Getting Data In

Discussions

Thread Info

Splunk stopped indexing syslog (udp:514) data

@ a customers site: " Splunk was indexing udp:514 data until this Wednesday when it stopped altogether. Using TCPDump...

by Splunk Employee in

Reliability of a forwarder

Hello everyone , We are planning to have a Splunk setup as below: LightForwarders -> Forwarders -> Indexers ...

by Explorer in

Newbie Question: Getting Data into a Distributed Cluster

Hey all! I am trying to understand splunk a little better. I am trying to setup a search head and two indexers. I ...

by Engager in

Cisco Firewall Add-On

I downloaded and installed the Cisco Firewall Add-On and it properly renamed the sourcetype of my ASA, FWSM and PIX f...

by Engager in

cannot get data from directory path

i need to index a bunch of xml logs that have an extension of .stats i was able to just upload one of them from th...

by New Member in

What is the smallest Splunk license I can get or split to?

I currently have a 1GB/day Splunk license and I need to have it split up into a smaller 200MB, 300MB, and a 500MB lic...

by Splunk Employee in

Do you think splunk could scale to 1 petabyte a day?

Do you think splunk could scale to 1 petabyte a day? What is the amount indexed by the largest installation out th...

by Communicator in

What's the best practice to ensure all your forwarders have forwarded all the events up to a certain timestamp?

Here's one possible solution I think would work if the there are constant events coming in from each source. searc...

by Path Finder in

How to Configure timestamps for events with multiple timestamps

I followed the directions for configuring custom timestamps for events with multiple timestamps but I am not getting ...

by Explorer in

Splunk train sourcetype doesn't work, gives "Parameters must be in the form '-parameter value'"

When i try to train splunk to automatically recognize files of a given type, I get the following: # $SPLUNK_HOME/b...

by Splunk Employee in

fschange pollPeriod parameter

If I specify pollPeriod parameter for fschange, is it supposed to generate an event each time it checks file for chan...

by Path Finder in

How do I upgrade my Windows 32-bit splunk install to a 64-bit install?

I'm looking to upgrade my splunk forwarder from a 32-bit Windows version to the 64-bit windows version. Can I simply ...

by Super Champion in

Windows WMI configuration

Hi, Is there a way to configure how Splunk get the data from WMI for event logs, ex: how often Splunk check the ho...

by Engager in

WMI event logs manager

Hi, I defined over 60 hosts in Remote Windows Event log manager on splunk but when I go back in the manager I only...

by Engager in

How does the connection process work when querying a large number of WMI hosts for statistics (not eventlogs)

If have 100 desktops i want to collect a few statistics from.. say every 30s... does Splunk make 100 queries every 30...

by Splunk Employee in

Best Practices for Multi-User Search Performance

Hey guys, I currently have a 3-server architecture (2 central indexers with 1 search head). We are looking to hav...

by Contributor in

Could you provide more monitoring detail on a directory monitored via batch/sinkhole ?

I have 10's of thousands of files(tarballs) i want to monitor via batch/sinkhole. [batch:///var/log/archived_files...

by Splunk Employee in

How to get Splunk to work with Sawmill server?

Hi, At the moment we have had number Ironport appliances deployed but their log files being uploaded to FTP server...

by Engager in

How do I make a report save to a share on a different server every 24 hours?

I run a report every 24 hours, and I want to make the .csv results file available to multiple users afterwards. Can I...

by Splunk Employee in

Monitoring changes to configuration files

Trying to monitor changes to configuration files. Followed this article: http://www.splunk.com/base/Documentation/...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk stopped indexing syslog (udp:514) data

Reliability of a forwarder

Newbie Question: Getting Data into a Distributed Cluster

Cisco Firewall Add-On

cannot get data from directory path

What is the smallest Splunk license I can get or split to?

Do you think splunk could scale to 1 petabyte a day?

What's the best practice to ensure all your forwarders have forwarded all the events up to a certain timestamp?

How to Configure timestamps for events with multiple timestamps

Splunk train sourcetype doesn't work, gives "Parameters must be in the form '-parameter value'"

fschange pollPeriod parameter

How do I upgrade my Windows 32-bit splunk install to a 64-bit install?

Windows WMI configuration

WMI event logs manager

How does the connection process work when querying a large number of WMI hosts for statistics (not eventlogs)

Best Practices for Multi-User Search Performance

Could you provide more monitoring detail on a directory monitored via batch/sinkhole ?

How to get Splunk to work with Sawmill server?

How do I make a report save to a share on a different server every 24 hours?

Monitoring changes to configuration files

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk OTEL Forwarder- Is there a values.yaml file...

How to highlight the data in the Map for regions E...

Dashboard Studio - Adding a drop down to filter re...

Splunk Cloud: HEC is not receiving data from cribl...

Connection error with Splunk HEC data input?