Getting Data In

Discussions

Thread Info

Splunk Documents 404 & CSV Issues

Hi- For some reason every time I try to go to the documentation from within Splunk or from other links, I get a 40...

by New Member in

UF to HF ratio

From the field...... customers with large deployments, what is your ratio of UFs to HFs. We had about 2500 UFs report...

by Contributor in

Transform for sourcetype not working

I have setup a transform to ideally set the hostname and sourcetype for syslog traffic, however I'm encountering prob...

by Explorer in

how do I untar the app for Windows... why wouldn't it be zipped?

I have the Windows app downloaded, but it is in a tar.gz format.

by New Member in

Sourcetype -too_small

Just wanted to know how I can stop this from appearing. I've seen other answers saying that its due to the number of ...

by Communicator in

rsyslog question

Hi, This isn't a splunk question, but I figure this community probably has a lot of people who use rsyslog... I...

by Champion in

Splunk v5 Forwarder

Does anybody know, or could advise whether v5 can be used as a heavy forwarder to a 4.3 back end please? I did read t...

by Builder in

Can I monitor Active Directory with Splunk?

I have an Active Directory with several domain controllers. How can I monitor all activity in the Active Directory wi...

by Splunk Employee in

forwarder not compressing despite being told to do so

Hi There. I have 2 matching forwarders pointed to an indexer. One compresses, one doesn't. Any ideas why? Machine ...

by New Member in

dispatch logs incoming from one source to multiple indexes

Dear all, I have syslogs of several firewalls incoming from a TCP port. I would like to dispath the logs of eac...

by Explorer in

Tracing Response time of apache using splunk

I am tracking the response time(in seconds) of the pages served by apache using "%T" and i would like to track all th...

by Engager in

How can I extract only some portions of a json event?

I have some json events which look similar to the example below. Key to my question is the events[] array which conta...

by New Member in

Monitoring a folder

We are talking about the Splunk capability of monitoring any type of logs. I am having a gunieune issue to to monitor...

by Explorer in

creating automatic sourcetype

hi, how to create an automatic sourcetype, which is not there in the splunk list ? how we can define the regex so tha...

by Builder in

sinkhole policy

I would like to use the sinkwhole policy to tell splunk to index a folder. Please see below. I need to send these lgo...

by Explorer in

How to do FSCHANGE now? (Windows)

As I read over the 5.0 docs it seems that fschange is being depreciated. And, wouldn't you know it, just as I was abl...

by Communicator in

Creating a graph based on unique Source IP hits

Hello, I'm not sure the best way that this can be handled. But I have a Citrix Netscaler that I've copied logs fro...

by New Member in

props.conf and syslog

I have an entry in props.conf for TZ conversion i.e: [host::SOMEHOST] TZ = UTC If the host is running the unive...

by Explorer in

log forwarding doesnt work, linux

Hi, it would be great if somebody could help me. Since few hours I`m trying to configure log forwarder, but witho...

by Explorer in

Can I view related parts of a multiline log entry?

Some of the long entries my app makes are composed of multiple lines. I would like to keep it this way (a log line ca...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk Documents 404 & CSV Issues

UF to HF ratio

Transform for sourcetype not working

how do I untar the app for Windows... why wouldn't it be zipped?

Sourcetype -too_small

rsyslog question

Splunk v5 Forwarder

Can I monitor Active Directory with Splunk?

forwarder not compressing despite being told to do so

dispatch logs incoming from one source to multiple indexes

Tracing Response time of apache using splunk

How can I extract only some portions of a json event?

Monitoring a folder

creating automatic sourcetype

sinkhole policy

How to do FSCHANGE now? (Windows)

Creating a graph based on unique Source IP hits

props.conf and syslog

log forwarding doesnt work, linux

Can I view related parts of a multiline log entry?

Announcing General Availability of Splunk Incident Intelligence!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Triggering Windows Event 6417

Why are we missing Windows "WinEventLog:Security...

SSL: UNKNOWN_PROTOCOL Error with Gitlab Auditor TA

Help with MSSQL JDBC driver incompatibility error?

How to configure Azure functions to pass the loggi...