Getting Data In

Thread Info

syslog using Splunk

Hi, can anyone tell me if I could do this using Splunk: Log from particular host to a particular directory, Archive l...

by New Member in

Experiences rolling frozen storage into HSM (Hierarchal Storage Management)

Does anyone have experience integrating splunk with a hierarchal storage management system (like AMASS, Legato, or Ti...

by SplunkTrust in

Some of my indexes have stopped indexing...

For some reason, looks like 2-3 of my indexes have stopped indexing. The monitor point to the indexes is pointed to d...

by Contributor in

How to send a notification when the my iindexer process through a certain amount of forwarded data

I want a search that will tell me the total throughput of my indexing server, and then setup a notification if that t...

by Path Finder in

Regarding how to splunk TripWire logs

I would like to splunk TripWire events so that I can search and correlate them with my other security, syslog, and ap...

by Splunk Employee in

follow tail returning jumbled mess

I’m currently getting a new log source ready for production, and I almost have it except for one issue. I’m forwardin...

by Communicator in

How do I strip out part of the timestamp so I only get the date?

I am trying to build a report where I want to summarize the number of events for an entire year by day sorting by hos...

by Communicator in

Mulltiline XML extraction...

So I have an xml formatted log added as a source, sourcetype'd as WSE_audit, and I'm trying to get it to basically sp...

by Path Finder in

Scripted input not showing up in search results

env[home] = linux, centos, splunk 4.0.11, everything on one test box cat /opt/splunk/etc/apps/unix/bin/uname.sh ...

by Communicator in

What's an Invalid_hot_6 doing in my index? Should I do something about it?

In my index, in the warm directory, I have some buckets like db_1274392278_1271804233_0, some hot_v1_1, and then this...

by Splunk Employee in

Limit search results to a sourcetype

What can I do to limit search results for one or more sourcetypes. I am able to get the results through the Splun...

by New Member in

Anyone have a good working DB polling scripts written in Python?

Anyone have a good working python DB table dump scripts that keeps track of last row marker? I guess it would be i...

by Communicator in

I'm getting an error for some files I am monitoring about hitting EOF while computing CRC. What does this mean?

I'm seeing the following errors in splunkd.log and my file isn't being monitored properly -- the events don't seem to...

by Champion in

Can I splunk ClearCase for source code change monitoring?

Wondering if anyone has ever integrated ClearCase with Splunk yet. Does ClearCase provide text logs on disk or maybe ...

by Splunk Employee in

Monitoring hidden files on Linux

I'm having a problem trying to monitor the .bash_history file. I've set up a monitor for /home with a whitelist of "....

by Explorer in

Failed to write usn context

I am seeing the following errors over and over again in my splunkd.log file. I'm not sure where to go to resolve this...

by Explorer in

Juniper SSG20 logs showing up as multi-line chunks in interface

Possible Duplicate: Juniper Netscreen TCP Syslog messages not breaking properly Hi, I have an SSG20 sending s...

by New Member in

Where is the data stored on a Forwarder when the Receiver is down

I know the forwarder will buffer its data if the receiver goes down for some reason.Where is the data stored(director...

by Engager in

How can i check for forwarders that have not sent a specific sourcetype,source,host within x time?

Is there any way to check for forwarders that have not connected recently and include a "sourcetype, source or host" ...

by Splunk Employee in

index on regex field from source

I have a dir of text files named like such scriptcalled_201005211317_stdout.txt how do i index them on that date? ...

by Contributor in

Alerting on forwarder up/down events

I have a saved search that notifies me when a forwarder goes up or down based on various TcpInputProc and TcpOutputPr...

by Super Champion in

Syslog Priority Levels Stripped for UDP and TCP Syslog Messages

All, I noticed discussions on how to prevent Splunk from stripping priority levels from UDP Syslog messages. Will ...

by Engager in

Scripted Alert Question

Is there a way to pass the result of a savedsearch to a script? For example, if the search returns: suser duser sh...

by Explorer in

Search-time Mask

Some events flow into the Splunk instance via syslog sockets. For a brief period of time, the sourcetypes that cam...

by Contributor in

getting event timestamp from source file name

I have a .csv file that I'm indexing. There is no timestamp information in the .csv file, but there is a date in the ...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

syslog using Splunk

Experiences rolling frozen storage into HSM (Hierarchal Storage Management)

Some of my indexes have stopped indexing...

How to send a notification when the my iindexer process through a certain amount of forwarded data

Regarding how to splunk TripWire logs

follow tail returning jumbled mess

How do I strip out part of the timestamp so I only get the date?

Mulltiline XML extraction...

Scripted input not showing up in search results

What's an Invalid_hot_6 doing in my index? Should I do something about it?

Limit search results to a sourcetype

Anyone have a good working DB polling scripts written in Python?

I'm getting an error for some files I am monitoring about hitting EOF while computing CRC. What does this mean?

Can I splunk ClearCase for source code change monitoring?

Monitoring hidden files on Linux

Failed to write usn context

Juniper SSG20 logs showing up as multi-line chunks in interface

Where is the data stored on a Forwarder when the Receiver is down

How can i check for forwarders that have not sent a specific sourcetype,source,host within x time?

index on regex field from source

Alerting on forwarder up/down events

Syslog Priority Levels Stripped for UDP and TCP Syslog Messages

Scripted Alert Question

Search-time Mask

getting event timestamp from source file name

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Internal Log Forwarding

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions