Getting Data In

Thread Info

Why is there a gap in my metrics.log?

Why would there be a gap of logged events in metrics.log between 01-21-2010 15:47:39.421 and 01-22-2010 08:53:28.231 ...

by Splunk Employee in

How to override Splunk renaming sourcetypes xxx-1 if field name header encountered?

This is related to an earlier question: http://answers.splunk.com/questions/490/why-do-variations-in-sourcetype-appea...

by Builder in

How long do authentication tokens stay valid?

I'm concerned about CLI and REST authentication tokens. How long do those stay valid and is it configurable?

by Path Finder in

How are time zones handled in distributed searches?

Are queries that go to two index servers in different time zones handled correctly? I'm assuming it does, but want to...

by Path Finder in

How to add hosts?

I do not see in any of the manuals or Help how to add host servers. You label the targets as Host on the main page bu...

by Path Finder in

How often does Splunk check to apply retention policy?

If a size- or time-based retention policy is set via maxTotalDataSizeMB or frozenTimePeriodInSecs in indexes.conf, ho...

by Splunk Employee in

Automating troubleticket creation

How can I set up Splunk to automatically open troubletickets?

by Splunk Employee in

I've installed Splunk on windows, and I see splunk-wmi.exe and splunk-regmon.exe programs. What are these? Can I turn them off?

Installed Splunk on Windows machine and in the task manager I see these two processes running by default. How can I d...

by Splunk Employee in

How can I find out what events get sent to the nullQueue when I try to filter events on a forwarder?

Hi I am trying to filter events on a LightWeightForwarder, but they don't get dropped. Is there a way to debug thi...

by Motivator in

Can Splunk decode data at index time?

If I have a field value that is URL encoded then base-64 encoded, is it possible to have Splunk decode this field bef...

by Splunk Employee in

What is the difference between a lightforwarder and a regular forwarder?

Apart from the fact that a lightforwarder does not have a web UI, what are the main differences between the 2 apps?

by Splunk Employee in

Data from forwarder arrives at the indexer but does not get indexed

Hi I have set up a light weight forwarder that appears to be getting data to the indexer. But I can't search for ...

by Motivator in

Can I replicate a subset of the data to a non-Splunk destination?

I need to do the following on my forwarder: Forward all data received and gathered by the forwarder to Splunk inde...

by Path Finder in

retrying a scripted input after a failure

[I heard this question on an internal mailing list, but it seemed generally relevant so asking it here too] I have...

by Contributor in

Is it possible to tell LINE_BREAKER to stop eating my angle bracket?

The use of LINE_BREAKER is a bit cryptic to me... ok, a lot. But I think I've managed to figure out how to break my X...

by Splunk Employee in

How do I group lines into a single event at index-time?

What I'm trying to do: at index time, create a multiline event based on a unique ID. In the data sample below, I need...

by Splunk Employee in

What are the default sourcetypes and how are they determined?

Sometimes Splunk sets the sourcetype on an incoming file as breakable_text or too_small. What determines these source...

by Path Finder in

monitoring hundreds of metrics and/or configuration items: how to do efficiently?

I'm trying to use Splunk to monitor both runtime metrics and configuration state of a server application like JBoss o...

by Contributor in

Can I monitor Windows Registry with Splunk?

Are there ways in Splunk to monitor and index any activity on Windows Registry?

by Splunk Employee in

How can I monitor a directory full of mixed types of logfiles while explicitly applying sourcetypes?

I have a directory /logdir and it contains various types of files, such as apache logs, syslog files, local applicati...

by Splunk Employee in

How do I set a hostname?

What do I need to do to set the correct hostname for an event?

by Splunk Employee in

My coldtofrozen script seems to hang splunk, what can I do?

When my selected coldToFrozenScript runs, which can take 10 minutes, the splunk search interface stops working until ...

by Splunk Employee in

I can't see data I know is indexed

I have data indexed but the "all indexed data" dashboard module is empty. Searching for * over all time produces no r...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why is there a gap in my metrics.log?

How to override Splunk renaming sourcetypes xxx-1 if field name header encountered?

How long do authentication tokens stay valid?

How are time zones handled in distributed searches?

How to add hosts?

How often does Splunk check to apply retention policy?

Automating troubleticket creation

I've installed Splunk on windows, and I see splunk-wmi.exe and splunk-regmon.exe programs. What are these? Can I turn them off?

How can I find out what events get sent to the nullQueue when I try to filter events on a forwarder?

Can Splunk decode data at index time?

What is the difference between a lightforwarder and a regular forwarder?

Data from forwarder arrives at the indexer but does not get indexed

Can I replicate a subset of the data to a non-Splunk destination?

retrying a scripted input after a failure

Is it possible to tell LINE_BREAKER to stop eating my angle bracket?

How do I group lines into a single event at index-time?

What are the default sourcetypes and how are they determined?

monitoring hundreds of metrics and/or configuration items: how to do efficiently?

Can I monitor Windows Registry with Splunk?

How can I monitor a directory full of mixed types of logfiles while explicitly applying sourcetypes?

How do I set a hostname?

My coldtofrozen script seems to hang splunk, what can I do?

I can't see data I know is indexed

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions