Getting Data In

Discussions

Thread Info

Splunk Search with PIPE

So I have an application in centos that monitors process creation and sends it to a remote syslog server which is als...

by New Member in

Checksum for seek ptr didn't match, will re-read entire file

_TCP_ROUTING = forward_logsdisabled = falseindex = 1idx1sourcetype = LOGScrcSalt = <SOURCE> Even though our inputs....

by Engager in

outputs.conf add a delimiter

Is it possible to add a stanza field to outputs.conf on a light forwarder to add a delimiter to data that currently h...

by Path Finder in

Upgrade Splunk All-in-one - Loss of logs on Universal Forwarder

Hello everyone,I am planning to upgrade my all-in-one Splunk which is on version 7.2.4 to 8.1.According to the docume...

by Explorer in

Splunk_TA_Windows - script:installedapps timestamp issues?

All, Thought I posted this before, but can't find it in my history. I am seeing alerts in my Splunk logs statin...

by Builder in

history of the missing index

Good afternoon During an activity, the in index stanza in the indexes.conf file was commented to perform an event c...

by Path Finder in

Get data from Azure Function into Splunk Enterprise

I am trying to be able to get data in from an azure function one our of team's has done. We are not able to get the...

by Path Finder in

indexes.conf recommendation for large volume of data per day in 1index

Hi, I am looking for any recommendation when dealing with such scenario. On one instance or one indexer, 300-400GB...

by Loves-to-Learn Lots in

Nginx Logs from Kubernertes Containers

hi guys, forgive the n00bness of this question as im sure its fairly straightforward and/or been answered before. ...

by Loves-to-Learn in

Heavy forwarder

Hi, I am trying to figure out if i need a heavy forwarder or not; from what I have read in the documentation, a heavy...

by Path Finder in

Universal Forwarder to Both On Prem and Cloud Instances

We're starting outline our architecture and how data will flow, and we're looking to forward data to both an on prem ...

by Explorer in

What is the disadvantage of having a lot of small buckets and rotating them frequently?

So I understand that the minimum timespan on a hot bucket is 1 hour, but bucket sizing defaults to a file size instea...

by Contributor in

Need help writing input stanza for maillog

I'm having a hard time getting my stanza setup correctly. I basically want to monitor the maillog directories (maillo...

by Builder in

Cisco logs though Heavy Forwarder

Hello! I'm trying to collect logs from Cisco ASA devices through Heavy Forwarder, I'm sending all Cisco ASA logs to...

by Explorer in

Exclude field values from other field

Hi, I have some sylog events, login failed and login success in particular. I can determine if the event is success...

by Path Finder in

Filtering Cisco ASA Session log to remove logging for a session ID and IP combination

Hi, I'm very new to Splunk, and struggling to find a way to filter a specific log which is consuming a large propo...

by Loves-to-Learn Lots in

Getting A Specific Field From a Log

Hello Splunkers.  I have a stream of logs going to Splunk that reports daily errors. The logs is as follows: ...

by Explorer in

Splunk timestamp offset GMT

Good evening. I have a ASCII event message that looks like the following: The timestamp is in GMT time. When Splu...

by New Member in

Events filter on heavy forwarder doesn't work

Hi all, we are monitoring some log files in a Windows directory; we'd like to keep only events containing the word ...

by Explorer in

Getting Data In

Discussions

Splunk Search with PIPE

Checksum for seek ptr didn't match, will re-read entire file

outputs.conf add a delimiter

Upgrade Splunk All-in-one - Loss of logs on Universal Forwarder

Splunk_TA_Windows - script:installedapps timestamp issues?

history of the missing index

Get data from Azure Function into Splunk Enterprise

indexes.conf recommendation for large volume of data per day in 1index

Nginx Logs from Kubernertes Containers

Heavy forwarder

Universal Forwarder to Both On Prem and Cloud Instances

What is the disadvantage of having a lot of small buckets and rotating them frequently?

Need help writing input stanza for maillog

Cisco logs though Heavy Forwarder

Exclude field values from other field

Filtering Cisco ASA Session log to remove logging for a session ID and IP combination

Getting A Specific Field From a Log

Splunk timestamp offset GMT

Events filter on heavy forwarder doesn't work

forwarding AIX errpt to splunk

AWS Config Aggregator to Splunk

Issue with getting data to Splunk App for Hyperled...

Splunk fundamental training lab 4

unable to get MS Azure event hub using Splunk Addo...