Getting Data In

Community Activity

How do I force a universal forwarder to reindex all its inputs? All, Is there a way to make a Universal Forwarder reindex all its inputs? thanks -Daniel by daniel333 Builder in Getting Data In 02-24-2022 0 5	0	5
How to make Syslog-ng Server HA with load balancing? Hi all, We'd like to make our syslog-ng server HA. Which is a heavy forwarder instance. The plan is to clone our sysl... by clozach Path Finder in Getting Data In 02-24-2022 0 13	0	13
How do we know whether typing queues are blocked or not? Hi All, How do we know whether typing queues are blocked or not? Is it from Internal logs? From the backend of the se... by VijaySrrie Builder in Getting Data In 02-23-2022 0 2	0	2
How to identify /var/log/secure from the syslog feed using REX? We are getting /var/log files monitored from the endpoints and sent to Splunk using syslog-ng on a single TCP port. N... by arangineni Explorer in Getting Data In 02-23-2022 0 8	0	8
How to ingest the status of those 3 services to Splunk to showcase/display the availability of the application? Hi Experts, I have installed an application in windows server which uses 3 services(like AAA, BBB, CCC) to measure th... by Karthikeyan Engager in Getting Data In 02-23-2022 0 0	0	0
Splunk Connect for Kubernetes - what are the fluentd:monitor-agent logs? Hey everyone! I've successfully set up a link from Splunk Connect for Kubernetes on our OpenShift environment. It out... by AHBrook Path Finder in Getting Data In 02-23-2022 1 3	1	3
Why are sc4s logs missing? Hi All, Our client as sent the syslog data using SC4S to our dev endpoints but we are unable to see the logs in our e... by blbr123 Path Finder in Getting Data In 02-23-2022 0 1	0	1
How to get multiline key value pairs result? hi, I have a event ----------------------- DISK INFORMATION ---------------------------- DISK="/dev/sda" NAME="sda" H... by priya1926 Path Finder in Getting Data In 02-23-2022 0 2	0	2
How to Re-index from CSV sourcetype Hi all, I am facing strange behavior, for which I can't find anything in the docs. I have a source that generates C... by boromir Path Finder in Getting Data In 02-21-2022 0 1	0	1
How to forward logs via rsyslogd? Hi, We are facing issue that we are unable to forward logs into Splunk via rsyslogd. They are forwarding as shown bel... by rahul2gupta Path Finder in Getting Data In 02-21-2022 0 0	0	0
RSS feeds ingest problems Hello wonder if anyone got this app working for rss feeds?. https://splunkbase.splunk.com/app/2646/#/detailsBroad fee... by stanwindiasjlp Observer in Getting Data In 02-20-2022 0 1	0	1
Why after enabling Move policy, data is still there? Even after enabling move_policy=sinkhole, why is data still in there, verified that the path included in the monitor ... by Vivek_1404 Engager in Getting Data In 02-19-2022 0 1	0	1
How can I add new text file everyday? Hello splunkies!I'm trying to be and admin and I'm doing an exercise but I cannot find the way to configure my inputs... by maha110192 Explorer in Getting Data In 02-18-2022 0 2	0	2
Experiencing duplicate indexing- How do I solve this problem? I have a directory that is being monitored on a splunk heavy forwarder./app_monitoring The above directory will ... by lostcauz3 Path Finder in Getting Data In 02-18-2022 0 4	0	4
How to determine ingestion sizing with a single instance deployment Hello, I'm currently undergoing a sizing exercise to determine how large of a Splunk license I need, and was wonderin... by JMondares Explorer in Getting Data In 02-18-2022 0 4	0	4
Does Splunk have a precedence for what logs to forwarder first? If I had logs for the `_internal` index and logs for a `linux_os` index on a Heavy Forwarder, does the HF prioritize ... by EatMoreChicken Explorer in Getting Data In 02-18-2022 0 5	0	5
Why does the heavy forwarder forwarding to external syslog stops working after a few minutes? Using HF to forward all events to Indexer and external syslog. When using syslog with tcp all processing basically st... by ChrisW-TX Loves-to-Learn Lots in Getting Data In 02-18-2022 0 3	0	3
Is there a way to set all fields using eval in Props.conf Props.conf [mysourcetype] EVAL-field1=trim(field1) Field1 must contain all fields for that source type. Is there a wa... by noott211 Path Finder in Getting Data In 02-18-2022 0 1	0	1
Is it possible to manually roll specific buckets to frozen? Hi, is it possible to roll specific buckets to frozen? I have some buckets which the customer wants to be deleted (do... by tomrit Explorer in Getting Data In 02-17-2022 0 2	0	2
Unable to add splunk universal forwarder as a sidecar to a container in EKS ERROR OBSERVEDTASK [splunk_universal_forwarder : Setup global HEC] *************************** task path: /opt/ansibl... by tkorrapati Engager in Getting Data In 02-17-2022 1 1	1	1
How to optimize view of a line chart in Splunk? Hi Everyone, I'm working on a Splunk dashboard visualisation using a line chart, and I span the data for every 1week.... by kranthimutyala Path Finder in Getting Data In 02-17-2022 0 2	0	2
Why does universal forwarder stop sending data? Hello!I have an environment with about 200 machines, all Windows Servers. All servers are sending TCP information thr... by JuanAntunes Explorer in Getting Data In 02-17-2022 0 4	0	4
How to ingest MongoDB logs from new servers into splunk? Hi All, We have a python code to ingest MongoDB logs into splunk and we are successfully ingesting logs from old serv... by VijaySrrie Builder in Getting Data In 02-17-2022 0 0	0	0
Is it possible to ingest ZAP(Zero-hour auto purge) logs into Splunk? Hi All,We want to ingest ZAP(Zero-hour auto purge) logs into Splunk. We are using Splunk Add-on for Microsoft Office ... by Koustav2020 New Member in Getting Data In 02-17-2022 0 0	0	0
How to calculate total_OPS? Query: index=xxx source=Perfmon:LogicalDisk host=$h$ ( counter="Disk Reads/sec" OR counter="Disk Writes/sec" ) \| eval... by malo1230 New Member in Getting Data In 02-16-2022 0 1	0	1