Getting Data In

Discussions

Thread Info

hostname from non-default udp input does not get converted into DNS entry ...

Server is running 4.1. This does not seem to be an issue for default udp (that is, udp/514) messages. [udp://95...

by Engager in

splunk-optimize.exe WIndows Security Events

I have a test Windows forwarder set up that is generating over 22,000 events relating to the splunk-optimize.exe proc...

by Explorer in

Create Australian locale?

We need to get Splunk to display date formats using the Australian format of dd/mm/yyyy rather than the US format whi...

by Champion in

I'm testing splunk, and when I edit my logfiles, splunk doesn't notice the changes. Why?

I have a test logfile I fed into Splunk: Apr 13 10:41:16 support05 kernel: [1815783.556088] usb 2-1: new full spee...

by Splunk Employee in

is there a way to tail a file to index any new changes?

I let splunk monitor a directory of files. I found when any file got changed splunk will reindex all events in the fi...

by Explorer in

How to monitor a file within a VM?

How do you configure Splunk to monitor files within a VM? I installed Splunk within a VM and added a data input to mo...

by Engager in

Why are my udp syslog input events getting merged?

Odd behaviour with some udp syslog input from a Panorama device (palo alto management device) and ArcSight connector ...

by Splunk Employee in

How would I read in a log entry with uncommon time formats?

Log entries have timestamps with Taiwan years. Taiwan year = current year-1911, so this year is 99. By default Splunk...

by Splunk Employee in

Newbie getting set up (monitoring several computers-long post)

I'm a fairly new admin and extremely new at looking at reports/data. I have an issue with my server that I can't trac...

by New Member in

Some of my data does not have the correct sourcetype. Can I change it?

Is there a way to export the data that isn't correct then re-import it using the correct sourcetype? If not, is there...

by Splunk Employee in

Audit Windows Cleartext passwords

Is there a search I can execute that will show me all the passwords that have been sent across the network in clearte...

by New Member in

Does Splunk Windows installer generates any logs during the install process?

Splunk Windows installer, the msi package, is used to install new Splunk instances or upgrade/update existing Splunk ...

by Splunk Employee in

Splunking mutiline logfiles

How do I setup multiline log files in splunk, specifically we have a set of logs which are irregular, Log entries do ...

by Path Finder in

How can I index the same file to different indexes?

I have a file that I need to index twice. Specifically, I need it sent/indexed to two different indexes. How could I ...

by Splunk Employee in

Why is the svchost.exe process thrashes the CPU whenever Splunk is running?

I have Splunk 4.0.10 64bit version running in Windows 2008 R2 64bit. I noticed that when Splunkd service is turned on...

by Splunk Employee in

Can I get a listing of all of the endpoints registered with Splunkweb?

I've heard there are some REST endpoints that allow you to refresh objects (such as new dashboards, nav menus, etc......

by Splunk Employee in

Changing sourcetype for FWSM

Hi, I just installed cisco_firewall_addon for version 4.1 of splunk and I am having some issues. I have an ASA and a ...

by Explorer in

Syslog-ng logs show as host=localServer, rather than remote?

Hello, System type: Linux We have splunk running on our centralized syslog-ng server. We then have other server...

by Engager in

How do wildcards/whitelist/blacklist interact in inputs.conf?

Would someone confirm the following observations regarding data input configuration via inputs.conf? when using wi...

by Splunk Employee in

Search by host (all indexed data Hosts list)

Hi, I have syslog_ng server (sles 10). Everything is logged in this way: /var/log/HOSTS/xx-yy/hostname or ip/lo...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

hostname from non-default udp input does not get converted into DNS entry ...

splunk-optimize.exe WIndows Security Events

Create Australian locale?

I'm testing splunk, and when I edit my logfiles, splunk doesn't notice the changes. Why?

is there a way to tail a file to index any new changes?

How to monitor a file within a VM?

Why are my udp syslog input events getting merged?

How would I read in a log entry with uncommon time formats?

Newbie getting set up (monitoring several computers-long post)

Some of my data does not have the correct sourcetype. Can I change it?

Audit Windows Cleartext passwords

Does Splunk Windows installer generates any logs during the install process?

Splunking mutiline logfiles

How can I index the same file to different indexes?

Why is the svchost.exe process thrashes the CPU whenever Splunk is running?

Can I get a listing of all of the endpoints registered with Splunkweb?

Changing sourcetype for FWSM

Syslog-ng logs show as host=localServer, rather than remote?

How do wildcards/whitelist/blacklist interact in inputs.conf?

Search by host (all indexed data Hosts list)

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...

Documentation for AWS app for S3

Why are Splunk some logs missing from kiwi syslog?