Getting Data In

Discussions

Thread Info

Can we upgrade a search head from version 6.1 to 6.5 while indexers still use 6.1.2?

Hi, Can we upgrade SH version of 6.1.2 to 6.5 while we are planning to continue other components (Indexer,Deployer...

by Path Finder in

Is it possible to configure HTTP Event Collector in a custom app?

Is it possible to configure HTTP Event Collector in a custom app, that is to say, not in the splunkhttpinput applicat...

by Engager in

Why Was My Event Indexed Twice? Same Host, Same File, Same _raw, Same Indextime, different splunk_server

Hi All; Noticed something very interesting and I don't seem to find the smoking gun. Today I was alerted by one of...

by Builder in

How to use Spring XML Application to read data and retrieve search results from Splunk and convert it into CSV format?

Hi, I have an application (Spring XML Application) which needs to read data from Splunk and convert it into CSV fo...

by New Member in

How to use Splunk to access an email client and index the details in CSV attachments?

Hi, I need to access an email client (Gmail or Outlook) and index the details in the CSV attachments. Any sugge...

by Engager in

How to ignore internal indexes when searching?

Hello, | rest /services/data/indexes-extended | eval bdhomeeventmintime=strftime('bucketdirs.home.eventmintime',"%...

by Builder in

Best way to use git for source version control with our Splunk infrastructure?

Hi all, I'm looking for some advice on source version control. We have a couple deployers, a deployment server, in...

by Champion in

How to parse the format of Windows Event Log, in order to forward these logs to syslog server?

Hi , For some reason , I must forward the Windows Event Log to our syslog server. I configured the indexer server a...

by Path Finder in

Can I run queries having "search" keyword through Splunk REST API?

I have a query which uses "subsearch", so it has a search keyword within the query. I get results when I run this que...

by New Member in

setup.xml to modify/create an entry in app.conf (or anywhere else)

Hi, I've been trying to make a basic setup.xml that can create a stanza and config that I can access from a script...

by Builder in

How can I create a filter to capture certain events from security logs?

Hi All, I'm a newbie to the Splunk world and trying to figure out a couple things. I currently have Splunk Light i...

by New Member in

What is the best architecture setup to handle multiple log sources and apply all data to specific field headers?

Hello - as you may see by my account status, I'm a complete newbie to Splunk. I apologize for any confusion or use...

by New Member in

Keeping Host data when using Heavy Forwarder

We have recently moved from having an internal hosted Splunk setup to Splunk Cloud. Before the move to the Cloud all ...

by Engager in

Monitoring Novell eDirectory events with Splunk

Has anyone used Splunk to monitor Novell eDirectory events? I need to know if there is a solution out there to replac...

by Splunk Employee in

Try to use transforms.conf

Hi, we try around with Splunk (first contact). We to prof what we can log from HDS Storages. System report via ...

by New Member in

DMC alert for Disk usage

HI All, We are receiving false alert in the DMC and checked the search it running following rest search . In that ...

by Contributor in

Why is the Splunk universal forwarder not pushing data to indexer?

I recently upgraded a workstation to Win10 Enterprise. I installed the Splunk universal forwarder, however I am not c...

by New Member in

Advice for setting up a Splunk production environment

We are setting up a production Splunk environment on Linux VM's (RHEL7). I'm not exactly a "server guy" so learning o...

by New Member in

Splunk REST API without SSL (i.e HTTP only)

Hi, I'm trying to use Splunk REST API, using standard HTTP request (not HTTPS). When trying to connect to port 808...

by Engager in

Why does attempting to install the Universal Forwarder on Windows via CLI fail?

I'm trying to perform a simple command line install for Windows Universal Forwarder (UF) and can't seem to get the in...

by SplunkTrust in

Getting Data In

Discussions

Can we upgrade a search head from version 6.1 to 6.5 while indexers still use 6.1.2?

Is it possible to configure HTTP Event Collector in a custom app?

Why Was My Event Indexed Twice? Same Host, Same File, Same _raw, Same Indextime, different splunk_server

How to use Spring XML Application to read data and retrieve search results from Splunk and convert it into CSV format?

How to use Splunk to access an email client and index the details in CSV attachments?

How to ignore internal indexes when searching?

Best way to use git for source version control with our Splunk infrastructure?

How to parse the format of Windows Event Log, in order to forward these logs to syslog server?

Can I run queries having "search" keyword through Splunk REST API?

setup.xml to modify/create an entry in app.conf (or anywhere else)

How can I create a filter to capture certain events from security logs?

What is the best architecture setup to handle multiple log sources and apply all data to specific field headers?

Keeping Host data when using Heavy Forwarder

Monitoring Novell eDirectory events with Splunk

Try to use transforms.conf

DMC alert for Disk usage

Why is the Splunk universal forwarder not pushing data to indexer?

Advice for setting up a Splunk production environment

Splunk REST API without SSL (i.e HTTP only)

Why does attempting to install the Universal Forwarder on Windows via CLI fail?

How to produce stats with based on a field clientI...

Connect to your Azure Storage account with the Spl...

DataParserVerbose - Accepted time format has chang...

how to extract json fields in a mixed type log out...

Cisco CNAE problems with script data input