Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to index .EVTX file stored in a different location on a universal forwarder?

HI All, I would like to index .evtx file stored in a different location in my universal forwarder. E:\Logs\Even...

by Communicator in

Is it possible to create a deployment package of universal forwarder with complete configuration?

Hello, Is it possible to create a package of Splunk universal forwarder with the complete configuration so that I ...

by Engager in

What is the most efficient way to sends a large number of raw csv files to splunk?

I have a network share folder with a huge number of directories and files (.csv). Files are constantly being added an...

by New Member in

Trouble with Host Extraction at Index Time

To me this should be simple, but I can't get it. When entering host info while adding data I select "regex on path" a...

by New Member in

How to install a second Heavy Forwarder?

Need to install a second heavy forwarder and doing so seems to be more difficult than it should be. Is there...

by New Member in

Why am I unable to initialize modular input "TA-Akamai_SIEM" defined inside the app "Splunk_TA_siem_connector"?

Unable to initialize modular input "TA-AkamaiSIEM" defined inside the app "SplunkTAsiemconnector": Introspecting sche...

by New Member in

dynamicly assigning index based on eventsize

Hi everyone, I would like to send events based on their size in different indexes. I'm currently using the props.c...

by Path Finder in

Splunk Log Monitoring

Hi All, My company have decided now to monitor logs via SIEM tool Splunk. Actually the logs what we are capturing ...

by Explorer in

Forwarder Configuration - Cloud Setup

Hi, Have installed universal forwardesr in my linux machines & configured as below : Step 1: ./splunk add forw...

by Explorer in

Why is the indexer discovery clear text password not being encrypted?

I've enabled indexer discovery on my 6.3.1 linux universal forwarders. http://docs.splunk.com/Documentation/Splunk...

by Motivator in

REST API Install local App

Hello, I would like to install an app on my local computer to a remote Splunk instance using rest api. I get the f...

by Engager in

Why are the Universal Forwarders CPU spiking every hour?

Hi, I have over 150+ UF and they all behave the same. splunkd CPU usage is about 5% but every hour it spikes, up t...

by Path Finder in

Best way to implement an external script

We're using Splunk to index events from Bit9 and interact with its API to ban/approve files. We've written a python s...

by Builder in

SOAP API data input - Maintaining Auth

I have a user who has a SOAP API they would like to collect data from and Index. I can authenticate to the SOAP API u...

by Explorer in

What is the forwarder to indexer compatibility matrix?

I have a mixed environment of forwarders and indexers (3.4, 4.0, and 4.1) and I would like to know which versions are...

by Splunk Employee in

How to Configure host = $decideOnStartup correctly?

I have application with inputs.conf as [monitor:xxxxx] sourcetype=xxxx index=xxxx host = $decideOnStartup In serve...

by Explorer in

How to extract JSON at index time?

I am trying to extract some json data at index time. I have found the article about using regular expressions to crea...

by Explorer in

Why am I getting this error on the Universal Forwarder "Parameters must be in the form '-parameter value'"?

Getting the above error when running the following command splunk install app C:\Program Files\SplunkUniversalForw...

by Engager in

spkunk forwarder runit configuration

in Our organisation we are using runit as the service manager. What is the config for the run.sh in runit so that ...

by New Member in

Unable to install splunk forwarder on SOLARIS SPARC

hi, I am trying to install splunk forwarder solaris package but getting checksum error and not able to untar it. P...

by Engager in

Getting Data In

Discussions

How to index .EVTX file stored in a different location on a universal forwarder?

Is it possible to create a deployment package of universal forwarder with complete configuration?

What is the most efficient way to sends a large number of raw csv files to splunk?

Trouble with Host Extraction at Index Time

How to install a second Heavy Forwarder?

Why am I unable to initialize modular input "TA-Akamai_SIEM" defined inside the app "Splunk_TA_siem_connector"?

dynamicly assigning index based on eventsize

Splunk Log Monitoring

Forwarder Configuration - Cloud Setup

Why is the indexer discovery clear text password not being encrypted?

REST API Install local App

Why are the Universal Forwarders CPU spiking every hour?

Best way to implement an external script

SOAP API data input - Maintaining Auth

What is the forwarder to indexer compatibility matrix?

How to Configure host = $decideOnStartup correctly?

How to extract JSON at index time?

Why am I getting this error on the Universal Forwarder "Parameters must be in the form '-parameter value'"?

spkunk forwarder runit configuration

Unable to install splunk forwarder on SOLARIS SPARC

DBConnect scripted SQL retrieval

Get count of top level keys from JSON?

Failed to reap viewstate

Extract-Display the Details Tab from windows event...

crushed logs master