Getting Data In

Community Activity

Universal Forwarder hardware specs We are looking to deploy an Intermediary forwarding tier consisting of 3 Universal Forwarders going to Splunk Cloud. ... by konstr Path Finder in Getting Data In 04-28-2020 0 3	0	3
How can I modify syslog to audit all files Hello everyone ! I need to audit when someone edit the "test" file in the followings paths, for example: opt/tomc... by trinidad New Member in Getting Data In 04-27-2020 0 1	0	1
Splunk Migration Hello Members, I have seen many,many posts on splunk migration. I am confused. I hope that I can get some direction ... by eholz1 Builder in Getting Data In 04-27-2020 0 1	0	1
Which is better: building a heavy forwarder in Azure or using the Azure Marketplace BYOL option? If I need to build a heavy forwarder in Azure, is it better to do it from scratch or use the Azure Marketplace BYOL o... by rbrisseyii Explorer in Getting Data In 04-27-2020 0 2	0	2
Filter Suricata alerts using a CSV file with conditions. Hi everyone, I have an issue which I can't resolve. I have Googled this a lot but can't understand how I can achiev... by kirilllka New Member in Getting Data In 04-27-2020 0 0	0	0
Configuring Splunk and Rancher Hello, I'm totally new to this and have been thrown into the fire to figure things out. I'm setting up Kubernetes w... by emcclure Explorer in Getting Data In 04-27-2020 0 9	0	9
How can I find out the max indexing delay, maybe by using the tstats command? I would like to find out the max indexing delay per index. \| tstats max(_indextime - _time) where index=* by index ... by danielbb Motivator in Getting Data In 04-27-2020 0 4	0	4
Unable to ingest the syslog-data into splunk Hi All, I am trying to ingest the syslog data into splunk for test POC. In-order to ingests the syslog data, I had f... by Hemnaath Motivator in Getting Data In 04-27-2020 0 4	0	4
Error while executing scripted input deployed from universal forwarder. I have created a scripted input and deployed it from the deployment server to the universal forwarder, but it's givin... by shashi12345678 Engager in Getting Data In 04-27-2020 0 2	0	2
Universal Forwarder Environment Variable Windows I'm trying to ingest logs from client computers that are written to localappdata of the user running the software. T... by ntripp_element Explorer in Getting Data In 04-27-2020 0 1	0	1
The $SPLUNK_HOME/var/spool/splunk/ directory is filling up with stash_new Files After upgrading to Splunk version 6.2.4, the $SPLUNK_HOME/var/spool/splunk/ directory starts filling up with files wi... by bpaul_splunk Splunk Employee in Getting Data In 04-27-2020 1 3	1	3
universal forwarder manipulate host and source via inputs.conf I have a dedicated server which is running syslog-ng and a universal forwarder. i want to set 3 things one of them d... by vessev Path Finder in Getting Data In 04-27-2020 0 4	0	4
host name from log file hi i have lot's of log file that start with this line for each log ********** LOGFILE FOR SERVER 'host22', AT THE ... by indeed_2000 Motivator in Getting Data In 04-27-2020 0 3	0	3
Failed installation of trial versions of Enterprise and Universal Forwarder on domain accounts. I am installing the trial version of Splunk Enterprise on Windows 10 pro 64bit. When I use a domain account the insta... by magicbytes New Member in Getting Data In 04-26-2020 0 3	0	3
REST API JSON output only with "result" field (without offset, etc.) Hey guys, could you please help! I use curl -k -u 'myUser:myPwd' https://localhost:8089/services/search/jobs/export ... by highsplunker Contributor in Getting Data In 04-26-2020 0 2	0	2
Do I need TIBCO or smth like that (highload to Splunk REST API queries) Hey guys, I have an online connection with another web service Serv_1: A. it sends data to MySplunk via online REST ... by highsplunker Contributor in Getting Data In 04-26-2020 1 10	1	10
How to modify syslog source type to handle rfc3339 timestamp? We pass messages with rsyslog using the rfc3339 time format. It has microseconds, and it has a timestamp. But noticed... by chutz Engager in Getting Data In 04-25-2020 1 1	1	1
Use RegEx to set sourcetype on UF where events are in a JSON format Scenario: two different source types being sent to UF (snort and firewall) from the same IP/source. format of data i... by donaldwayne1975 Path Finder in Getting Data In 04-25-2020 0 2	0	2
Process of Indexed Extraction Configuration Hi All! I'm currently running into a very weird situation with a Splunk instance I inherited. I setup the props.conf... by mrstrozy Path Finder in Getting Data In 04-24-2020 0 15	0	15
What can be the effects of rebooting a server without taking the forwarder down cleanly? Many of the forwarders here go down when the servers go for maintenance work. What can go wrong with the forwarders w... by danielbb Motivator in Getting Data In 04-24-2020 0 1	0	1
Search Head - props.conf and transforms.conf not taking into effect in apps directory I have a universal forwarder forwarding key-value-delimited log events to an indexer. I have created an app on the se... by shailesh030 Path Finder in Getting Data In 04-24-2020 0 5	0	5
Fields Extraction from JSON File Im monitoring a JSON file and forwarding the data using UF to my indexers . Im having problems to extract the JSON fi... by newsplunker1 Path Finder in Getting Data In 04-24-2020 0 1	0	1
How do I ingest logs that have two dots in their name I have a new client that has files named as follows: xxxx.xxxx.log Splunk is not ingesting them. How can I ingest ... by nls7010 Path Finder in Getting Data In 04-24-2020 0 2	0	2
Local props.conf and transforms.conf When creating the local/props.conf and local/transforms.conf, do I need to copy the entire default/props.conf and def... by balcv Contributor in Getting Data In 04-23-2020 0 3	0	3
How do I map my personally TZ-adjusted time to another TZ? Occasionally, we need to do user-TZ-setting-agnostic stuff in a search and so we need to be able to say, despite the ... by woodcock Esteemed Legend in Getting Data In 04-23-2020 1 4	1	4