Getting Data In

Discussions

Thread Info

How to parse complete command line information into the event field ?

Hi All, Today we got an request from a user to include the entire information provided in the command line, when chec...

by Motivator in

field extraction disappeard, could this happen after a reinstall of the forwarder

Hi, one of our admins has reinstalled a fowarder. No we have issues with data that is not coming through anymore but ...

by Path Finder in

Monitor log files with spaces in the file name

hi, I am having issues with splunk universal forwarder monitoring log files with spaces in the name . The file is...

by Contributor in

Is there an app that can restart the Splunk universal forwarder service on Windows every 30 minutes?

Hi, I need to deploy an app from deplyment server which will restart the Splunkd UF application installed on Windo...

by Path Finder in

Splunk Forwarding doesn't forward data

We have a single data source from which we want to forward clone data to - splunk server 1(prod) and splunk server 2(...

by Path Finder in

Routing received data TO an external HEC via HTTPS?

Is it possible to route a stream of data from a heavy forwarder or indexer TO an external non-Splunk HTTPS endpoint (...

by Explorer in

Best way to load archived applcation log files without exceeding license?

Our daily license is 15GB we use about 10GB on average. However I want to load our archived application log files whi...

by Engager in

Collect data from WEC to which other machines send logs

Hello. I have windows№1 who sending logs to my windows№2 (WEC) on which i have UF (windows_TA) who collecting data an...

by Builder in

2 clusters vs clustered and unclustered vs etc/system/local

We are running a large multi-site clustered indexer environment which is maturing causing us to make some changes to ...

by Path Finder in

Cannot change host field in syslog data

Hi Splunkers, I collect syslog（/var/log/messages） data by Universal Forwarder, not UDP like this. Sep 3 12:42:16 i...

by Contributor in

Why are blacklisted 4663 and 4660 events still showing up?

I am hoping someone can help me out with a filtering blacklist issue I am having. I am currently filtering out event ...

by Path Finder in

Is there a config available that would push out the same format as Snare from a Heavy Forwarder?

Is there a config available that would push out the same format as Snare from a Heavy Forwarder? i.e. UniversalForwar...

by Explorer in

UF compatability for Knoppix and Fedora

Could you suggest the compatible UF package for the Operating system Knoppix and Fedora? I have checked on this li...

by New Member in

Why splunk is not able to index large csv files,

I'm trying to index a 3.5 GB csv file, but splunk is not reading it. Any clues ?

by Explorer in

CSV Import: fieds name are missing, but showing up while uploading process.

Hi there, i tried to upload a csv-file. During Uploading I could separate the fields with a "comma" and the field...

by New Member in

Using Transforms.conf truncates my data at 3925 characters - Why?

Ladies and Gents, I'm struggling trying to transform some of my data. props.conf [st1] NO_BINARY_CHECK = tru...

by Path Finder in

How to extract host field with many other fields in a single transformation step (DEST_KEY versus WRITE_META)

I am playing with a custom format for data going into Splunk on Splunk 7.0, and I am trying to extract fields at inde...

by Champion in

What happens if "DEST_KEY = MetaData:Host"?

May I know the answers for the below questions. what happens if DEST_KEY = MetaData:Host? Does the Host metadata r...

by Contributor in

Apply multiple transforms to a single host

How can I have multiple host stanzas in transforms.conf all be applied? I'd like to pull content out of some entries ...

by Path Finder in

Decrease bundle size

The bundle in the search head has grown upto 776 MB. Its not getting pushed as a result. How to reduce the bundle si...

by Builder in

Getting Data In

Discussions

How to parse complete command line information into the event field ?

field extraction disappeard, could this happen after a reinstall of the forwarder

Monitor log files with spaces in the file name

Is there an app that can restart the Splunk universal forwarder service on Windows every 30 minutes?

Splunk Forwarding doesn't forward data

Routing received data TO an external HEC via HTTPS?

Best way to load archived applcation log files without exceeding license?

Collect data from WEC to which other machines send logs

2 clusters vs clustered and unclustered vs etc/system/local

Cannot change host field in syslog data

Why are blacklisted 4663 and 4660 events still showing up?

Is there a config available that would push out the same format as Snare from a Heavy Forwarder?

UF compatability for Knoppix and Fedora

Why splunk is not able to index large csv files,

CSV Import: fieds name are missing, but showing up while uploading process.

Using Transforms.conf truncates my data at 3925 characters - Why?

How to extract host field with many other fields in a single transformation step (DEST_KEY versus WRITE_META)

What happens if "DEST_KEY = MetaData:Host"?

Apply multiple transforms to a single host

Decrease bundle size

WMI does not collect data from servers that do not...

How to troubleshoot Complex Heavy Forwarder Flows

Splunk Add on for McAfee DAM (Database Activity Mo...

Splunk Input from S3

How do I set the CRON job for scripted inputs so t...