Getting Data In

Discussions

Thread Info

Not showing csv data

hi, I uploaded csv file having a date field. This field has current week dates as well as future week dates. CSV got ...

by Communicator in

Filtering mutiple table rows created from a single log entry

I have multiple JDBC connection pools and their realtime stats are written to a log on a regular basis. I would like ...

by New Member in

REST API searches without search id

Hello guys, is it possible to request directly results without preliminary search id or we always need to run, get...

by Builder in

How do I enable the HTTP Event Collector?

The following HTTP Event Collector walkthrough says - -- To enable it, in Splunk Enterprise and self-service or...

by Ultra Champion in

Why am I getting an error that my license has expired or have exceeded license violations?

Hi  Dears, I am using Splunk 6.4 as a heavy forwarder which send its logs to an indexer (6.3) . Heavy forwarder ...

by Explorer in

Setup deployment server and a heavy forwarder.

we have a clustered environment 6 indexers , 3 search heads , 1 Cluster Master, License Server, Deployment Server on ...

by New Member in

How to configure maxVolumeDataSizeMB when homePath and coldPath are both set to the same volume?

$SPLUNK_DB for one of our Splunk Search Servers filled up recently. The root cause was apparently due to significant ...

by Path Finder in

How does the volume size maxVolumeDataSizeMB apply if you have a mix of volumes and indexes paths ?

I want to use Volumes in indexes.conf to limit the space used by my indexes. On each index, I see 4 paths : homePa...

by Splunk Employee in

Why am I getting incorrect results from btool during diagnostics for a Splunk 6.3.1 Windows universal forwarder?

When running the btool on the inputs.conf files on a Windows universal forwarder (v6.3.1), the results appear to be i...

by Communicator in

Why are changes made in props.conf not taking effect?

My sample data AAA, 0.5% BBB,0.10% CCC,0.20% my search looks like this base search | rex ".*?(?[^,]+),\s*?(?...

by Explorer in

Data cloning and load balancing

Hello guys, we have this config for outputs.conf : *[tcpout] defaultGroup = ssl_splk_sitesAB_9997 useACK = true...

by Builder in

indexer does not log security logs

Hi, after we upgrade the universal forwarder on version 6.2 the security logs are not indexed anymore in the index...

by Communicator in

Why are we receiving all Windows event log data except security logs from our domain controller?

Hi, Having issues in not seeing our security logs from our DC. Here is our code: [WinEventLog://Security] disab...

by New Member in

How to update an existing index for a file, id the file is updated with new fields/attributes

Hi, I Have a CSV file with some values that i am forwarding to my indexer and for this file, events and indexes ar...

by New Member in

how to listen to port UDP 514 when splunk is not root

On linux systems, only a process running as root can listen to ports < 1024. I want splunk to listen to syslog on UDP...

by Splunk Employee in

Using multiple OR operators

Hi guys Im doing a correlation search where Im looking for hostnames and filtering for events I dont want. eg. ...

by Explorer in

What are the minimum server requirements to install the Universal Forwarder (32-bit)?

Hi, we are having trouble installing Universal Forwarder (32-bit) to a server that has system specifications of: OS: ...

by Observer in

Filtering fields in log before forward to indexing

Hi, If i need to filtering some data in the log before forward to indexing, how to go abt doing it? thks

by Communicator in

Hardware Architecture & Scaling

So, I'm slightly confused. I'm looking at the Splunk documentation and they reference only sending 50 GB/day to an in...

by Contributor in

Forwarders configuration

Hi to all, I configured a forwarder as following In Splunk Server: - in /opt/splunk/etc/deployment-apps I copyed t...

by Explorer in

Getting Data In

Discussions

Not showing csv data

Filtering mutiple table rows created from a single log entry

REST API searches without search id

How do I enable the HTTP Event Collector?

Why am I getting an error that my license has expired or have exceeded license violations?

Setup deployment server and a heavy forwarder.

How to configure maxVolumeDataSizeMB when homePath and coldPath are both set to the same volume?

How does the volume size maxVolumeDataSizeMB apply if you have a mix of volumes and indexes paths ?

Why am I getting incorrect results from btool during diagnostics for a Splunk 6.3.1 Windows universal forwarder?

Why are changes made in props.conf not taking effect?

Data cloning and load balancing

indexer does not log security logs

Why are we receiving all Windows event log data except security logs from our domain controller?

How to update an existing index for a file, id the file is updated with new fields/attributes

how to listen to port UDP 514 when splunk is not root

Using multiple OR operators

What are the minimum server requirements to install the Universal Forwarder (32-bit)?

Filtering fields in log before forward to indexing

Hardware Architecture & Scaling

Forwarders configuration

WMI does not collect data from servers that do not...

How to troubleshoot Complex Heavy Forwarder Flows

Splunk Add on for McAfee DAM (Database Activity Mo...

Splunk Input from S3

How do I set the CRON job for scripted inputs so t...