Getting Data In

Discussions

Thread Info

How can I make the Powershell add-on script's run on a schedule?

I have an add-on that I'm deploying on Windows systems. inputs.conf looks like this: [powershell://Processes-EX1] scr...

by Explorer in

How can I change the password without knowing the default or entered password for the forwarder?

/opt/splunkforwarder/bin/splunk edit user admin -password $NEWPASSWORD This doesn't work - how can I change the p...

by New Member in

Why is WebLogic server.out parsing not working?

Hi all, I have a Splunk installation here with lot's or Oracle WebLogic logging. Everything except the *server.out...

by Path Finder in

How to get the standard deviation of the interval between the occurrence of events?

I have a server log in splunk and whenever a user login it will store a record with the username and timestamp. N...

by Engager in

Does a Heavy Forwarder fit my needs?

I have read in various places about "cooking" logs before sending them to a Splunk Enterprise instance. I'm curious t...

by Communicator in

Can you override sourcetype at inputs.conf without touching other config files ?

Hi all, Seems we have to override the sourcetype to sourcetype other than 'recognized' ones (e.g. syslog) in order...

by Communicator in

Applying different extractions to the same source from different hosts

I have two groups of servers that are both running haproxy, and the logs are in the same location (e.g. /var/log/hapr...

by Path Finder in

Alert when Splunk Universal Forwarder stops working/if uninstalled

Hello, How can I get alerts when Splunk UF is uninstalled on a Windows Machine? Or even if the SplunkForwarder Ser...

by Engager in

Time Log always add 7 hours

hello, i"m a newbie in splunk. i try to display my log file on splunk, but i had a issue here. this in example for...

by New Member in

How to use REST API over port 8089 with the Splunk Web SSL certificate instead of the self-signed certificate?

Let me point out I've checked all the 8089 certificate questions on >answers, but have a slightly different question....

by Communicator in

Does anyone have an updated Dockerfile for 7.1.0?

The docker file for 7.1.0 referenced in Docker hub here: https://hub.docker.com/r/splunk/splunk/ And more specific...

by New Member in

Connection closes with INFO TcpOutputProc - Detected connection to 10.x.x.x:9997 closed.

TCP connection closes after few hours and will not re-establish even after splunk restart. Connection gets re-establ...

by Engager in

universal forwarder is taking about 30GB of Memory - Is this normal?

Hi My universal forwarder is taking about 30GB and my IT guys are asking is this normal. I have just restarted it ...

by Motivator in

Is it possible to list out empty index

Hi, I am working on index="retail_ca", The problem with this index is some days the data is not ingesting in this...

by Path Finder in

Additional search in REST API results enpoint

I'm using curl and the REST API to submit a job and fetch the results by search id. What I'd like to do is, rather th...

by New Member in

Splunk is not starting due to presence of PID file. Why?

When splunk does not shut down gracefully (through system crash, application crash, etc), a PID file is left behind. ...

by Builder in

Is it possible to create a command that launches a powershell script?

We currently have a PowerShell script that queries one of our EDR solutions and returns all data for the specified ho...

by Path Finder in

Forward data from logstash-forwarder to Splunk Indexer

Hi all, we have an ELK-cluster in our company and now we want to have the data, we have in ELK, as well in Splunk....

by Path Finder in

How to split multiple lines of data into a single individual line in splunk?

Hi All, We are monitoring the wtmpx data from the Unix machines via splunk using the Splunk add-on for Unix, based on...

by Motivator in

Why am I unable to boot-start splunk universal forwarder as non-root user on MacOS High Sierra?

Hi there, I'm new to Splunk and am testing out installing splunk forwarder on some Mac clients running High Sierra...

by Engager in

Getting Data In

Discussions

How can I make the Powershell add-on script's run on a schedule?

How can I change the password without knowing the default or entered password for the forwarder?

Why is WebLogic server.out parsing not working?

How to get the standard deviation of the interval between the occurrence of events?

Does a Heavy Forwarder fit my needs?

Can you override sourcetype at inputs.conf without touching other config files ?

Applying different extractions to the same source from different hosts

Alert when Splunk Universal Forwarder stops working/if uninstalled

Time Log always add 7 hours

How to use REST API over port 8089 with the Splunk Web SSL certificate instead of the self-signed certificate?

Does anyone have an updated Dockerfile for 7.1.0?

Connection closes with INFO TcpOutputProc - Detected connection to 10.x.x.x:9997 closed.

universal forwarder is taking about 30GB of Memory - Is this normal?

Is it possible to list out empty index

Additional search in REST API results enpoint

Splunk is not starting due to presence of PID file. Why?

Is it possible to create a command that launches a powershell script?

Forward data from logstash-forwarder to Splunk Indexer

How to split multiple lines of data into a single individual line in splunk?

Why am I unable to boot-start splunk universal forwarder as non-root user on MacOS High Sierra?

splunk to open a ticket in salesforce

DBConnect scripted SQL retrieval

Failed to reap viewstate

Extract-Display the Details Tab from windows event...

crushed logs master