Getting Data In

Discussions

Thread Info

Monitor logs on Indexers and forward to another indexer cluster

In my environment, we send everything to our indexer cluster and use data cloning using _TCP_ROUTING on the universal...

by Path Finder in

Original Timestamp Value/Format

Hello, I'm looking for a way to capture the original timestamp value/format from various logs. Here are some of the f...

by Builder in

splunk-kubernetes-logging in Kubernetes cluster getting error_class=Net::OpenTimeout error="execution expired"

I am trying to setup splunk-kubernetes-logging. I have my daemonset running on my worker nodes, but fluentd is failin...

by New Member in

default.meta [views\setup]

Hello guys,Does anyone know what views\setup found in default.meta means? Also if Search & Reporting app default.m...

by Motivator in

splunk forwarder upgrade

Hi All i have a requirement to upgrade splunk forwarder from 7.1 to 7.3.3, I will use sccm to upgrade to 7.3.3, exper...

by Explorer in

Splunk HF send only auditd, syslog, linux_secure to 3rd party syslog

I am having trouble wrapping my head around how to configure a HF to forward the sourcetypes of syslog and auditd to ...

by Explorer in

Why am I getting "ERROR UiPythonFallback - Appserver at http://127.0.0.1:8065 never started up!" on my Splunk 6.2.1 indexers?

I am new to Splunk, and noticed the web interface for my Indexers is offline. After reviewing the logs I found the...

by Engager in

How to split String sentence into one row?

Hello, I have a fields in my index named MESSAGE. [BBB] ProcessGenererIdentifiantLMKRImpl/genererIdentifiantLM...

by Explorer in

WinEventlog Input for [WinEventLog://Microsoft-Windows-Shell-Core/AppDefaults]

Hi, I try to monitor Microsoft-Windows-Shell-Core/AppDefaults directory. I tried adding it to Splunk_TA_window...

by Influencer in

Can I add additional monitor stanzas on an indexers inputs.conf?

In my indexers inputs.conf we have the standard stanza in place for receiving inbound logs from forwarders. [splun...

by Path Finder in

logs being cutoff

Running Splunk Enterprise and Splunkforwarder, both on RHEL, and we are having issues with the front portion of some ...

by Path Finder in

Forwarder load balancing over SSL to indexer cluster ?

Currently trying to load balance data from forwarder to indexer cluster ( idx1 & idx2) over ssl . So this configur...

by Engager in

Json file is getting truncated while uploading

Hi all, when i upload a json file to splunk, the data is getting truncated and the full data is not being uploaded. B...

by Communicator in

how to get props.conf to separate unstructured data

i want to have 3 fileds in the below unstructured data. i need props.conf for the below data. 1st is always heading....

by Builder in

Help indexs /etc/resolv as sourcetype config_file?

All, I need to monitor the /etc/resolv as sourcetype config_file in my env. This is well below the 256 byte min f...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Monitor logs on Indexers and forward to another indexer cluster

Original Timestamp Value/Format

splunk-kubernetes-logging in Kubernetes cluster getting error_class=Net::OpenTimeout error="execution expired"

default.meta [views\setup]

splunk forwarder upgrade

Splunk HF send only auditd, syslog, linux_secure to 3rd party syslog

Why am I getting "ERROR UiPythonFallback - Appserver at http://127.0.0.1:8065 never started up!" on my Splunk 6.2.1 indexers?

How to split String sentence into one row?

WinEventlog Input for [WinEventLog://Microsoft-Windows-Shell-Core/AppDefaults]

Can I add additional monitor stanzas on an indexers inputs.conf?

logs being cutoff

Forwarder load balancing over SSL to indexer cluster ?

Json file is getting truncated while uploading

how to get props.conf to separate unstructured data

Help indexs /etc/resolv as sourcetype config_file?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

SC4S Initial setup error

Reports are not indexed correctly

Journald exclude specific services

Combine multiple index searches into one overall s...

Custom Attribute Retrieval in VMware App (Add-on f...