Getting Data In

Discussions

Thread Info

How is LZ4 faring so far in 6.3+ compared to gzip for indexer rawdata compression?

Digging through the new stuff in 6.3 in preparation for some upgrades, I see LZ4 compression is available for bucket ...

by Explorer in

How to monitor similar log files in different directories on different servers

What is the recommended way to monitor log files that come from the same application (so will be set to the same sour...

by Path Finder in

Getting all IP addresses from guests in VMware vCenter

Hey folks, I am using a VMware DCN (data collection node) to index all of my performance, event, and inventory dat...

by Explorer in

Do you receive results from cisco_wsa_squid and Cisco_firewall when you run search as sourcetype=cisco* user=*?

When you create field aliases cs_username = user in sourcetype cisco_wsa_squid and Username = user in sourcetype cisc...

by New Member in

Need help configuring i/o to capture data from universal forwarders

looking to find a procedure or help to configure i/o so i can capture the same from universal forwarders. currentl...

by Builder in

After 2 days of reading help docs and watching tutorial video's still not able to get Splunk Cloud monitoring my eventlog...

After 2 days of reading numerous help docs and watching tutorial video's still not able to get Splunk Cloud monitorin...

by Path Finder in

Several small log files - sourcetype = local-too_small

Hi, I've got a problem with monitoring several log files generated by syslog-ng. There are 50+ switches. I am coll...

by Communicator in

What are search command alternatives to mvxpand for expansion with filter?

I have a log line logically looking something like this: f1=a f2=b f3=c custom=[]{ c1{f=x} c2{f=y} c3{f=x}} I n...

by Explorer in

Is it possible to send application logs at the universal forwarder directly to my searchhead?

I want to fetch DNS and DHCP logs from my server directly to my local system, where I have my Splunk enterprise, with...

by New Member in

What is the feasibility of using Splunk REST calls from an Angular application running HTLM5 to send data into Splunk directly from the browser?

We have a partner who wants an extremely light interface to send data into a Splunk instance. They prefer to make a s...

by Path Finder in

Is there an easy way to monitor disk size from a remote Windows machine?

Hi, i have a windows environment and universal forwarder installed on the servers and forwarding different type of...

by Contributor in

Exchange CAS IIS timezone conversion issue?

I'm working with Exchange IIS data from our CAS servers and am having trouble with Splunk translating the time from U...

by Path Finder in

Is it possible to set the TZ in props.conf on a Universal Forwarder?

Hi, I have an issue with a sourcetype that logs in UTC/GMT but does not include TZ information, so I would like to...

by Builder in

forwarding Windows and syslog event logs to rsyslog

Need to send certain Windows security and audit files to a RHEL rsyslog server. This is what I have so far (based on ...

by Communicator in

How do you change the URL of the Splunk Enterprise shortcut in Windows start menu?

How to change the URL of the Splunk Enterprise shortcut in Windows start menu? I have already updated ports using "sp...

by Explorer in

Splunk Adaptive Response sending post command in REST API

Hi, I am trying to create a new app which will be used to send a Splunk Adaptive response via REST API. I am able ...

by Path Finder in

Why am I getting "⚠ cannot concatenate 'str' and 'NoneType' objects" for every sample log file I try to import into Splunk?

Every sample log file that I attempt to import as my data source returns the exception: ⚠ cannot concatenate 'str...

by Engager in

Getting Data In

Discussions

How is LZ4 faring so far in 6.3+ compared to gzip for indexer rawdata compression?

How to monitor similar log files in different directories on different servers

Getting all IP addresses from guests in VMware vCenter

Do you receive results from cisco_wsa_squid and Cisco_firewall when you run search as sourcetype=cisco* user=*?

Need help configuring i/o to capture data from universal forwarders

After 2 days of reading help docs and watching tutorial video's still not able to get Splunk Cloud monitoring my eventlog...

Several small log files - sourcetype = local-too_small

What are search command alternatives to mvxpand for expansion with filter?

Is it possible to send application logs at the universal forwarder directly to my searchhead?

What is the feasibility of using Splunk REST calls from an Angular application running HTLM5 to send data into Splunk directly from the browser?

Is there an easy way to monitor disk size from a remote Windows machine?

Exchange CAS IIS timezone conversion issue?

Is it possible to set the TZ in props.conf on a Universal Forwarder?

forwarding Windows and syslog event logs to rsyslog

How do you change the URL of the Splunk Enterprise shortcut in Windows start menu?

Splunk Adaptive Response sending post command in REST API

Why am I getting "⚠ cannot concatenate 'str' and 'NoneType' objects" for every sample log file I try to import into Splunk?

Can I store hot/warm/cold buckets on different drives in Windows environment?

How can I exclude data from being ingested by the universal forwarder?

Error when routing data to index and sourcetype based upon incoming hosts: "Undocumented key used in transforms.conf"

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >

Add data from forwarders requires copy of clustere...

Will upgrade to Splunk_TA_nix v8.2.0 still works w...

Route syslog from heavy forwarder to 3rd party, bu...

Splunk HTTP Event Collecter Spring Boot Log4j2 Cau...

Is there any automated way to check or validate ma...