Getting Data In

Discussions

Thread Info

Adding additional sources, but hitting license capacity

We are in the process of combining two Splunk instances. We have data we want to start transitioning from one Splunk ...

by New Member in

How to parses received multi type syslog logs on indexeurs

Hello I have a problem for which I have not found a solution despite several hours of research. I have an index...

by New Member in

Change Timezone - Splunk free license

I use Splunk Free License. For Free License, we cannot change the user settings. I mean, I can't change the timezo...

by Explorer in

Linux Universal Forwarder - Security Recommendations

Hello Splunk-Community, for month we are discussing with our Linux admins, if it is ok to install Splunk Universal...

by Communicator in

Help extracting user logins from IIS logs to one report

Hello, I'm trying to extract two types of data from IIS logs to sum up the login counts for a list of specific users....

by Engager in

Filtering data block in Heavy Forwarder

Hello, I have a problem that I don't know how to solve. We are receiving logs in xml via universal forwarders. The lo...

by Communicator in

Run the equivalent of an `extract` command on a structured JSON event's subfield

We're ingesting structured JSON logs from a source and would like to run the equivalent of the extract command on one...

by New Member in

Polling not working, the rest addon is just showing the only the initial few.

Polling not working, the rest addon is just showing the only the initial few. The only data that i see is from the...

by New Member in

Monitor alerts (alarm if alerts do not work)

Hello together, i want to monitor existing alerts in splunk. For the case that an alarm doesn't work proper and do...

by Explorer in

SNMP Modular Input Custom MIB

Hello. After installing snmp modular input have a problem with MIB. Logs are not human readable format. Example...

by Loves-to-Learn in

Multi line event not breaking

Hello Splunk community! I have a monitored input file. A process writes a header to a continuous log file and about a...

by New Member in

Is there any current documentation on how to add network nodes to Splunk to gather data?

I recently started a new job and used Splunk at my old one. I know the power of Splunk and know it will be useful for...

by New Member in

How do you prevent Splunk from indexing duplicated events?

How do you prevent Splunk from indexing duplicate events forwarded from different forwarders? The monitored log files...

by New Member in

Why are all services still being indexed, even with my WinHostMon whitelist configuration specifying certain services?

Hi, I want to index only the services "AppHostSvc", "Iisadmin" & "AppHostSvc", but even with the below input.conf ...

by Communicator in

scripted input not following the cron schedule

I have a scripted input that runs on the schedule 0 9 * * * (once a day at 9 am). This is a powershell scripted input...

by New Member in

What is procedure to upgrade universal and heavy forwarders?

Hello , We have around 13 heavy forwarders.How does the upgrade thing work , should we log into each instance and ...

by Builder in

Create a multiple value Time Zone Clock as a table

My Server is in GMT (Zulu Time) which is accurate for the log collection, but I'd like to have a table that shows mul...

by New Member in

How to route the alert notification to a specific manager based on the user that triggered the alert?

How can I route the alert notification to a specific manager based on the user that triggered the alert? The user is ...

by New Member in

Nested Loop or a Sub-search

Hi guys, I know there has to be a straightforward way to do this in SPL just can't figure out which to use. I h...

by New Member in

RHEL 7.1 systemd[1]: Failed to start SYSV: Splunk indexer service.

My Splunk indexer is not starting as a service on RHEL 7.1 on a fresh install. It's starting ok as splunk user though...

by Explorer in

Getting Data In

Discussions

Adding additional sources, but hitting license capacity

How to parses received multi type syslog logs on indexeurs

Change Timezone - Splunk free license

Linux Universal Forwarder - Security Recommendations

Help extracting user logins from IIS logs to one report

Filtering data block in Heavy Forwarder

Run the equivalent of an `extract` command on a structured JSON event's subfield

Polling not working, the rest addon is just showing the only the initial few.

Monitor alerts (alarm if alerts do not work)

SNMP Modular Input Custom MIB

Multi line event not breaking

Is there any current documentation on how to add network nodes to Splunk to gather data?

How do you prevent Splunk from indexing duplicated events?

Why are all services still being indexed, even with my WinHostMon whitelist configuration specifying certain services?

scripted input not following the cron schedule

What is procedure to upgrade universal and heavy forwarders?

Create a multiple value Time Zone Clock as a table

How to route the alert notification to a specific manager based on the user that triggered the alert?

Nested Loop or a Sub-search

RHEL 7.1 systemd[1]: Failed to start SYSV: Splunk indexer service.

Get count of top level keys from JSON?

Failed to reap viewstate

Extract-Display the Details Tab from windows event...

crushed logs master

Has anyone had props.conf and transforms.conf to w...