Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to edit inputs.conf to monitor logs on Windows machine?

To monitor a file on Windows machine with names like : access.201609230000_00 I wrote the following stanza in inpu...

by Path Finder in

how to get the timezone of the logs set in props file

Hi team, I have catalina logs ocming to splunk from Central timezone But my splunk server is installed and configu...

by Path Finder in

Windows 環境で SplunkWeb の Data inputs から複数の UDP inputが設定できない

SplunkWeb にログインし、Data inputsから１つのUDP port 514 インプットを設定することはできます。しかし、追加でもう一つ UDP port 514 インプットを設定すると下記のエラーが出てしまい設定するこ...

by Communicator in

Maximum number of attribute $n in transforms.conf

Hello, the FORMAT option in transforms.conf can use $n to specify the output of each REGEX match. (https://docs.splun...

by Communicator in

Why am I receiving "SOFTWARE PROGRAM ERROR" in Splunk universal forwarder that are AIX servers?

I'm running error script on a bunch of AIX servers but have encountered the "SOFTWARE PROGRAM ERROR" on few of the se...

by Contributor in

How can I learn to use PowerShell in Splunk?

I am new to PowerShell and Splunk. I want to learn PowerShell in Splunk, so how can i? Where can I find PowerShell in...

by Engager in

How to make multivalue fields parse in props.conf and transforms.conf?

So I've gotten stuck trying to get multivalue field working. I have, in general, two type of events. The first:...

by Builder in

How can I increase the output count limit for the command.script component?

Hi, I have a search that is using the "script" command but this search is exceeding a limit as you can see: ...

by Contributor in

Why is my Splunk forwarder 6.3.3 crashing with "LineBreakingProcessor - Truncating line because limit" error?

Hi, Splunk forwarder crashed few times in the last two days after onboarding few new customers. Please find bel...

by Explorer in

How to receive data from forwarders in the trial version of Splunk installed on my personal laptop?

How to receive data from forwarders in a Splunk trial/free version instance installed on my personal laptop?

by Path Finder in

How to stop the master node from indexing data ?

Hi, I have an indexer cluster composed of 2 indexers with a master node. I have seen that my master node is actua...

by Explorer in

How does licensing work for a Splunk Heavy Forwarder and Indexer?

Hi, Need a little insight on how licensing for a Heavy forwarder works: We are planning a solution for Client w...

by New Member in

Why is setting up INFO Logging entries from custom modular inputs showing up as ERROR in splunkd?

Hi All, So following the instructions here https://docs.splunk.com/Documentation/Splunk/6.5.1/AdvancedDev/ModInput...

by Builder in

Why am I unable to see the resource usage of my indexers via the DMC?

I am running 6.3.1 on my search head and 6.3.1 on my 3 indexers. I can see the on the resource usage per instance the...

by Explorer in

Receiving JSON files from Azure containing multiple events in each file. How do I break these into unique events?

I am pulling in JSON files into Splunk from Microsoft Azure. Each JSON files contains multiple events and time stamps...

by New Member in

Why am unable to uninstall Splunk universal forwarder?

When i try to uninstall Splunk universal forwarder from remove programs, i get this following error splunk the mi...

by New Member in

How to parse json which makes up part of the event

Hello, We have some json being logged via log4j so part of the event is json, part is not. The log4j portion has t...

by Explorer in

Can we write UDP or TCP streams directly to indexer ports rather than using a Universal Forwarder in between?

by Contributor in

How to deploy scripted inputs on different OS architectures?

I have two scripted inputs, one bash script for Linux and one batch script for Windows. Both scripts are written to r...

by Communicator in

How to resolve when a C# HttpWebRequest to REST API is not working?

Hey there, trying to use C# WebRequest class to send a simple search (via POST to get the sid then GET to get the res...

by Explorer in

Getting Data In

Discussions

How to edit inputs.conf to monitor logs on Windows machine?

how to get the timezone of the logs set in props file

Windows 環境で SplunkWeb の Data inputs から複数の UDP inputが設定できない

Maximum number of attribute $n in transforms.conf

Why am I receiving "SOFTWARE PROGRAM ERROR" in Splunk universal forwarder that are AIX servers?

How can I learn to use PowerShell in Splunk?

How to make multivalue fields parse in props.conf and transforms.conf?

How can I increase the output count limit for the command.script component?

Why is my Splunk forwarder 6.3.3 crashing with "LineBreakingProcessor - Truncating line because limit" error?

How to receive data from forwarders in the trial version of Splunk installed on my personal laptop?

How to stop the master node from indexing data ?

How does licensing work for a Splunk Heavy Forwarder and Indexer?

Why is setting up INFO Logging entries from custom modular inputs showing up as ERROR in splunkd?

Why am I unable to see the resource usage of my indexers via the DMC?

Receiving JSON files from Azure containing multiple events in each file. How do I break these into unique events?

Why am unable to uninstall Splunk universal forwarder?

How to parse json which makes up part of the event

Can we write UDP or TCP streams directly to indexer ports rather than using a Universal Forwarder in between?

How to deploy scripted inputs on different OS architectures?

How to resolve when a C# HttpWebRequest to REST API is not working?

Change host props and transforms not working

(Caused by ProxyError('Cannot connect to proxy.', ...

Getting metrics timestamp in future

Fixup Tasks - Pending - Streaming Failure

Splunk DB connect - Cannot get schemas