Getting Data In

Discussions

Thread Info

Why are Windows Event Logs not forwarded after installing a new Windows server?

Hi there, I have the following issue detected in our environment and I'm not sure where the problem comes from. We...

by Contributor in

How to convert the reported Pacific Time (PT) from one source to Universal Time Coordinated (UTC) within my search?

I am currently working on a report with 3 different data sources. Two of these sources report events in Universal Tim...

by New Member in

Using a REST command to query the status of the splunkweb process?

I'd like to be able to check on the status of the splunkweb process from distributed splunk instances within a splunk...

by Motivator in

How to enable HTTP Event Collector on indexers?

Hello All, We wanted to enable HTTP Event Collector (HEC) in our environment. We have one deployment server and fo...

by Communicator in

How to rename a JSON field by editing a configuration file (NOT when running search)?

There is a log source that publishes events in JSON format, but the field name is in 3-digit numbers, not in English,...

by Path Finder in

Why does using the Splunk Forwarder with Splunk Free display message "This feature is not available with your installed set of licenses"?

From my understanding the Splunk free license still lets you forward logs from other servers using the Splunk univers...

by Explorer in

How to distribute splunk.secret to Windows Heavy Forwarders

Hello guys, We are going to install two Heavy Forwarders on Windows 2012 R2 servers. The remaining instances of Sp...

by Path Finder in

How to correctly configure Splunk to monitor a directory with wildcards?

I must be doing something wrong. Splunk is seeing and indexing the first log file it finds and nothing else after wit...

by Communicator in

Can someone help me parse this XML into Splunk on the backend? Also should I add this to the props.config in my Deployment Server or my Search Head Deployer?

Here is what I have tried and it is not working: Edit the local/inputs.conf file and add this: [monitor:///dire...

by Explorer in

Trouble getting data into Fortigate app

Hi Running Fortigate 80c with v4.0 MR3. I've downloaded and installed the fortigate splunk app but i'm having trou...

by New Member in

How to edit my configurations when setting up a forwarder?

I'm finding the instructions a little confusing but my understanding is I can have Splunk Enterprise on server 1 whic...

by Explorer in

How to monitor my local browser history in Splunk?

I have installed Splunk Enterprise free version on my personal PC. I want to track the URLs are visited from the brow...

by Communicator in

Can Splunk read .db3 files (SQLlite)?

Hi We have a application which logs using SQLlite and logs are with .db3 extension. Can Splunk monitor those files...

by Builder in

Can SSL be configured when sending data to Universal Forwarder through TCP connection from an external source?

Hi, Data is sent to Splunk Universal Forwarder (UF) through the TCP connection. From UF, data is forwarded to indexer...

by Contributor in

How to index a Sharepoint document?

Hello Splunkers. Scenario: I have a timesheet on SharePoint. I want to index the timesheet table in Splunk so I ca...

by Communicator in

Why is my props.conf not working, but the same props.conf is working on some forwarders?

props.conf [log1] BREAK_ONLY_BEFORE = \w+\s+\w+\s+\d+\s+\d+\:\d+\:\d+\s+\w+\s+\d+ DATETIME_CONFIG = NO_BINARY_CHE...

by Explorer in

Why does migrating universal forwarder to 6.4.3 display "unconfigured/disabled/deleted index='wineventlog'" message and event logs stopped forwarding?

Hi all, I've 3 Splunk 6.4.1 Indexers and a Splunk 6.4.1 Search Head + Distributed Management Console (DMC) on Linux R...

by Path Finder in

Getting Data In

Discussions

Why are Windows Event Logs not forwarded after installing a new Windows server?

How to convert the reported Pacific Time (PT) from one source to Universal Time Coordinated (UTC) within my search?

Using a REST command to query the status of the splunkweb process?

How to enable HTTP Event Collector on indexers?

How to rename a JSON field by editing a configuration file (NOT when running search)?

Why does using the Splunk Forwarder with Splunk Free display message "This feature is not available with your installed set of licenses"?

How to distribute splunk.secret to Windows Heavy Forwarders

How to correctly configure Splunk to monitor a directory with wildcards?

Can someone help me parse this XML into Splunk on the backend? Also should I add this to the props.config in my Deployment Server or my Search Head Deployer?

Trouble getting data into Fortigate app

How to edit my configurations when setting up a forwarder?

How to monitor my local browser history in Splunk?

Can Splunk read .db3 files (SQLlite)?

Can SSL be configured when sending data to Universal Forwarder through TCP connection from an external source?

How to index a Sharepoint document?

Why is my props.conf not working, but the same props.conf is working on some forwarders?

Why does migrating universal forwarder to 6.4.3 display "unconfigured/disabled/deleted index='wineventlog'" message and event logs stopped forwarding?

How to obtain the Splunk instance's version from app (SimpleXML or SplunkJS) in 6.4 or older?

Scheduled saved Search that is meant to fill a Summary Index, runs but with no data

How to fix my HTTP event collector connectivity?

Change host props and transforms not working

(Caused by ProxyError('Cannot connect to proxy.', ...

Getting metrics timestamp in future

Fixup Tasks - Pending - Streaming Failure

Splunk DB connect - Cannot get schemas