Getting Data In

Discussions

Thread Info

Changing sourcetype of incoming TCP syslogs

Hi everyone. Quite new to the product, I am struggling a bit. All my logs are coming through syslog on TCP 514 and...

by Explorer in

WinEvent Filtering on Heavy Forwarder

Hi, Trying to send all eventIDs from WinEventLog:Security to NullQueue with the exception of 592 and 593. Still getti...

by Engager in

HOWTO: throw away portions of an event

I have a very talkative data source that I only want a few fields - not entire events - from. How do I keep the parts...

by Motivator in

Can I route based on wildcard source

Can I say this? [source::/usr/local/blackboard/*] TRANSFORMS-routing=otherRouting In my inputs, I have pretty ...

by Path Finder in

How to get rid of a sourcetype?

Somehow I've managed to get three different sourcetypes for syslog appearing in my search results: "syslog" 2,049,...

by Explorer in

Actions Menu Export Results TitleBar module

Hey, I have a Titlebar module in my form with the following code: <module name="TitleBar" layoutPanel="vie...

by Motivator in

Checking machines' status from outside a firewall

I have a Win7 PC on which I would like to run splunk, but the majority of machines (mostly UNIX) I would like to moni...

by New Member in

Attempting to index a apache logs directory

I am attempting to index a apache logs directory. We use cronolog to split our apache log files We have a sub dir...

by New Member in

How to configure Splunk to collect windows system & security logs via WMI

I'm trying to configure splunk to collect system and security logs via WMI from workstations. I don't know who is at ...

by Explorer in

Help to create a new data input via REST API, plz

I'm trying to configure splunk via REST API. Can anybody show working POST-request to create new data input? Just 1 c...

by New Member in

Scripted VB Input with Linux Indexers

Hello We run a Splunk system where our Indexers are all on Linux and our forwarders are light forwarders across Wi...

by Communicator in

How can I manually move buckets from WARM to COLD

We recently made several indexes.conf file changes, notably changing our bucket size from 5GB to 1GB. Along with this...

by Path Finder in

ERROR BucketMover - coldToFrozenScript exited with non-zero status: exited with code 1

I checked splunkd.log today and all i see is this: 06-02-2010 14:04:00.013 INFO BucketMover - will attempt to freeze:...

by Splunk Employee in

Change hostname for syslog sourcetype ?

Hi, I am trying to override the default hostname that is being set for the syslog entries on /var/log/messages. Th...

by Explorer in

Splunk, VMWare, Syslog and non-default port

We're trying to setup some test monitoring of a VMWare ESX host (not ESXi). Because our Splunk instance does not run ...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Changing sourcetype of incoming TCP syslogs

WinEvent Filtering on Heavy Forwarder

HOWTO: throw away portions of an event

Can I route based on wildcard source

How to get rid of a sourcetype?

Actions Menu Export Results TitleBar module

Checking machines' status from outside a firewall

Attempting to index a apache logs directory

How to configure Splunk to collect windows system & security logs via WMI

Help to create a new data input via REST API, plz

Scripted VB Input with Linux Indexers

How can I manually move buckets from WARM to COLD

ERROR BucketMover - coldToFrozenScript exited with non-zero status: exited with code 1

Change hostname for syslog sourcetype ?

Splunk, VMWare, Syslog and non-default port

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

Lopping Off Dot Notation Field Names

Splunk on GCP: what's the benefit of running dataf...

scheduler.log broken korean

Suggestions Please: REST Api, csv,html

Can you use ingest actions against _raw?