Getting Data In

Discussions

Thread Info

Splunk not indexing data

I have a Splunk indexer which hasn't been indexing logs from the past 3-4 days. I'm trying to troubleshoot and have g...

by Path Finder in

filter event app not taking effect

my goal is to eliminate the following event from being indexed as it is killing our license. Could not ungzip\. He...

by Explorer in

Index Retention by Time Only

We would like to retain data in our indexes by time only. Is this possible? I think I am doing it correctly for our i...

by Builder in

Can I remove extra newlines from my csv?

I have an alert set up that surfaces suspicious activity by ip addresses which triggers an extremely simple shell scr...

by New Member in

Universal forwarder from a MS SQL cluster

We have a number of MS SQL Server clusters with the Splunk Universal Forwarder installed. We would like to index ...

by Engager in

Regular expression in props.conf

I have an output lifesize_cdr: INFO 24,16,8CC 9-107-Photon,172.20.129.30,,,,2012-02-07 16:22:21,2012-02-07 16:22:2...

by Builder in

Message rate meter Exchange 2010

Is there any way to change the scale on the message meter in the Exchange app? We normally generate about 10k emails ...

by New Member in

Log Retention

Hi, I have configured following parameters for testing the log Archiving for one of my index named "os". But it is...

by Path Finder in

Report required from Syslog data from Cisco ACS

I have a Cisco ACS serving radius requests for VPN users. The syslog is configured for splunk and is able to receive ...

by New Member in

SMTP Exchange 2007 Alert Setup

We would like more information on how to setup splunk alert emails with smtp exchange 2007. If there are any suggesti...

by Engager in

Wrong Timestamp

Hi all, Splunk adds one hour to timestamp, when indexing logs. Example of my logs: [ 21/Feb/2012 1:05:32.3...

by Explorer in

transforms.conf multiple $1 assignments

Folks, Running Splunk v4.3 and trying to understand this phenomenon. In transforms.conf, something like this: [...

by Communicator in

props.conf change does not take effect

By source type or file, I changed the line breaking setting but it never takes effect. On my local test system it wor...

by New Member in

Pre-index filtering

Requirment Drop events before they get sent to the splunk indexer. Want to just send the lines with "Authentic...

by Explorer in

The CLI on the Universal Forwarder does not work when the management port is disabled

A universal forwarder asks me to start splunk when i try to use the cli. Has anyone else experienced this or similar ...

by Motivator in

How can I rewrite/add info from metadata to the contents of the raw log line?

I need to be able to add some information from the Splunk metadata (host and source) into the raw log. I'm looking at...

by Builder in

Are Search-Time Fields Able To Be Overwritten in a transforms.conf File?

I was wondering if you can assign a search-time extracted field one value and then later, in a stanza that will be pr...

by Communicator in

Multiple sourcetypes for different kind of logs

We are using the Universal lightforwarder on a linux box and pushing the monitored output for the several log files o...

by Builder in

Index for specific hosts, except for splunkd sourcetype

I have setup a props.conf with: [host::server*] TRANSFORMS-movetonewindex = newindex And a transforms.conf with: ...

by Explorer in

Repeated ntfs problems on Windows 7 64

Hi ! Since I have installed splunk-4.1.2-79191-x64-release as a forwarder on a Windows 64 i'm getting several instanc...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk not indexing data

filter event app not taking effect

Index Retention by Time Only

Can I remove extra newlines from my csv?

Universal forwarder from a MS SQL cluster

Regular expression in props.conf

Message rate meter Exchange 2010

Log Retention

Report required from Syslog data from Cisco ACS

SMTP Exchange 2007 Alert Setup

Wrong Timestamp

transforms.conf multiple $1 assignments

props.conf change does not take effect

Pre-index filtering

The CLI on the Universal Forwarder does not work when the management port is disabled

How can I rewrite/add info from metadata to the contents of the raw log line?

Are Search-Time Fields Able To Be Overwritten in a transforms.conf File?

Multiple sourcetypes for different kind of logs

Index for specific hosts, except for splunkd sourcetype

Repeated ntfs problems on Windows 7 64

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

Why am I receiving unwanted HB (Heartbeat ?) logs ...

Splunk OTEL Forwarder- Is there a values.yaml file...

Renamed serverclass, but not updated in data input...

How do I ship json file uusing HTTP Event Collecto...

How to highlight the data in the Map for regions E...