Getting Data In

Discussions

Thread Info

Why am I unable to delete Splunk from an Ubuntu server?

I tried deleting Splunk completely from the Ubuntu server. I'm able to delete the splunk_home directory, but when I r...

by New Member in

REST api no results from sid

Splunk 6.1.0 (build 206881) Mac OSX input: curl -u admin:splunker -k https://localhost:8089/services/search/jobs -...

by Path Finder in

How to configure inputs.conf to monitor files which get created automatically after reaching a certain size?

I have file called console.log. When its size reaches to 512MB, another file gets created with the name console_serve...

by New Member in

I configured inputs.conf in Splunk free to monitor different app log files, but why am I unable to view the data in Splunk Web?

HI, I am new to Splunk. Apologies if the same question was asked earlier. I am posting here as I couldn't find th...

by New Member in

How can I use a unixtimestamp as a timerange filter like with earliest & latest in the first pipe?

Hi, my events have a field with epochtime which I want to use in the very first pipe to filter the search Of cours...

by Motivator in

Change tag permission via REST API (cURL)

I have a curl statement which is sent to the rest api of my search head to add some tags based upon some criteria, af...

by Communicator in

Find line number of search string in multiline event

I have multiline events and I need to identify which line number a search string appears in. Preferred would be a sol...

by Builder in

After rebuilding a Splunk server, is there way to centrally tell all my forwarders to resend all logs prior to the system going down?

Recently I had to rebuild our Splunk server. Luckily we had the config files so was able to get everything back up an...

by Engager in

Why is Windows event log message data being truncated and only the first 2 lines are getting forwarded?

Hi I am having a strange issue where some of the message or 'EventData' is missing from the forwarded Windows even...

by New Member in

When I try to add or delete port 9997, why do I get the same "Error occurred attempting to remove 9997...Could not find config id for port"?

When I try deleting port 9997, I get the following problem: Error occurred attempting to remove 9997: In handler '...

by Explorer in

Why is Splunk indexing two hostnames when I only have one set in inputs.conf?

I am monitoring two files: /var/log/secure and /var/log/messages In the Data Summary Hosts tab, I have two hosts: ...

by Explorer in

Is it possible to prioritize what data is forwarded from a heavy forwarder? (ex: security data first, then non-security data)

Hi everybody, I'm new in Splunk, so be gentle, please. So that's the scenario: I have a Splunk Heavy forward...

by Influencer in

How to assess improvement in network utilization after turning on compression on a universal forwarder?

Hi, I'm wanting to assess the improvement in network utilization after turning on compression. Is there any search...

by Communicator in

How to send logs from a Kiwi syslog server to Splunk?

How to integrate Kiwi syslog server with Splunk? I mean what configuration changes are required to perform on the kiw...

by Explorer in

delta report for multiple hosts

I have the following log messages coming from syslog-ng Jun 14 10:32:04 sc4-cron.mcafeesecure.com syslog-ng[2775]:...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why am I unable to delete Splunk from an Ubuntu server?

REST api no results from sid

How to configure inputs.conf to monitor files which get created automatically after reaching a certain size?

I configured inputs.conf in Splunk free to monitor different app log files, but why am I unable to view the data in Splunk Web?

How can I use a unixtimestamp as a timerange filter like with earliest & latest in the first pipe?

Change tag permission via REST API (cURL)

Find line number of search string in multiline event

After rebuilding a Splunk server, is there way to centrally tell all my forwarders to resend all logs prior to the system going down?

Why is Windows event log message data being truncated and only the first 2 lines are getting forwarded?

When I try to add or delete port 9997, why do I get the same "Error occurred attempting to remove 9997...Could not find config id for port"?

Why is Splunk indexing two hostnames when I only have one set in inputs.conf?

Is it possible to prioritize what data is forwarded from a heavy forwarder? (ex: security data first, then non-security data)

How to assess improvement in network utilization after turning on compression on a universal forwarder?

How to send logs from a Kiwi syslog server to Splunk?

delta report for multiple hosts

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

What’s New in Splunk Cloud Platform 9.1.2308?

Calculating math on three different searches

Reports are not indexed correctly

Journald exclude specific services

Combine multiple index searches into one overall s...

Custom Attribute Retrieval in VMware App (Add-on f...