Getting Data In

Discussions

Thread Info

Splunk Universal Forwarder is ignoring logs

OS: Windows Server 2008 R2 Enterprise Splunk Universal Forwarder version: 6.2.6 (build 274160) Hi, Good Day. Wo...

by Communicator in

forwarder creating multiline event from big file transferred via rsycn on slow channel

We have big file with events in each line of file. Every minute file transfers via rsync to forwarder with new events...

by Path Finder in

Setting Time on a "Time (Search) Panel" to a specifi range each time.

Basically I need time/date code to add within my Panel so that each tiem it opens, the Panel searches from 8AM the fo...

by Explorer in

Escape JSON data at index time

I'm trying to escape JSON data at index time because I can't do it from within the application that is generating the...

by Explorer in

Why am I unable to blacklist all content in a certain directory with my current inputs.conf?

I am trying to blacklist the following in the inputs.conf Currently I have this: [monitor:///var/log] disabled...

by Explorer in

WinEventLogs Cannot get Event Details

I am monitoring WinEventLogs for Direct Access Troubleshooting using stanzas like: [WinEventLog://Microsoft-Window...

by Builder in

heavy forwarder operation question

Hi, I'm trying to determine the best way to parse out data before it gets to my splunk indexer. It looks like a heavy...

by Path Finder in

Copy Field and remove duplicate

Hello All, I have a column list of records as below recordA recordB recordA RecordB RecordC RecordD and I w...

by Explorer in

Why is one search head no longer communicating with indexers? Getting error "failed_because_BUNDLE_DATA_TRANSMIT_FAILURE"

We have around 10 Search Heads and 13 Indexers. Since this morning, we are seeing the below errors and our SH is not ...

by Contributor in

Getting info from the details tab within Server 2008 event logs.

Does anyone know how to get the full output (including the details tab) or XML version of event logs out of Server 20...

by Contributor in

Transforms not replacing original value

Hello, I have a CSV in which I am attempting to shorten a 128 character string down to the last 8 characters. I us...

by Splunk Employee in

Communication error between old ver Splunk and Forwarder ver6.x about ssl.

Splunk ver 6.2.0 has been introduced in my separate environment, and recently I installed forwarder ver 6.6.1 on a ne...

by Builder in

Rename an index

Is it possible to rename an index in the same way sourcetype and source can be renamed with props and transforms.

by Path Finder in

When the maxVolumeDataSizeMB for the primary volume is exceeded, will events automatically roll over to the secondary volume?

Hi, When the maxVolumeDataSizeMB for the primary volume is exceeded, will the events automatically roll over to th...

by Champion in

Getting Data In

Discussions

Splunk Universal Forwarder is ignoring logs

forwarder creating multiline event from big file transferred via rsycn on slow channel

Setting Time on a "Time (Search) Panel" to a specifi range each time.

Escape JSON data at index time

Why am I unable to blacklist all content in a certain directory with my current inputs.conf?

WinEventLogs Cannot get Event Details

heavy forwarder operation question

Copy Field and remove duplicate

Why is one search head no longer communicating with indexers? Getting error "failed_because_BUNDLE_DATA_TRANSMIT_FAILURE"

Getting info from the details tab within Server 2008 event logs.

Transforms not replacing original value

Communication error between old ver Splunk and Forwarder ver6.x about ssl.

Rename an index

When the maxVolumeDataSizeMB for the primary volume is exceeded, will events automatically roll over to the secondary volume?

Securing communcation between Universal Forwarder and Heavy Forwarder

Why am I seeing duplicate events?

Does Splunk forwarder 6.0.3 support TLSv1.2

Successfully recurse sub-directories in Windows?

Why are indexing queues maxing out after upgrading to Splunk 6.5.0?

how to route data from syslog servers to specific index??

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!

Full Details! >

Sourcetype not being applied

/opt/ee_splunk/splunk/etc/apps/splunk_essentials_8...

Splunk Casb Oracle Cloud

Confusion with sedcmd on an overided sourcetype

[powershell://...] input working example and some ...

Getting Data In

Discussions

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey.Earn $50 in Amazon cash! Full Details! >

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!

Full Details! >