Getting Data In

Discussions

Thread Info

Is it possible to preserve original order of events?

Would someone kindly confirm if Splunk is expected to preserve the order of events as they are presented in the origi...

by Splunk Employee in

Forwarding using a UDP port

Can the forwarding port be set to a UDP port? Tried changing the type to UDP in the outputs.conf file, but Splunk kep...

by Explorer in

separating many similar files into different indexes

I have a tree of files that looks something like the following: /var/log/able/access.log /var/log/baker/access.log...

by Builder in

Running a script in another user context

Hello, My splunk server belongs to a different domain with a trust set up. I have a python script that does some A...

by Communicator in

Can the UI display the time stamp of my events in another format than MM/DD/YYYY?

The UI is displaying the time stamp of my events in US format (MM/DD/YYYY), but I would like the time format to be di...

by Splunk Employee in

Compressed data from forwarder to indexer

I'm having some trouble getting this working. I've tried both the regular forwarder as well as the light forwarder. W...

by Explorer in

/var/tmp files seem to be created by Splunk. Why?

Any gurus know why there are files created in /var/tmp/ folder by Splunk? splunk@splunk:/var/tmp> more ddtb5535964...

by Communicator in

Sudden spike in indexed data. How to narrow down

The amount of data I index daily is pretty consistent for the most part. I suppose it's gradually increasing, but no ...

by Builder in

Indexing a file

I am just getting started with splunk. I imported a log file from my web server. however, the file dosn't show up in ...

by New Member in

How to undelete a input source

I have a log file that was |delete'd from the index using search. I want the file back in the index. I did several st...

by Engager in

Why is my sourcetype labeled with a "-1" or "-2" at the end of the name?

I am indexing apache logs and have them rotating on a frequent basis. The log rotation will rename the file to error_...

by Splunk Employee in

How do I setup Splunk to index log4j with org.apache.log4j.RollingFileAppender

We plan to use Splunk to keep log for several java application including web server like Tomcat. Those application ar...

by Path Finder in

Expanding Splunk installation from a single indexer to a multi-indexer + dedicated search head environment..

We're expanding our Splunk environment from a single indexer machine that does everything, to an environment that has...

by Builder in

UDP syslog not showing up on windows splunk server

I've set up Snare on remote servers to forward syslog events on port 6161 to my Splunk server. I've run wireshark ...

by New Member in

Import Checkpoint Archive Logs

I have checkpoint logs going back which we have exported of our checkpoint FW, and i would like to import them into s...

by New Member in

Splunk on windows getting syslog from ESXi

I cannot find any info to get this to work. I am running splunk on a windows vm I want to gather syslog info from the...

by New Member in

duplicate index entries

I'm having what appears to be a logic problem, but it could be something else. I have an app that displays the out...

by Builder in

How can I collect eventlogs into my Splunk?

I have configured remote WMI in my Splunk to see the eventlogs on Windows servers. But when I index and search the ev...

by New Member in

Checkpoint LEA App working issue: all logs entries are downloaded at each script execution

Hello, We are a consulting firm and I am assessing the Splunk solution for one of my customer. The LEA applic...

by Engager in

stop splunk from splitting a file.

I'm trying to read some config files into splunk, ala change management. I'm not using fschange, I'm using a tcp moni...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is it possible to preserve original order of events?

Forwarding using a UDP port

separating many similar files into different indexes

Running a script in another user context

Can the UI display the time stamp of my events in another format than MM/DD/YYYY?

Compressed data from forwarder to indexer

/var/tmp files seem to be created by Splunk. Why?

Sudden spike in indexed data. How to narrow down

Indexing a file

How to undelete a input source

Why is my sourcetype labeled with a "-1" or "-2" at the end of the name?

How do I setup Splunk to index log4j with org.apache.log4j.RollingFileAppender

Expanding Splunk installation from a single indexer to a multi-indexer + dedicated search head environment..

UDP syslog not showing up on windows splunk server

Import Checkpoint Archive Logs

Splunk on windows getting syslog from ESXi

duplicate index entries

How can I collect eventlogs into my Splunk?

Checkpoint LEA App working issue: all logs entries are downloaded at each script execution

stop splunk from splitting a file.

Splunk Observability Cloud | Customer Survey!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Starting With Observability: OpenTelemetry Best Practices

Bypass response format check in PersistentServerCo...

SmartStore Retention not deleting data

Control Tower AWS - Log Archive account access

HTTP Event Collector Connection Actively Refused a...

Behaviour of app.conf with deployment server