Getting Data In

Discussions

Thread Info

Is there a way to know if Splunk is operating 90% of the time ?

I found that Splunk Monitor System health can check health of Splunk and check if it's monitoring or not. However, i ...

by Explorer in

Can't get FQDN for /var/log/messages with Deployment Server and Linux T/A

I am seeing many references about how the "syslog" sourcetype takes the hostname form the /var/log/messages logs, by ...

by Builder in

one radio button and 2 multiselect

i have one radio button which passes value for 2 multiselect. if i change value in the radio button i want to change ...

by Builder in

How do I extract a whole sentence as a field from a log file and generate a report?

I want to generate a report by using a log file as an input. The log file is like: 01/16/2018 process 1 success...

by New Member in

In which props.conf file should I change the MAX_DAYS_AGO setting?

I'm trying to change the MAX_DAYS_AGO value in the props.conf file, but there are a lot of props.conf files so i'm no...

by New Member in

Can you help me with search time field extraction using props.conf & transforms.conf?

Hi splunk gurus, I am new to Splunk and having some difficulty with a search time field extraction. This is a s...

by New Member in

How do you adjust time with syslog-ng or universal forwarder for devices in different time zones?

Hi, We are centralizing and collecting logs from various devices via syslog-ng, and sending them to indexers via u...

by Explorer in

How to move data from one peer node to another peer in an indexer clustering environment?

I have 3 indexers in cluster master. (Indexer 1, indexer2 and indexer3) I need to stop indexer2 and indexer3 permanen...

by Explorer in

My logs are going into the wrong Index

It was reported to me that data from one of our devices is showing up in the wrong index. Is there an easy way to fix...

by Explorer in

dropping events at index time works from one forwarder but not from the other

My scenario is: 1 Indexer (SPLUNK Enterprise 7.1.3) 1 Heavy Forwarder (SPLUNK Enterprise 7.1.2 1 Universal Forwarder ...

by Path Finder in

Is there a way to filter only a certain type of log from websphere to get logged to splunk?

I'm trying to add debug and error logs from websphere to splunk, but it consuming a lot of space. My aim is to reduce...

by New Member in

How do you ingest events of a particular time period from a file in Splunk?

I have a log file of about 400 MB in size. I don't want to ingest it completely. I just want a few events from a part...

by Explorer in

SA-Modularinput-powershell (V3): scheduler fails scheduling with more than one stanza

Hi. We are running Splunk Enterprise version 7.2.0. On this version and also on 6.6, we find that when we have more t...

by New Member in

How to whitelist combination of fields using lookup table?

Hello Experts, We've got an alert which gets triggered if service is installed on the windows host. index=winev...

by Explorer in

Why do my forwarders have inconsistent connectivity to the indexers?

We have this case for multiple servers where we see constant errors such as - 10-04-2018 13:25:55.480 -0500 INFO ...

by Ultra Champion in

Can Splunk connect with Automation Anywhere tool?

Splunk is an Automated Process. Can Splunk be useful for Automation Anywhere tool ?

by New Member in

How do you get logs from Mcafee IPS into Splunk?

I have McAfee IPS. How do I integrate or Collect logs from Mcafee IPS and forward the logs to Splunk? Currently, I...

by Communicator in

With a heavy forwarder, how do I redirect a data set to separate indexes with different indexes?

All, I have a data set that I need in indexclusterA as index=distil. HOW EVER I need that same data in indexclust...

by Builder in

How do I troubleshoot "ERROR TailingProcessor - Ran out of data while looking for end of header"

Can anybody please tell me what I need to do for the error ERROR TailingProcessor - Ran out of data while looking...

by New Member in

'WinHostMon://Service' without valid type

Hi, I am configuring the input.conf on my windows hosts to get the status of some services but I get an error for ...

by New Member in

I am trying to create an alert specific to domain admins being added or removed from the Admin group

As the question stated I am trying to create an alert that lets me know when Domain admins were added or removed from...

by Explorer in

How do I collect fake data automatically in Splunk?

hello, I'm new to Splunk and am using the Splunk Free license. I would like to find a way to collect data automat...

by Explorer in

モニターコンソールの取り込みについて

現在、以下の症状が発生しており対応に困っています。このため、皆様のお力をお借りできたらと投稿致しました。お手数となりますが、対応に伴う知見がありましたらご提示願います。また、不足の情報がございました際は、その旨コメントをください...

by New Member in

Why copytruncate logrotate does not play well with splunk monitoring

I am using logrotate to rotate my files, with the option copytruncate. http://linuxcommand.org/man_pages/logrotate8.h...

by Splunk Employee in

How do we change indexes.conf's cold path in a clustered Splunk environment?

Hi Team, Here is our scenario: Our current directory in our coldPath parameter in master-apps/org_all_indexes/l...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is there a way to know if Splunk is operating 90% of the time ?

Can't get FQDN for /var/log/messages with Deployment Server and Linux T/A

one radio button and 2 multiselect

How do I extract a whole sentence as a field from a log file and generate a report?

In which props.conf file should I change the MAX_DAYS_AGO setting?

Can you help me with search time field extraction using props.conf & transforms.conf?

How do you adjust time with syslog-ng or universal forwarder for devices in different time zones?

How to move data from one peer node to another peer in an indexer clustering environment?

My logs are going into the wrong Index

dropping events at index time works from one forwarder but not from the other

Is there a way to filter only a certain type of log from websphere to get logged to splunk?

How do you ingest events of a particular time period from a file in Splunk?

SA-Modularinput-powershell (V3): scheduler fails scheduling with more than one stanza

How to whitelist combination of fields using lookup table?

Why do my forwarders have inconsistent connectivity to the indexers?

Can Splunk connect with Automation Anywhere tool?

How do you get logs from Mcafee IPS into Splunk?

With a heavy forwarder, how do I redirect a data set to separate indexes with different indexes?

How do I troubleshoot "ERROR TailingProcessor - Ran out of data while looking for end of header"

'WinHostMon://Service' without valid type

I am trying to create an alert specific to domain admins being added or removed from the Admin group

How do I collect fake data automatically in Splunk?

モニターコンソールの取り込みについて

Why copytruncate logrotate does not play well with splunk monitoring

How do we change indexes.conf's cold path in a clustered Splunk environment?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures