Getting Data In

Discussions

Thread Info

Does Splunk Windows installer generates any logs during the install process?

Splunk Windows installer, the msi package, is used to install new Splunk instances or upgrade/update existing Splunk ...

by Splunk Employee in

Splunking mutiline logfiles

How do I setup multiline log files in splunk, specifically we have a set of logs which are irregular, Log entries do ...

by Path Finder in

How can I index the same file to different indexes?

I have a file that I need to index twice. Specifically, I need it sent/indexed to two different indexes. How could I ...

by Splunk Employee in

Why is the svchost.exe process thrashes the CPU whenever Splunk is running?

I have Splunk 4.0.10 64bit version running in Windows 2008 R2 64bit. I noticed that when Splunkd service is turned on...

by Splunk Employee in

Can I get a listing of all of the endpoints registered with Splunkweb?

I've heard there are some REST endpoints that allow you to refresh objects (such as new dashboards, nav menus, etc......

by Splunk Employee in

Changing sourcetype for FWSM

Hi, I just installed cisco_firewall_addon for version 4.1 of splunk and I am having some issues. I have an ASA and a ...

by Explorer in

Syslog-ng logs show as host=localServer, rather than remote?

Hello, System type: Linux We have splunk running on our centralized syslog-ng server. We then have other server...

by Engager in

How do wildcards/whitelist/blacklist interact in inputs.conf?

Would someone confirm the following observations regarding data input configuration via inputs.conf? when using wi...

by Splunk Employee in

Search by host (all indexed data Hosts list)

Hi, I have syslog_ng server (sles 10). Everything is logged in this way: /var/log/HOSTS/xx-yy/hostname or ip/lo...

by Explorer in

Monitor problem?

I just installed Splunk 4.1 (configured to run on system accounts) and the first thing i did was add an input monitor...

by Path Finder in

Is alwaysOpenFile still available in version 4.1?

Does anyone know if alwaysOpenFile still works in inputs.conf as of Splunk 4.1. It still shows up in the 4.1 docs, bu...

by Super Champion in

What is the best way to add timestamps to a large log file without timestamps?

I have a file with ~6M events that gets FTP'd to Splunk on a daily basis. Unfortunately I don't have control of the o...

by Splunk Employee in

What is the best way to back up event logs?

I am using Splunk to collect data from the security logs on my network. How long does Splunk store the data that it c...

by New Member in

Hostname changing on some sources

In inputs.conf the default host name is set to the fqdn, test-server.foobar.com. But when I search for that host, it ...

by Splunk Employee in

Problem getting a new index in Splunk v4.0.X to work properly

Hi, I just created a new app and wanted to point my network inputs to another index, managed by my app. So, I modi...

by Engager in

Is there some way to see the current tailing status?

Is there a splunk command or REST endpoint to see the tailing status of monitored files?

by Champion in

The aggqueue and parsingqueue consistently full / blocked - how do I increase ?

Search is index="_internal" source="*metrics.log" group="queue" | timechart perc90(current_size) by name Results a...

by Explorer in

Why can't my Splunk instance read a file on another machine?

I'm trying to index a file on a mapped network drive, but I keep getting seeing 'Access is denied' in splunkd.log. I ...

by Splunk Employee in

How do I forward all rsyslog output from an ubuntu server to my Splunk 4.1 server?

On my old setup I had all syslogs going to syslog on the Splunk server, but now I'm doing a fresh setup with Ubuntu 9...

by Explorer in

What happens to my events at Splunk Light Forwarder when the Indexer goes down?

I have a bunch of Lightweight Forwarders (LWF) forwarding to my central indexer. What happens to my events when there...

by Champion in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Does Splunk Windows installer generates any logs during the install process?

Splunking mutiline logfiles

How can I index the same file to different indexes?

Why is the svchost.exe process thrashes the CPU whenever Splunk is running?

Can I get a listing of all of the endpoints registered with Splunkweb?

Changing sourcetype for FWSM

Syslog-ng logs show as host=localServer, rather than remote?

How do wildcards/whitelist/blacklist interact in inputs.conf?

Search by host (all indexed data Hosts list)

Monitor problem?

Is alwaysOpenFile still available in version 4.1?

What is the best way to add timestamps to a large log file without timestamps?

What is the best way to back up event logs?

Hostname changing on some sources

Problem getting a new index in Splunk v4.0.X to work properly

Is there some way to see the current tailing status?

The aggqueue and parsingqueue consistently full / blocked - how do I increase ?

Why can't my Splunk instance read a file on another machine?

How do I forward all rsyslog output from an ubuntu server to my Splunk 4.1 server?

What happens to my events at Splunk Light Forwarder when the Indexer goes down?

Announcing General Availability of Splunk Incident Intelligence!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Triggering Windows Event 6417

Why are we missing Windows "WinEventLog:Security...

SSL: UNKNOWN_PROTOCOL Error with Gitlab Auditor TA

Help with MSSQL JDBC driver incompatibility error?

How to configure Azure functions to pass the loggi...