Getting Data In

Discussions

Thread Info

Can inputs.conf be reloaded without restarting splunkd?

As splunk can't handle large number of files (e.g. thousands of files) at the same time, I use shell script to modify...

by Path Finder in

Why splunk add-on builder is showing error( there is parsing error to this app) in Map to Data Model step?

when I am mapping my event types with data model and selecting data model corresponding my event types, it showing er...

by New Member in

Changing timestamp on summary index

I am running a Summary Index based on a lookup table. However I want to change the summary index timestamp to "Month/...

by Explorer in

Dropdown input value to be passed to multiselect inputs

Hi All, I would like to pass a drop down filter value to multiselect value. code for dropdown is as : <input...

by Communicator in

Syslog Server vs Heavy Forwarder

Hi I wanted to get some opinion in these 2 scenarios: Scenario 1: A collection of UF + Network devices sendi...

by Explorer in

Splunk PowerShell Modula Input always returns fallback result

Hello Community, I have setup a PowerShell modular input; executing a script every 5 minutes. Running the scrip...

by New Member in

Unable to archive frozen data to s3

Hello Everyone, I am using the below in indexes.conf file, but the script never got executed instead the frozen fi...

by Path Finder in

Why My Timestamp didnt work on DB Connect?

We set up an input in DbConnect and it works perfectly in our development environment but when we apply the same inpu...

by Path Finder in

Kvstore Collection endpoint sort limit

Hello! We are using KVStore collections in our apps, making use of the Splunk Rest API Collection Endpoint. For on...

by Path Finder in

Field Calculation not working

What I'm trying to do is create a field named ids_type and make it equal to network. (ids_type=network) I'm trying...

by New Member in

Universal forwarder Manual Installation

I am trying to install Splunk Insights .. Installed splunk Server .. when i am trying to install Forwarder am not all...

by New Member in

Splunk 6.4.1 migration to new Server

Hello All, I am having one heck of a time migrating an old server to a new server, both are windows server 2012 r2...

by Explorer in

File monitoring With an interval

Hello everyone. I have an issue regarding monitoring files in a directory. The thing is that in order events ...

by Path Finder in

Setting persistentQueueSize for Windows Logs

We are looking into to setting up persistentQueueSize for our Windows Event Logs. On the persistentQueueSize page (So...

by Communicator in

Scripted Input is incomplete

Hi Team, I have deployed a scripted input which will list out all .log files from a specific folder on application...

by Path Finder in

How to search for session timeout event in Splunk internal logs for an account?

How to search for session timeout event in Splunk internal logs for an account? ... is there any way to find the entr...

by Explorer in

missing sourcetype in index summary

I have two summary reports over an index, and one sourcetype is missing from one. The reports are: index="esam" | ...

by Explorer in

One search head to search across two separate indexer clusters?

I am running two setups of Splunk, one is in Datacenter and another is in AWS. DC : 2 Node search heads, 3 nodes ...

by Explorer in

I want to filter specific security events logs but my configuration didn't work.

I have configure the input file residing under following path.C:\Program Files\SplunkUniversalForwarder\etc\system\lo...

by Explorer in

How do you audit user logins on a forwarder?

I need to change the admin account password and want to make sure I don't break any automated tasks by doing it. How ...

by Builder in

Getting Data In

Discussions

Can inputs.conf be reloaded without restarting splunkd?

Why splunk add-on builder is showing error( there is parsing error to this app) in Map to Data Model step?

Changing timestamp on summary index

Dropdown input value to be passed to multiselect inputs

Syslog Server vs Heavy Forwarder

Splunk PowerShell Modula Input always returns fallback result

Unable to archive frozen data to s3

Why My Timestamp didnt work on DB Connect?

Kvstore Collection endpoint sort limit

Field Calculation not working

Universal forwarder Manual Installation

Splunk 6.4.1 migration to new Server

File monitoring With an interval

Setting persistentQueueSize for Windows Logs

Scripted Input is incomplete

How to search for session timeout event in Splunk internal logs for an account?

missing sourcetype in index summary

One search head to search across two separate indexer clusters?

I want to filter specific security events logs but my configuration didn't work.

How do you audit user logins on a forwarder?

Using Splunk Universal Forwarder and scripted inpu...

why Splunk is not able to index all the data from ...

Collect Perfmon counters data for ASP.NET & Paging...

Splunk eStreamer for FMC version 4.011 setup page...

Invalid key in stanza - kv_mode (value: xml)