Getting Data In

Discussions

Thread Info

monitor cisco switch environment

I would like to monitor about 15 cisco devicces on my network. 3 ASA devices, 4 l3 switches and the rest are L2 switc...

by Engager in

Indexing Kaspersky Logs

Need help to monitor event logs from Kaspersky Security Centre in #Splunk. Merely pointing forwarder to collect Windo...

by Contributor in

How to do event linebreaking and timestamp recognition in header lines without timestamp information!

Hi Folks, I am adding data from a log file with filename: server_zmslx1xt1119.log For the timestamp, first 7 li...

by New Member in

How to extract my event in index time using props.conf and transforms.conf?

How to extract my event in index time using props.conf and transform .conf? How to extract by event in index time to ...

by Communicator in

Can you index evtx on linux heavy forwarder? 4.3

Does not make it clear here: http://splunk-base.splunk.com/answers/141/can-splunk-index-windows-event-logevtevtx-f...

by Path Finder in

How can I grab the latest source from a csv file, ranging from the earliest to anything within 5 minutes of that time?

I have splunk import a csv file every time it's changed. Splunk imports each line of the csv file as an event. I have...

by Path Finder in

How to EXTRACT regex expression in props.conf?

I have this file with this appearance first.prop.one=1 first.prop.two=2 first.prop.third=3 I was using KV_MODE...

by Communicator in

How to push *.conf to universal forwarders?

I've got my Universal Forwarder doing indexing on some data sources for my Splunk instance. After spending some time ...

by Contributor in

ActiveSync Logs from Office365?

How are people grabbing ActiveSync logs out of Office365 into Splunk? I do not believe that these are coming through ...

by Engager in

Can I Splunk my wtmp files?

The file /var/log/wtmp is where most *nix systems keep track of all logins and logouts to the system. The file is ...

by Splunk Employee in

How to truncate events in SplunkWeb

Hello, I have an unusual requirement for Splunk. I have a source that returns error messages from Java application...

by Path Finder in

Universal Forwarderのログ転送先について

Syslogサーバー(+Universal Forwarder) → Splunkサーバー上記の図のように、Syslogサーバーにフォワーダーをインストールし、正常にSplunkサーバーにもログが取り込めていることは確認できて...

by New Member in

SPLUNK Universal Forwarder on Windows Server Core

I have several domain controllers, running the core version of Windows Server, reporting these errors in the splunkd ...

by Explorer in

How can I capture when members are removed from domain admins group?

I am trying to identify when a member has been removed from security enabled groups such as domain admins, using inde...

by Path Finder in

Is restart required after making changes to Props.conf and Transforms.conf?

Do I need to restart Splunk after I make changes to Props.conf and Transforms.conf for the changes to take effect? ...

by Builder in

Universal Forwarder and props.conf and transforms.conf

Just a quick question regarding the "Universal Forwarder" I have setup my inputs.conf and outputs.conf in /opt/sp...

by Builder in

Why is the Http event collector not visible in UI?

Hi, Splunk version : 6.6.1 Http event collector not visible in UI, we are not able to find it under data inputs...

by Explorer in

How does the indexer forward data to itself?

I want to blacklist some events that the Splunk server is sending to itself but my indexer isn't even running the Spl...

by Explorer in

Why has the TCP output processor has paused the data flow and why has forwarding to output group default-autolb-group been blocked?

Please help me to resolve the following issue. It seems I am getting no data through now at all Tcpout Processor: ...

by New Member in

How to change the default of 10 lines per page in forwarder management?

Is there a way to change the default of "10 lines" in Forwarder Management? I find it extremely annoying that this pa...

by Path Finder in

Getting Data In

Discussions

monitor cisco switch environment

Indexing Kaspersky Logs

How to do event linebreaking and timestamp recognition in header lines without timestamp information!

How to extract my event in index time using props.conf and transforms.conf?

Can you index evtx on linux heavy forwarder? 4.3

How can I grab the latest source from a csv file, ranging from the earliest to anything within 5 minutes of that time?

How to EXTRACT regex expression in props.conf?

How to push *.conf to universal forwarders?

ActiveSync Logs from Office365?

Can I Splunk my wtmp files?

How to truncate events in SplunkWeb

Universal Forwarderのログ転送先について

SPLUNK Universal Forwarder on Windows Server Core

How can I capture when members are removed from domain admins group?

Is restart required after making changes to Props.conf and Transforms.conf?

Universal Forwarder and props.conf and transforms.conf

Why is the Http event collector not visible in UI?

How does the indexer forward data to itself?

Why has the TCP output processor has paused the data flow and why has forwarding to output group default-autolb-group been blocked?

How to change the default of 10 lines per page in forwarder management?

Data Onboarding Strategy

Module 4 data upload fail without errors

serverclass.conf whitelist from pathname not worki...

How to produce stats with based on a field clientI...

Connect to your Azure Storage account with the Spl...