Getting Data In

Discussions

Thread Info

will duplicate entries of monitor statements in inputs.conf coz Logs to be indexed twice?

In our inputs there are wildcard entries for directories and I recently noticed there were duplicate entries for the ...

by Contributor in

How to monitor inactive sourcetypes(or inactive indexes) in Splunk?

I need to create alert for inactive sourcetypes or index. All the logs are coming from a single host( a syslog server...

by New Member in

Should each device sending data have a different UDP input port?

Hello! I'm new and this is my first post here in the community. I did the Splunk installation with the purpose of ...

by New Member in

Splunk search query/queries for populating splunk supported timezones in dropdown type input.

I have several input types in my dashboard for which I have allotted different tokens. Now I have a requirement where...

by Explorer in

Renaming auto extracted fields

After parsing my json fields the auto extracted fields have format like this a{}.b and a{}.b{}.c and so on. When i tr...

by Explorer in

While upgrading a setup of 2 non-pooled SH and 4 Indexer clusters to Splunk 6.6, when should I upgrade SH and Apps ?

I have to upgrade 2 SH and 4 indexer clusters from Splunk 6.3 to Splunk 6.6. SearchHeads are not pooled. I'll be upgr...

by Path Finder in

Problem indexes.conf splunkd not restarting !

Hello , I have a distributed architecture of Splunk SH with Splunk ES and an indexer . I get suddenly this error m...

by Path Finder in

Multiple Whitelists

Hi I have the following two inputs in inputs.conf. They both work separably but not together. **Working** [moni...

by Motivator in

How to configure the universal forwarder to collect System Properties on a Windows Server?

How can I configure the universal forwarder to collect the hosts system properties?

by New Member in

Complex Conditional search based on time

I am a newbie in splunk and practising to learn it slowly. I have a setup where I am forwarding logs of Windows Ma...

by Communicator in

How to resolve error "ERROR IndexConfig - stanza=perfmon Required parameter=tstatsHomePath not configured" when starting the indexer?

When using Windows 2016 Universal Forwarder 6.6.1, I'm running into issues with starting indexer. splunkd log indicat...

by New Member in

How to drop log file headers before indexing?

I've had a read of dropping useless headers in Splunk 6 and tried using the FIELD_HEADER_REGEX, in fact I also tried ...

by SplunkTrust in

Using Splunk as a enterprise data platform

Splunk has to fit into a structured and unstructured world without duplicating effort. Splunk currently serves as a s...

by Path Finder in

Pulling data from Fluentd Plugin to Splunk, how do we transform the data to split into numerous sourcetypes?

We are pulling data like Red Hat logs, Apigee, Ansible etc. from AWS through fluentd plugin which is forwarding data ...

by New Member in

Can single forwarder forward data to two different indexer's ??

Hi I am using a UF say in Machine A , its has logs at two different paths say Log Path1 and Log Path2 . Now i want...

by Motivator in

Is it possible to set a conditional timestamp from indexed events?

I have an XML file with "items" that are being indexed. The issue is that these "items" can possibly have two differe...

by New Member in

Datanow props/transforms not working properly

I have some Datanow syslog data coming into my environment and i have setup a transforms.conf file to extract some sp...

by Explorer in

Powershell script to extract events from a log file - many dupe events indexed in Splunk

Question - is there a CRC equivalent for data indexed from a Powershell function? On a server, I have a log file g...

by Path Finder in

Whats the best practice to break the windows events?

Hi All, We have 2 Domains, all the windows events are going to wineventlog and windows and perfmon indexes. If I b...

by Builder in

Splunk forwarders on clustered nodes monitoring the same files

Is there a high-availability or multi-node configuration for Splunk forwarders? I have a small RHEL cluster writin...

by Motivator in

Getting Data In

Discussions

will duplicate entries of monitor statements in inputs.conf coz Logs to be indexed twice?

How to monitor inactive sourcetypes(or inactive indexes) in Splunk?

Should each device sending data have a different UDP input port?

Splunk search query/queries for populating splunk supported timezones in dropdown type input.

Renaming auto extracted fields

While upgrading a setup of 2 non-pooled SH and 4 Indexer clusters to Splunk 6.6, when should I upgrade SH and Apps ?

Problem indexes.conf splunkd not restarting !

Multiple Whitelists

How to configure the universal forwarder to collect System Properties on a Windows Server?

Complex Conditional search based on time

How to resolve error "ERROR IndexConfig - stanza=perfmon Required parameter=tstatsHomePath not configured" when starting the indexer?

How to drop log file headers before indexing?

Using Splunk as a enterprise data platform

Pulling data from Fluentd Plugin to Splunk, how do we transform the data to split into numerous sourcetypes?

Can single forwarder forward data to two different indexer's ??

Is it possible to set a conditional timestamp from indexed events?

Datanow props/transforms not working properly

Powershell script to extract events from a log file - many dupe events indexed in Splunk

Whats the best practice to break the windows events?

Splunk forwarders on clustered nodes monitoring the same files

WMI does not collect data from servers that do not...

How to troubleshoot Complex Heavy Forwarder Flows

Splunk Add on for McAfee DAM (Database Activity Mo...

Splunk Input from S3

How do I set the CRON job for scripted inputs so t...