Getting Data In

Discussions

Thread Info

props.conf TZ not working

I have a log that is putting the timestamp in UTC without any timezone, which appears Splunk thinks this is my time a...

by Explorer in

Batch logging

I want to know whether Batch logging helps in reducing Splunk cloud cost?

by Observer in

How to ingest files with multiple dots in them

I am trying to upload documents from a user who's log files has multiple dots in the naming convention: The logs ha...

by Path Finder in

Line-breaker not working on FortiGate logs forwarded via syslog

Hi all, I was hoping someone might be able to help me on how to set this: I'm consuming logs from Fortigate via S...

by Loves-to-Learn in

search simple json

I tried many ways to generate a properly formated json for splunk to parse it so i can put some alerts on my data but...

by Loves-to-Learn Lots in

inputs.conf - acceptFrom - Maximum number of blocked IP's?

I'm working on system whereby Vulnerability Analysis (VA) scanners are polling various LAN segments, which is resulti...

by Path Finder in

SPLUNK Universal Forwarder on Windows Server Core

I have several domain controllers, running the core version of Windows Server, reporting these errors in the splunkd ...

by Explorer in

multi-line event props.conf confusion

I'm trying to get the results of a script which outputs a largeish table into splunk, but something isn't right in th...

by Explorer in

Filter events while sending data from Heavy Forwarder to Indexer

Hi, I have an HFW and indexer in my environment. I'm looking to filter certain events from the log source in HFW ba...

by Explorer in

Cisco ASR9k model-driven telemetry

I have been looking in to using model-driven telemetry in our Cisco ASR9k's. At the moment I am looking mostly in to ...

by Engager in

DB Connect invalid character error

Receiving the following error: java.sql.SQLSyntaxErrorException: ORA-00911: invalid character However, no character...

by Loves-to-Learn Lots in

DBX Rising Column Field Reverting to previously used Field Value after one query

I'm having an issue with DBX where I'm trying to change an existing input or create a new input (I've attempted both)...

by New Member in

COnfiguration in props.conf not working

None of my configurations in props.conf is working and entire file is coming as single event HEADER_FIELD_LINE_NUMB...

by Explorer in

File/Directory Information Input not working

Hello, I have installed the File/Directory Information Input add-on to a Windows endpoint to test monitoring certai...

by Explorer in

Input multiple csv files

Hi, I am trying to load multiple csv files to my search result. I know that can be done using the append command, but...

by Explorer in

Error 303

I'm using a VM. I did install the software correctly and I had to change the default port (8000) to the port 80...

by Loves-to-Learn in

inputs.conf monitoring multiple folders

Hello there i have inputs.conf #[monitor:///opt/splunk/etc/apps/my_app/bin/out/.../*.gz]#disabled=0#index=securit...

by Explorer in

Hot Bucket Having Old Data

Hi All, Just for testing purpose I changed the _internal index storage size as 50MB to see how bucket concept works...

by Explorer in

Find a users first logon and last logoff for the day over 30 days

I am able to get the users first and last logon/logoff event for a single day but I cannot figure out how to get it t...

by New Member in

Troubleshooting queuess (parsing queue)

Hi all, I am having this issue whereby the logs are not coming in from the UF > Local HF > Regional HF > Indexer ...

by Path Finder in

Eventgen Perf Issue

Hello all, I need some help about eventgen, for TA_Windows I need to create some samples for testing. My Env is Splun...

by Loves-to-Learn Lots in

Filtration of logs during ingestion

Hi All, I want to filter out the logs during the ingesting time itself so that if the keyword "GET / - 80" is pres...

by Communicator in

Hardware requirement for heavy forwarder with DBConnect app

What is the minimum hardware requirement for installing heavy forwarder with DBconnect app which is sending data to S...

by Explorer in

Splitting of sourcetype

Hello there I am monitoring files using input.conf and define source source type there i am trying to split sourc...

by Explorer in

Which version of splunk Universal forwarder supports for AIX 5.X and AIX 6.X version OS.

Which version of spunk Universal forwarder I need to install for AIX 5.1 and AIX 6.1 version OS machines. We have Spl...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

props.conf TZ not working

Batch logging

How to ingest files with multiple dots in them

Line-breaker not working on FortiGate logs forwarded via syslog

search simple json

inputs.conf - acceptFrom - Maximum number of blocked IP's?

SPLUNK Universal Forwarder on Windows Server Core

multi-line event props.conf confusion

Filter events while sending data from Heavy Forwarder to Indexer

Cisco ASR9k model-driven telemetry

DB Connect invalid character error

DBX Rising Column Field Reverting to previously used Field Value after one query

COnfiguration in props.conf not working

File/Directory Information Input not working

Input multiple csv files

Error 303

inputs.conf monitoring multiple folders

Hot Bucket Having Old Data

Find a users first logon and last logoff for the day over 30 days

Troubleshooting queuess (parsing queue)

Eventgen Perf Issue

Filtration of logs during ingestion

Hardware requirement for heavy forwarder with DBConnect app

Splitting of sourcetype

Which version of splunk Universal forwarder supports for AIX 5.X and AIX 6.X version OS.

Splunk Classroom Chronicles: Training Tales and Testimonials

Access Tokens Page - New & Improved

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Configuring Splunk OTel Collector for Linux/Window...

Props and Transforms doubt

Upload failed with ERROR: Read Timeout

SQL audit log not working when using event_time as...

Splunk DB connect to Splunk