Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

s3 add-on adding data

Splunk is installed s3 add-on is installed. I have gone to data inputs and added the amazon s3 bucket we wanted. H...

by Engager in

Split json into multiple events and sourcetype

Lets say I have the following json data onboarded. { "slaves": [{ "id": "1234", ...

by Path Finder in

Can you explain Indexer functionality with inputs.conf configured for /var/log/?

I have Indexers in a cluster running Splunk_TA_nix. I'm monitoring /var/log in inputs.conf. I can see the log events ...

by Path Finder in

Can you help me figure out how to use UDP to transmit data from one heavy forwarder to another heavy forwarder?

I'm trying to set up a test environment to be used in production. Will be taking data from another Splunk heavy forwa...

by New Member in

initcrc error

hi, I have a lot of error when splunk try to decrompess .gz files my inputs.conf : [monitor://D:\xxxxxx\] s...

by New Member in

How to parse JSON within Docker JSON?

Hello, I've been trying to parse logs from Docker and used this Splunk answer (https://answers.splunk.com/answers/...

by Engager in

Sending data from one UF to other UF

Can we send cooked data from one universal forwarder to other Universal Forwarder by enable [splunktcp] on receiving ...

by Contributor in

What are the sequence of execution transforms across different stanza and locations?

Hi, We want to change sourcetype and then send data to two different Splunk Indexers. What is happening is the ...

by Explorer in

How do you show all source types even if no data is available?

Hi, I'm trying to show all the source types within the last 24 hours (I set that by using presets), and if those ...

by New Member in

Can you answer some questions about maxKBps involving replacing a heavy forwarder with a universal forwarder?

I replaced a very old heavy forwarder today with a universal forwarder that some of our network gear was pointing sys...

by Communicator in

How do you extract information from an array of key values in a column with multiple keys?

So I've got an event that has an array of key values like so in a column called associated : associates: [ ...

by Engager in

Data Not Showing Up In Distributed Search Environment

Environment has one search head and one search peer. Data is sent to a directory [item (1)] configured to be monitore...

by New Member in

How come Splunk only can read 10000 lines from my csv? I need 9000000!

Hi team! I have a problem. I want to match two fields. The first one is an src_ip from an indexer(traffic event...

by Path Finder in

What are the capabilities of the Splunk Forwarder license?

We are running heavy forwarders to accept events from a number of universal forwarders, do some transforms and filter...

by Contributor in

Parse some text from log

Hi everyone, i've got some log like this: [2019-02-01 14:51:43][P][APPLICATION/controllers/access_controller.php:1...

by New Member in

Is it possible to have a script run on a Heavy Forwarder to process and convert logs to CSV and forward results to the indexer?

Looking to set up a Heavy Forwarder as a data processing server. We get data logs in a specific format dropped on our...

by Engager in

Getting Data In

Discussions

s3 add-on adding data

Split json into multiple events and sourcetype

Can you explain Indexer functionality with inputs.conf configured for /var/log/?

Can you help me figure out how to use UDP to transmit data from one heavy forwarder to another heavy forwarder?

initcrc error

How to parse JSON within Docker JSON?

Sending data from one UF to other UF

What are the sequence of execution transforms across different stanza and locations?

How do you show all source types even if no data is available?

Can you answer some questions about maxKBps involving replacing a heavy forwarder with a universal forwarder?

How do you extract information from an array of key values in a column with multiple keys?

Data Not Showing Up In Distributed Search Environment

How come Splunk only can read 10000 lines from my csv? I need 9000000!

What are the capabilities of the Splunk Forwarder license?

Parse some text from log

Is it possible to have a script run on a Heavy Forwarder to process and convert logs to CSV and forward results to the indexer?

How does a Universal Forwarder send raw and cooked data to an indexer?

java.service.wrapper sourcetype

How do I forward logs from a network/shared location on a Windows machine to Splunk?

How do I go about strptime parsing this log?

Invalid key in stanza - kv_mode (value: xml)

TCP/SSL destination: Forwarder to third party app...

How to get the unicode/chinese character into kvst...

Update sysmon config

Data flow/input question - see data being received...