Getting Data In

Community Activity

Why does indexer not index file coming from a Windows based UF correctly? Hello,I don't understand why a file coming from a windows based UF does not get indexed properly. By this I mean tha... by andrewtrobec Motivator in Getting Data In 02-25-2022 0 4	0	4
SC4S on Centos8 VM in Google Cloud - Couldn\'t connect to server error I've followed this guide to install SC4S and connect with Splunk:https://splunk.github.io/splunk-connect-for-syslog/m... by user1717 New Member in Getting Data In 02-25-2022 0 1	0	1
How to pick up files in a whitelist that have a different extension I want to pick up logs from the same directory that have .out and .log in them, is there a way to create one monito... by nls7010 Path Finder in Getting Data In 02-25-2022 0 1	0	1
How to run Powershell Script with specified User? Hi Guys I followed the Instructions Here: https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWindowsdataw... by tgeilinger Engager in Getting Data In 02-25-2022 1 1	1	1
How to automatically call REST API on specific event field? I have an external API subscription that I want to call when a specific field in my Splunk event is present (e.g. Cit... by Autom8teMe Observer in Getting Data In 02-25-2022 0 0	0	0
How to extract time field that goes from 24:59:59 to 01:00:00? Have a log that is confusing me on how to extract the time. From hour 01:00:00 to 23:59:59, it's fine, but the vendor... by roscolaw New Member in Getting Data In 02-24-2022 0 0	0	0
Why does my Splunk instances go down and I am getting below error? Hello Splunkers!! One a everyday basis one of my Splunk instances goes down and i am getting below error. Please sugg... by uagraw01 Motivator in Getting Data In 02-24-2022 0 7	0	7
How do I force a universal forwarder to reindex all its inputs? All, Is there a way to make a Universal Forwarder reindex all its inputs? thanks -Daniel by daniel333 Builder in Getting Data In 02-24-2022 0 5	0	5
How to make Syslog-ng Server HA with load balancing? Hi all, We'd like to make our syslog-ng server HA. Which is a heavy forwarder instance. The plan is to clone our sysl... by clozach Path Finder in Getting Data In 02-24-2022 0 13	0	13
How do we know whether typing queues are blocked or not? Hi All, How do we know whether typing queues are blocked or not? Is it from Internal logs? From the backend of the se... by VijaySrrie Builder in Getting Data In 02-23-2022 0 2	0	2
How to identify /var/log/secure from the syslog feed using REX? We are getting /var/log files monitored from the endpoints and sent to Splunk using syslog-ng on a single TCP port. N... by arangineni Explorer in Getting Data In 02-23-2022 0 8	0	8
How to ingest the status of those 3 services to Splunk to showcase/display the availability of the application? Hi Experts, I have installed an application in windows server which uses 3 services(like AAA, BBB, CCC) to measure th... by Karthikeyan Engager in Getting Data In 02-23-2022 0 0	0	0
Splunk Connect for Kubernetes - what are the fluentd:monitor-agent logs? Hey everyone! I've successfully set up a link from Splunk Connect for Kubernetes on our OpenShift environment. It out... by AHBrook Path Finder in Getting Data In 02-23-2022 1 3	1	3
Why are sc4s logs missing? Hi All, Our client as sent the syslog data using SC4S to our dev endpoints but we are unable to see the logs in our e... by blbr123 Path Finder in Getting Data In 02-23-2022 0 1	0	1
How to get multiline key value pairs result? hi, I have a event ----------------------- DISK INFORMATION ---------------------------- DISK="/dev/sda" NAME="sda" H... by priya1926 Path Finder in Getting Data In 02-23-2022 0 2	0	2
How to Re-index from CSV sourcetype Hi all, I am facing strange behavior, for which I can't find anything in the docs. I have a source that generates C... by boromir Path Finder in Getting Data In 02-21-2022 0 1	0	1
How to forward logs via rsyslogd? Hi, We are facing issue that we are unable to forward logs into Splunk via rsyslogd. They are forwarding as shown bel... by rahul2gupta Path Finder in Getting Data In 02-21-2022 0 0	0	0
RSS feeds ingest problems Hello wonder if anyone got this app working for rss feeds?. https://splunkbase.splunk.com/app/2646/#/detailsBroad fee... by stanwindiasjlp Observer in Getting Data In 02-20-2022 0 1	0	1
Why after enabling Move policy, data is still there? Even after enabling move_policy=sinkhole, why is data still in there, verified that the path included in the monitor ... by Vivek_1404 Engager in Getting Data In 02-19-2022 0 1	0	1
How can I add new text file everyday? Hello splunkies!I'm trying to be and admin and I'm doing an exercise but I cannot find the way to configure my inputs... by maha110192 Explorer in Getting Data In 02-18-2022 0 2	0	2
Experiencing duplicate indexing- How do I solve this problem? I have a directory that is being monitored on a splunk heavy forwarder./app_monitoring The above directory will ... by lostcauz3 Path Finder in Getting Data In 02-18-2022 0 4	0	4
How to determine ingestion sizing with a single instance deployment Hello, I'm currently undergoing a sizing exercise to determine how large of a Splunk license I need, and was wonderin... by JMondares Explorer in Getting Data In 02-18-2022 0 4	0	4
Does Splunk have a precedence for what logs to forwarder first? If I had logs for the `_internal` index and logs for a `linux_os` index on a Heavy Forwarder, does the HF prioritize ... by EatMoreChicken Explorer in Getting Data In 02-18-2022 0 5	0	5
Why does the heavy forwarder forwarding to external syslog stops working after a few minutes? Using HF to forward all events to Indexer and external syslog. When using syslog with tcp all processing basically st... by ChrisW-TX Loves-to-Learn Lots in Getting Data In 02-18-2022 0 3	0	3
Is there a way to set all fields using eval in Props.conf Props.conf [mysourcetype] EVAL-field1=trim(field1) Field1 must contain all fields for that source type. Is there a wa... by noott211 Path Finder in Getting Data In 02-18-2022 0 1	0	1