Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Any way to monitor excessive write activity to a server?

Greetings, Is there any way to query Splunk to see if host disk drives have excessive write activity vs. read a...

by Path Finder in

Splunk forwarder behind a one way data diode. UDP help

Hello, So as a high level overview, I have a raspberry pi 4 that i will use to configure a forwarder to purel...

by Path Finder in

Placing props.conf in monitoring app

Hi, We always place props.conf in parsing app. Today I saw a config where - props.conf is placed inside monitorin...

by Builder in

Is there a way to increase the maxQueueSize for Syslog output?

Hello Splunkers, I would like to know if there is any way to increase the queue of my syslog group. I mean, curren...

by Path Finder in

How to write regex to event break a multi line file into single event?

I have multi line file (_json), which I am trying to create a individual events, the multi line file contains array o...

by Motivator in

Monitor csv files directory Tail Reader Problem

I am monitoring a directory with 101 csv file with the same format but I am having only 49 of them indexed. When I s...

by Explorer in

How to migrate warm and thawed data from non-clustered indexers to a s2 index cluster?

HI, I am cutting over non-clustered indexers (v7.3.3) to a new smart store (s2) index cluster (v8.0.6). Currently...

by Builder in

ta_ms_aad_azure_event_hub events are not pulled from Azure Event Hub

I have defined eventhub_splunk_dev01event hub on HF , no events are pulled please assist [azure_event_hub:...

by Contributor in

Why my stats command return wrong values ?

Hi, I have a search very simple but it returns wrong results : The problem is the result is incoherent be...

by Builder in

why my eval strptime(substr()) field is not created ?

Hi, I have a search like this : index="test" sourcetype="B"| dedup Id| eval horodate=strptime(substr(Horodate,1,1...

by Builder in

Load balanced URL/VIP for indexers

I have seen some information about load balancing within the outputs.conf file. And some regarding LB-side configurat...

by Path Finder in

GoAnywhere App log suggestions, ideas

Hi All, So, there are no apps on splunkbase for "Goanywhere App", which is a "File Transfer Mobile App" from their ...

by Super Champion in

Can Kafka Connect consume data from a separate kerberized kafka and route to Splunk?

My pipeline is: Kerberized Kafka --> Logstash (hosted on a different server) --> Splunk. Can I replace the Logstash...

by Explorer in

Trade offs in using stdout vs. '/services/receivers/simple?' REST API input

Hi, I'm looking for some insight into the trade offs (if any) in using stdout vs. the '/services/receivers/simple?...

by Engager in

Splunk errors generated alongside successful data import with input script

Hi, I'm getting the following error message from the splunk python code in admin.py (the trace is below in bold) ev...

by Engager in

My machine log does not showing in Splunk Enterprise

Hi, For testing purpose. I am install Splunk Enterprise and also install Splunk Universal forwarder in same machine...

by Explorer in

Multiple delineation and writing a props

I have a .log file that looks similar to the following below and I've tried doing multiple props.conf configurations ...

by New Member in

Splunk Configuration for Search Head, Indexer and Fowarder

I have 3 systems, I want one system to work as Forwarder, one as Indexer and one as Search Head. Setting up forwarder...

by Builder in

How do I get RobotFramework tags into Splunk via Jenkins plugin?

I have the Splunk Jenkins plugin in use, but I cannot find the RobotFramework test tags from the raw data. Should I...

by Path Finder in

Unable to remotely restart universal forwarder

I am attempting to restart a universal forwarder which is running on a Windows server. I enter the following: hxxps:/...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Any way to monitor excessive write activity to a server?

Splunk forwarder behind a one way data diode. UDP help

Placing props.conf in monitoring app

Is there a way to increase the maxQueueSize for Syslog output?

How to write regex to event break a multi line file into single event?

Monitor csv files directory Tail Reader Problem

How to migrate warm and thawed data from non-clustered indexers to a s2 index cluster?

ta_ms_aad_azure_event_hub events are not pulled from Azure Event Hub

Why my stats command return wrong values ?

why my eval strptime(substr()) field is not created ?

Load balanced URL/VIP for indexers

GoAnywhere App log suggestions, ideas

Can Kafka Connect consume data from a separate kerberized kafka and route to Splunk?

Trade offs in using stdout vs. '/services/receivers/simple?' REST API input

Splunk errors generated alongside successful data import with input script

My machine log does not showing in Splunk Enterprise

Multiple delineation and writing a props

Splunk Configuration for Search Head, Indexer and Fowarder

How do I get RobotFramework tags into Splunk via Jenkins plugin?

Unable to remotely restart universal forwarder

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Need help with AD

Issue filtering events with regex and props.conf

Looking for alternatives to outputcsv in a Cloud d...

Why am I receiving warning in Splunk log for timed...

Why are AWX and HEC not working?