not to index the first X lines of a file?

I have a logfile that has headers in the first two lines of the file. Imagine something like the output of UNIX' "top...

by Splunk Employee in

Multiple Timestamps

My events have two different times in them, one from when the dns server processed them, and then another is added to...

by Explorer in

Disabling type "Informational" with splunk for windows

I have a linux indexer. I forward with the light forwarder from about 200 windows boxes. On the indexer I don't wa...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Sourcetypes Definition with lea_opsec

Splunk on a Domain Controller

where is the forwarded data?

Searching mulitple Time Fields within a record

Why is /etc/shadow being indexed? Does fschange index files?

Disable loading of splunk-regmon

Splunk not receiving any events from custom (scripted) inputs

merging data at index time or using the second date for the time stamp

Performance of Forwarder in high volume environment

How to index current firmware version of Dell hardware?

Mail headers and received timestamps

Will Splunk index events older than existing indexed events (same source)

Cisco appz for all addresses

Is there a maximum number of forwarders per indexer?

What is splunk's capacity for receiving UDP events/second?

Alerting on number of times something happens in a timeframe

Custom time not working maybe locale issue

Single log to multiple indexes

hostname in inputs.conf

Why does Splunkd crash after start service for a few minutes.

Can I route some data as syslog output to multiple destinations?

Setting a lower priority in props.conf

Can i tell splunk not to index the first X lines of a file?

Multiple Timestamps

Disabling type "Informational" with splunk for windows

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

What Log Files Should Be Monitored in SUSE Linux f...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions