Getting Data In

Ask a Question

Discussions

Thread Info

How to filter our dashboard by each host or including all hosts?

Hi, I'm trying to filter our dashboard by each host or including all hosts. We have many field(chart) in a dashbo...

by Explorer in

How do you filter data from a log and send them to 2 splunk instances while discarding the rest?

I'm trying to filter data from a log and send them to 2 splunk instances while discarding the rest. I've tried a lit...

by Explorer in

TCP requirement for syslog transfer

Syslogs are sent on UDP port 514 towards Syslog-ng But we have experienced if tcp for port 514 is not working/not ...

by Path Finder in

HTTP Event Collector returns Bad Request - what is wrong with my event?

While posting a request to Splunk via HEC, I get the response as {"text":"No data","code":5} and when I enable versio...

by Contributor in

Monitor logs on Indexers and forward to another indexer cluster

In my environment, we send everything to our indexer cluster and use data cloning using _TCP_ROUTING on the universal...

by Path Finder in

Original Timestamp Value/Format

Hello, I'm looking for a way to capture the original timestamp value/format from various logs. Here are some of the f...

by Builder in

splunk-kubernetes-logging in Kubernetes cluster getting error_class=Net::OpenTimeout error="execution expired"

I am trying to setup splunk-kubernetes-logging. I have my daemonset running on my worker nodes, but fluentd is failin...

by New Member in

default.meta [views\setup]

Hello guys,Does anyone know what views\setup found in default.meta means? Also if Search & Reporting app default.m...

by Motivator in

splunk forwarder upgrade

Hi All i have a requirement to upgrade splunk forwarder from 7.1 to 7.3.3, I will use sccm to upgrade to 7.3.3, exper...

by Explorer in

Splunk HF send only auditd, syslog, linux_secure to 3rd party syslog

I am having trouble wrapping my head around how to configure a HF to forward the sourcetypes of syslog and auditd to ...

by Explorer in

Why am I getting "ERROR UiPythonFallback - Appserver at http://127.0.0.1:8065 never started up!" on my Splunk 6.2.1 indexers?

I am new to Splunk, and noticed the web interface for my Indexers is offline. After reviewing the logs I found the...

by Engager in

How to split String sentence into one row?

Hello, I have a fields in my index named MESSAGE. [BBB] ProcessGenererIdentifiantLMKRImpl/genererIdentifiantLM...

by Explorer in

WinEventlog Input for [WinEventLog://Microsoft-Windows-Shell-Core/AppDefaults]

Hi, I try to monitor Microsoft-Windows-Shell-Core/AppDefaults directory. I tried adding it to Splunk_TA_window...

by Influencer in

Can I add additional monitor stanzas on an indexers inputs.conf?

In my indexers inputs.conf we have the standard stanza in place for receiving inbound logs from forwarders. [splun...

by Path Finder in

logs being cutoff

Running Splunk Enterprise and Splunkforwarder, both on RHEL, and we are having issues with the front portion of some ...

by Path Finder in

Forwarder load balancing over SSL to indexer cluster ?

Currently trying to load balance data from forwarder to indexer cluster ( idx1 & idx2) over ssl . So this configur...

by Engager in

Json file is getting truncated while uploading

Hi all, when i upload a json file to splunk, the data is getting truncated and the full data is not being uploaded. B...

by Communicator in

how to get props.conf to separate unstructured data

i want to have 3 fileds in the below unstructured data. i need props.conf for the below data. 1st is always heading....

by Builder in

Help indexs /etc/resolv as sourcetype config_file?

All, I need to monitor the /etc/resolv as sourcetype config_file in my env. This is well below the 256 byte min f...

by Builder in

windows application log files.

I'm trying to configure splunk to ingest two application logfiles, not the event logs the actual application logfile ...

by New Member in

Forwarder SSL and NO-SSL Forwarding

Hi all, I've an enviroment like this: 1 Search Head Cluester ( 3 servers ) ; 1 Indexers Cluster ( 4 server ); 1 De...

by Path Finder in

Help configuring a domain controller on a universal forwarder to send data to indexer

Hello Guys, I am very new to Splunk and am trying to configure UF to send data to an indexer on port 9997. I have ena...

by Explorer in

Any suitable option for collecting data from HP, Dell switches using Universal Forwarder

Hello Everyone! So, I have my Splunk Enterprise and universal forwarder installed on the same machine running Window...

by Explorer in

snmp error "Failed to register transport and run dispatcher Permission denied snmp_stanza:snmp://cisco_prime"

Getting error in HF : User : splunk have rwx to the snmp_ta app. I am not sure what is the issue here. the team confi...

by Explorer in

How to create a custom field at Heavy Forwarder for all sourcetypes ?

Hi All, Thanks upfront for your time. I have a task that I am trying to create 2 fields for any sourcetype that vi...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to filter our dashboard by each host or including all hosts?

How do you filter data from a log and send them to 2 splunk instances while discarding the rest?

TCP requirement for syslog transfer

HTTP Event Collector returns Bad Request - what is wrong with my event?

Monitor logs on Indexers and forward to another indexer cluster

Original Timestamp Value/Format

splunk-kubernetes-logging in Kubernetes cluster getting error_class=Net::OpenTimeout error="execution expired"

default.meta [views\setup]

splunk forwarder upgrade

Splunk HF send only auditd, syslog, linux_secure to 3rd party syslog

Why am I getting "ERROR UiPythonFallback - Appserver at http://127.0.0.1:8065 never started up!" on my Splunk 6.2.1 indexers?

How to split String sentence into one row?

WinEventlog Input for [WinEventLog://Microsoft-Windows-Shell-Core/AppDefaults]

Can I add additional monitor stanzas on an indexers inputs.conf?

logs being cutoff

Forwarder load balancing over SSL to indexer cluster ?

Json file is getting truncated while uploading

how to get props.conf to separate unstructured data

Help indexs /etc/resolv as sourcetype config_file?

windows application log files.

Forwarder SSL and NO-SSL Forwarding

Help configuring a domain controller on a universal forwarder to send data to indexer

Any suitable option for collecting data from HP, Dell switches using Universal Forwarder

snmp error "Failed to register transport and run dispatcher Permission denied snmp_stanza:snmp://cisco_prime"

How to create a custom field at Heavy Forwarder for all sourcetypes ?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions