Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do I add data into Splunk when logged in as an administrator?

When i am adding data on Splunk Enterprise, I see: You do not have the capability to add data. Please contact your...

by New Member in

Using Splunk 6.4.2, how to send SNMP traps from Splunk to other systems?

Hi I am using Splunk Enterprise 6.4.2. However http://docs.splunk.com/Documentation/Splunk/6.2.1/alert/SendingSNM...

by SplunkTrust in

What configurations would be made to inputs.conf in order to have the same log file be monitored on all my servers?

I have 64 servers and I need to monitor the same log file on all the 64 servers. What would be the inputs.conf file c...

by Explorer in

security - ssl rest api not closed on /dev/zero stream input

If you run the command openssl s_client -connect ip:port < /dev/zero 2>&1 towards the rest api (port 8089) with ssl e...

by Engager in

How to handle a field alias for two fields in search results when the source type is the same?

We have data which can display a computer's serial number. The data is a little odd and we have to extract the serial...

by Communicator in

Why are the Preset Times in Splunk Web not displaying results for a recently added log file?

I recently added a .log file for an app called solr. When searching using the presets like "Today" i get no results. ...

by Builder in

How to add a CSV file to an existing kvstore?

I am trying to add data to an existing kvstore. I have tried to input the data via a CSV. I'm new to Splunk and need ...

by New Member in

Why did our Splunk Windows server suddenly start disappearing off our network with, Event 4227, TCP/IP stack 'crash'?

Hi, Our local Splunk server has been working fine for months, but suddenly it started momentarily 'disappearing' o...

by Engager in

Multiline Events sent from Universal Forwarder not breaking correctly

Customer is ingesting a custom log file. with multi-line events using a Splunk Universal Forwarder which sends data t...

by Splunk Employee in

REST Inputs in cluster architecture

Hi, I have a Splunk Heavy Forwarder, Indexer master and two Indexer slaves, two search heads in the current archit...

by Path Finder in

How to determine disk utilization of a source?

Hi, Is there a way to determine how much disk space a source is using? here is my index, source and sourcetype: ...

by New Member in

Why do we get the Invalid key in stanza NO_BINARY_CHECK?

We have the following - [monitor://C:\Windows\System32\winevt\Logs\ADFS 2.0%4Admin] disabled = 0 sourcetype=winevt...

by Ultra Champion in

Universal Forwarder - AuditTrailManager - Private key error - No such file or directory

Hi guys, I got these error on pretty much all of my splunk universal forwarder. 03-06-2017 12:25:27.743 +1...

by Communicator in

Is there a way to use a date in a CSV file name as the timestamp without editing datetime.xml or props.conf?

Hi All, I am trying to import a CSV file that has a date in the filename and I am wondering if it's possible to us...

by Path Finder in

Is there a way to directly get the results as csv using a browser

Is there a way to view a splunk query directly as a CVS? In reviewing the REST API the curl command below gets me...

by Communicator in

Repository for sourcetype configuration for common log formats?

Is there a repository for common log formats? I have Tomcat boot.log that is not line breaking correctly, most likely...

by Champion in

Is this 180 day retention policy configuration in indexes.conf appropriate?

Hi, We are are setting up our indexes to all have a retention policy of 180 total days. 10 days in hot/warm and 17...

by Path Finder in

How to install the Splunk forwarder from a remote machine using script after switching user?

I want to install Splunk forwarder in remote server from local Linux server using script. When I'm running the script...

by New Member in

How to ignore timezone offset in timestamp?

Hi there, I have an application that is incorrectly reporting the current timezone is GMT -0500 with timestamps of...

by Explorer in

CSV with custom quoting

Hi There i have a CSV/UDR without headers with following example rows session_start,0 ,0 ,2017-03-07 20:0...

by Path Finder in

Getting Data In

Discussions

How do I add data into Splunk when logged in as an administrator?

Using Splunk 6.4.2, how to send SNMP traps from Splunk to other systems?

What configurations would be made to inputs.conf in order to have the same log file be monitored on all my servers?

security - ssl rest api not closed on /dev/zero stream input

How to handle a field alias for two fields in search results when the source type is the same?

Why are the Preset Times in Splunk Web not displaying results for a recently added log file?

How to add a CSV file to an existing kvstore?

Why did our Splunk Windows server suddenly start disappearing off our network with, Event 4227, TCP/IP stack 'crash'?

Multiline Events sent from Universal Forwarder not breaking correctly

REST Inputs in cluster architecture

How to determine disk utilization of a source?

Why do we get the Invalid key in stanza NO_BINARY_CHECK?

Universal Forwarder - AuditTrailManager - Private key error - No such file or directory

Is there a way to use a date in a CSV file name as the timestamp without editing datetime.xml or props.conf?

Is there a way to directly get the results as csv using a browser

Repository for sourcetype configuration for common log formats?

Is this 180 day retention policy configuration in indexes.conf appropriate?

How to install the Splunk forwarder from a remote machine using script after switching user?

How to ignore timezone offset in timestamp?

CSV with custom quoting

Salesforce Add-on - Lost my server and trying to r...

Configure Azure Storage Blob Modular Input for Spl...

syslog

VMware addon in unable to collect data from vcente...

rsyslog configuration and receiving results on dif...