Getting Data In

Discussions

Thread Info

splunk universal forwarder consuming cpu

I want to know abount how much splunk universal forwarder consume cpu. Have any materials about that? I found everywh...

by Engager in

How to send indexed logs from Splunk to third party

Is it possible to have old archived (indexed) logs from Splunk to send to any other third party solution ensuring th...

by Path Finder in

How to replace characters in logs using SEDCMD in props.conf in Splunk Heavy Forwarder?

I have a splunk heavy forwarder setup where the logs are not indexed but are forwarded to another device. I am trying...

by New Member in

Bucket ID conflict issue while thawing the data

The problem we are having is that of bucket ID conflicts. We end up having same bucket IDs from the same indexer that...

by Splunk Employee in

Using "btool inpust list" monitor stanza is missing, but not when using "btool -app=xx inputs list"

Using command splunk btool --app=operations_inputs_prod inputs list the following is listed [monitor://D:\logs\pow...

by Contributor in

What are the available load balancing method in Splunk Forwarders

How to choose a load balancing method in Splunk? What are the available load balancing method in Splunk Forwarders?

by Splunk Employee in

Can we use "| rest" to call Splunk instances other than local?

So far, I'm only able to run these against local Splunk. It has nothing returned when I replaced "local" with other h...

by Communicator in

Default Start Timerange from 10am

I am working on a wall board dashboard regarding incidents created from 10am till now. So if it is before 10am I want...

by Path Finder in

Why is my universal forwarder not forwarding?

Hello all! I have banged my head for about 2 hours trying to figure out why my universal forwarder won't transfer ...

by Communicator in

Why is Splunk not reading existing files from same server?

Hi Currently, I have setup inputs.conf, Splunk is reading all the directories in the inputs file- but not reading ...

by Explorer in

Using setnull and setparsing for two different sourcetypes

Hello Everyone, We have following props.conf [sourcetypeA] KV_MODE = json SHOULD_LINEMERGE = false TIME_FORMAT=...

by Explorer in

Default Splunk Enterprise or Splunk Univeral Forwarder Config: Safe for Use in DMZ?

Hello, There are a number of use cases where it is valuable for Splunk to process data from clients that are outsi...

by Path Finder in

Evaluating a custom formula in Splunk

In our application we log the response statuses in Splunk for all requests hitting our endpoint, something along the ...

by New Member in

BREAK_ONLY_BEFORE and BREAK_ONLY_BEFORE_DATE=false in the same props.conf

We're trying to break up some log entries that look like: 2019-03-27 17:11:59.942 Request was not matched as were ...

by Explorer in

Using lookup

Hi All, So i have a csv, which only contains one field "ip" with ips listed. I would like to inputlookup this...

by Explorer in

Onboard Windows event log based on source name

Hi. How would I ingest Windows Application events from a specific source name (and drop everything else)? For instanc...

by Loves-to-Learn in

Why I am getting this error ? every credential is correctly provided?

import splunklib.client as client HOST = "Host IP" PORT = 8089 USERNAME = "my username" PASSWORD = "password" #...

by Explorer in

REST API: Data visible post Splunk restart

Hey Splunker, We have configured many Rest APIs in Splunk search head, to monitor. Several times it happened, we unab...

by Communicator in

Can we fetch the last available data in an index , which is not ingested in the last 24hrs?

I have an requirement to show the data for last 24hrs. If the data is not available for the last 24hrs, i need to sho...

by Path Finder in

Migrating existing splunk reports (around 70) to new environment

Hi I am new to splunk with basic idea. I have been assigned a new project (banking domain) on splunk. Backgro...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

splunk universal forwarder consuming cpu

How to send indexed logs from Splunk to third party

How to replace characters in logs using SEDCMD in props.conf in Splunk Heavy Forwarder?

Bucket ID conflict issue while thawing the data

Using "btool inpust list" monitor stanza is missing, but not when using "btool -app=xx inputs list"

What are the available load balancing method in Splunk Forwarders

Can we use "| rest" to call Splunk instances other than local?

Default Start Timerange from 10am

Why is my universal forwarder not forwarding?

Why is Splunk not reading existing files from same server?

Using setnull and setparsing for two different sourcetypes

Default Splunk Enterprise or Splunk Univeral Forwarder Config: Safe for Use in DMZ?

Evaluating a custom formula in Splunk

BREAK_ONLY_BEFORE and BREAK_ONLY_BEFORE_DATE=false in the same props.conf

Using lookup

Onboard Windows event log based on source name

Why I am getting this error ? every credential is correctly provided?

REST API: Data visible post Splunk restart

Can we fetch the last available data in an index , which is not ingested in the last 24hrs?

Migrating existing splunk reports (around 70) to new environment

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

How to configure Azure functions to pass the loggi...

Is it possible to send Jenkins custom logger to Sp...

Why do I receive SSL alert number 40 with selfsign...

Why am I unable to call HEC instance from Splunk C...

How do I correctly index github enterprise logs?