Getting Data In

Discussions

Thread Info

indexes.conf: "default" vs "main" settings: which go into effect?

I'm working to put in place a 400 day (34560000 second) data retention policy on the main (default) index. At the ...

by Splunk Employee in

Translate GUID in Windows Event Log during Searchtime?

Is there a way to translate any GUID's to their corresponding AD objects as with "evt_resolve_ad_obj," but during Sea...

by SplunkTrust in

Splunk as a simple indexer

We have a requirement to index a DFS folder containing a lot of subfolders and files from different servers. The goal...

by Explorer in

How do you get a config from a scripted input?

Digging around in the splunk python docs (via help(splunk...), splunk.bundle.getConf seems to be the best way to read...

by Path Finder in

Multi line NFS monitoring file cause multiple events to be created

Hello, We are monitoring application files that are mounted as read-only NFS drives, and sometimes multi-lines mes...

by Explorer in

I want to index a logfile without breaking up - regardless the content

Is there a config to index a full logfile regardless the content? I tried MAX_EVENTS=3000 only but it looks that this...

by Contributor in

Moving data with the batch stanza?

I have a forwarder that has almost a TB of data sitting in its monitored directory, which seems to be slowing down th...

by Communicator in

Syslog timestamp parsing error: "outside of the acceptable time window"

I'm running Splunk version 4.1.5, build 85165 on a Win2003 32-bit server with a dual-core CPU and 4GB RAM. I realize ...

by New Member in

Are Windows Eventlogs from windows forwarder lacking timezone

I'm trying to get a configuration going with light forwarders on many windows servers in different timezones. It a...

by Communicator in

Possible to add a complete file (oneshot/sinkhole) AND followTail

I'd like to start monitoring a file that has been around for a while. I need to get all the older data in the file AN...

by Communicator in

IIS Log - Timezone

How do convert the IIS log timezone (GMT) to the local time in splunk?

by New Member in

Trying to create an application with Splunk's Restful API

I'm new to Splunk and am somewhat familiar with REST. I am trying to create a new application through the Splunk REST...

by Engager in

Question in sendemail.py

i found the part of code in sendemail.py is as follow: if len(results) != 0: cols = [] for k,v in...

by Contributor in

After disabling a Forwarder, it keeps talking to the receiver

I had several lightweight forwarders set up, with all of them pointing towards a single Cook Fwd. Due to a mistake...

by Explorer in

How can we use original timestamps with distributed search indexers

Architecture: Two splunk servers: 1. London as search and local indexing. 2. New York as local indexing only. The ...

by Path Finder in

Extract timestamp without date?

Preface: The timestamp is in HHMM format from the source, year/month/day information is not provided. The data is pro...

by Explorer in

Splitting logs sent over the network

I'm experiencing an issue where logging to splunk over the network (either via TCP or UDP) sometimes chunks multiple ...

by New Member in

Added a large file and now "Daily indexing volume limit exceeded."

I am still on a trial of the enterprise version. I have one central splunk server and several forwarders setup. Th...

by New Member in

Pre-filter Windows Event Logs before collected?

Is there any way to pre-filter WMI event logs, e.g. only collect warnings and errors on the Application log, System l...

by Engager in

indexed only 1 CSV file

Trying to index some radius accounting (.act) files that are really CSV files with a header "Date","Time","RAS-Cli...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

indexes.conf: "default" vs "main" settings: which go into effect?

Translate GUID in Windows Event Log during Searchtime?

Splunk as a simple indexer

How do you get a config from a scripted input?

Multi line NFS monitoring file cause multiple events to be created

I want to index a logfile without breaking up - regardless the content

Moving data with the batch stanza?

Syslog timestamp parsing error: "outside of the acceptable time window"

Are Windows Eventlogs from windows forwarder lacking timezone

Possible to add a complete file (oneshot/sinkhole) AND followTail

IIS Log - Timezone

Trying to create an application with Splunk's Restful API

Question in sendemail.py

After disabling a Forwarder, it keeps talking to the receiver

How can we use original timestamps with distributed search indexers

Extract timestamp without date?

Splitting logs sent over the network

Added a large file and now "Daily indexing volume limit exceeded."

Pre-filter Windows Event Logs before collected?

indexed only 1 CSV file

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

Dashboard Studio - Adding a drop down to filter re...

Splunk Cloud: HEC is not receiving data from cribl...

Connection error with Splunk HEC data input?

How do I effectively filter information?

How to determine which events came from HEC?