Getting Data In

Discussions

Thread Info

Is it possible to update the Splunk Universal Forwarder but not change anything else?

I have some old versions of Splunk lying around and want to just do an update, not change the directory being monitor...

by New Member in

Why does my Splunk forwarder transmit incomplete events for my rsyslog server?

Hi folks, I have a problem with Splunk forwarder on my centralize rsyslog server, exactly it's with the maillog ev...

by Explorer in

custom iis sourcetype - field extractions

trying to copy standard IIS field extractions to a new custom sourcetype, however these are not displaying from the i...

by Contributor in

How do I change the sourcetype after the data has been indexed?

I just installed Splunk for the first time. After some trial and error I uploaded a file but later I found that I nee...

by Splunk Employee in

Encrypt data during anonymization

Referring to instruction of anonymization in page bellow: http://docs.splunk.com/Documentation/Splunk/latest/Data/...

by Path Finder in

How to break events based on timestamp at index-time?

Hello, Having a hard time parsing a file the way I need it too. Got a file with events spilling over multiple line...

by Path Finder in

Storage experts: With 20 SSDs per indexer, what's the best RAID option?

These will be running SUSE 12. Each SSD will be 1.6TB. The systems have hardware RAID cards, but I'm tempted to go wi...

by Influencer in

Effect of restarting splunk service on indexers when the indexing pipelines/queues are almost full

On my 3 indexers(which are in a cluster), sometimes the typing queue and indexing queue go almost full ( >90% or 100%...

by Motivator in

linebreaker not working

{"alarm": {"attribute": [{"@id": "0x10000", "$": "SwCiscoIOS"}, {"@id": "0x11d42", "$": "tfotaprdhkap002"}, {"@id": "...

by Communicator in

Do I need bidirectional firewall rules for communication between forwarders and the deployment server on port 8089?

A very quick question to be sure in firewall's rules: I have to open firewalls routes to permit traffic from the Forw...

by SplunkTrust in

index time not getting captured correctly

[some_alarms] DATETIME_CONFIG = NO_BINARY_CHECK = true SHOULD_LINEMERGE = false TIME_PREFIX = 0x11f4e\"\, \"\$\"\:\ "...

by Communicator in

Split event before apply profiling

Hi all, I have events tagged with tag1 and others with tag2. In the restricted search terms of the search in roles...

by Path Finder in

Index log need to maintain only one year

Hi Team, I am seeking help on indexer log retention period set. I am using splunk enterprise version 6.4.2, dep...

by New Member in

Chart multiple series in Splunk 7.3: what's new?

The Splunk 7.3 release notes describe the following "what's new" item: Chart multiple series Co-analyze multi...

by Builder in

Is it recommended to install a universal forwarder on thousands of workstations or on a few dedicated syslog/Windows Event Collector servers?

Hello. We have a project that needs to forward Windows events or text files from approximately 6000 Windows works...

by Path Finder in

JsonLineBreaker - JSON StreamId:5839877885617795466 had parsing error:Unexpected character while looking for value: ',' - data_source="/xxx/alarms.log", data_host="xxx, data_sourcetype="alarms"

Hello, I'm getting this error : JsonLineBreaker - JSON StreamId:5839877885617795466 had parsing error:Unexpected c...

by Explorer in

Getting Data In

Discussions

Is it possible to update the Splunk Universal Forwarder but not change anything else?

Why does my Splunk forwarder transmit incomplete events for my rsyslog server?

custom iis sourcetype - field extractions

How do I change the sourcetype after the data has been indexed?

Encrypt data during anonymization

How to break events based on timestamp at index-time?

Storage experts: With 20 SSDs per indexer, what's the best RAID option?

Effect of restarting splunk service on indexers when the indexing pipelines/queues are almost full

linebreaker not working

Do I need bidirectional firewall rules for communication between forwarders and the deployment server on port 8089?

index time not getting captured correctly

Split event before apply profiling

Index log need to maintain only one year

Chart multiple series in Splunk 7.3: what's new?

Is it recommended to install a universal forwarder on thousands of workstations or on a few dedicated syslog/Windows Event Collector servers?

JsonLineBreaker - JSON StreamId:5839877885617795466 had parsing error:Unexpected character while looking for value: ',' - data_source="/xxx/alarms.log", data_host="xxx, data_sourcetype="alarms"

How to view raw events in Stream??

Ping request timeouts ICPM_SEQ when i try to ping some indexers in my environment

How to avoid duplicate indexing from HTTP event collector and file

Export CSV multiline cell ?

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

Drop Windows Event Logs with EventID 5156 and not ...

Splunk add-on for Cisco Meraki getting data from o...

Files can't be ingested while being in transit via...

Using Splunk with NiFi

Pulsar vs Kafka

Getting Data In

Discussions

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >