Getting Data In

Discussions

Thread Info

Search Filters (srchFilter) when a user is in multiple groups/roles

When a user is in multiple Splunk roles (possibly because they are assigned to multiple LDAP/AD groups that are mappe...

by Splunk Employee in

Splunk Forwarder preventing application from logging

Our Splunk Forwarder on Windows Server is monitoring 2 folders containing approximately 1k log files total. I am igno...

by New Member in

How to split a column of results into two?

I have the following table and i wish to split the data to two columns one weighted one not: all of these fields are ...

by Explorer in

error during csv index extraction

I have setup a process where a heavy forwarder is ingesting a large number of csv files and the process seems to be w...

by Communicator in

Where is the invalid key in my inputs.conf?

Receiving: Invalid key in stanza [monitor://D:\\radiantone\\vds\\vds_server\\logs] in , line 6: whitelist1 (value: vd...

by Path Finder in

Delete splunk.com Account

HI. I would like to delete my current account and open a new one. My current id "army4282" has a specific army troop ...

by New Member in

How to monitor a single file to be indexed by modifying inputs.conf?

I'm having trouble getting a single file to be indexed. I have successfully monitored all files in a directory before...

by Path Finder in

What is the best way to get DCOS Mesos/Marathon to forward their containers logging into Splunk?

What would be the best way to get DCOS Mesos/Marathon to forward their containers logging to Splunk? As our Devs t...

by Builder in

How to write data into different sourcetype?

Hello, I am doing an addon, in the addon i am going to get data from multi-endpoints, and write them to different ...

by New Member in

How to can I configure dynamic sourcetype assignment on a Universal Forwarder or a Heavy Forwarder?

I have a folder which has multiple log files in format CalculationMgr-xxx(xx).log and EventMgr-xxx(xx).log where xx i...

by Path Finder in

Splunk DB Connect: How do I troubleshoot why Java Bridge server not running from these error messages in the jbridge.log?

Running on Windows, DB Connect 1.1.6, Java 1.8.0_31. Here is the latest in the jbridge.log 2015-03-18 09:37:38,740...

by Path Finder in

Parsing libsvm events

I'm trying to parse a number of different libsvm files https://www.csie.ntu.edu.tw/~cjlin/libsvm/faq.html#/Q03:_Data_...

by Splunk Employee in

How to set an Approriate Sourcetype for Qradar CSV Report when add Data into Splunk?

I have a CSV Report look like this: <13>Jun 12 14:04:28 10.0.115.117 AgentDevice=WindowsLog AgentLogFile=Applicati...

by New Member in

Unable to search/index the uploaded text file in the newly built test machine?

Hi, I have recently setup an single instance test machine in our environment, with splunk version as 6.6.1 in Linux e...

by Motivator in

How to turn off fields sorting from Splunk JSON results?

When used Splunk Java SDK extract the data from a search, Splunk automatically sorts the results based on the alphabe...

by Communicator in

Sometimes get a TailReader ERROR on monitoring a file. Why?

I have a Windows 2008 R2 server with a Splunk UF v6.6.7 installed. We are monitoring many files on this server. Oc...

by Communicator in

Splunk licensing for each indexer

Hello. I want to know if it is possible to get from the splunk application or from the server the licensing of eac...

by New Member in

How are Windows instance numbers for two processes with the same name determined?

I have several svchost.exe processes running on a Windows host. In Splunk in the Perfmon:Process sourcetype I have ev...

by Explorer in

Need to omit events with specific strings (info or debug) in them.

I am trying to prevent debug and info events from getting logged into splunk. I created an inputs.conf and used black...

by Path Finder in

Why are Win Event Logs (Security logs) (Win10) generating gigs of data related to SeBackupPrivilege?

Has anyone seen an issue where Win Event Logs (Security logs) (Win10) are generating gigs of data related to SeBackup...

by New Member in

Setting correct timezone for mcafee logs in dbconnect

I have been having issues modifying the timezone for Mcafee logs. Currently, my logs are indexed as UTC, and I would ...

by Path Finder in

parallelIngestionPipelines on heavy forwarder

hi, we have activated parallelIngestionPipelines (set to 2) due to blocked queues on a heavy forwarder. After adding...

by Loves-to-Learn in

Has anyone used the SAP Crystal Reports API for Splunk?

Looking for users who have used API for SAP Crystal Reports with Splunk to run real time reports.

by New Member in

Monitor .Exe files

Hey Guys, is there a quick and easy way to monitor .exe within the Windows sys32 folder via a stanza ? I need t...

by Communicator in

Windows Splunk instance to use http proxy

Hi all We have a dev instance of Splunk we are using for testing. Splunk is installed on a Windows box and the servi...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Search Filters (srchFilter) when a user is in multiple groups/roles

Splunk Forwarder preventing application from logging

How to split a column of results into two?

error during csv index extraction

Where is the invalid key in my inputs.conf?

Delete splunk.com Account

How to monitor a single file to be indexed by modifying inputs.conf?

What is the best way to get DCOS Mesos/Marathon to forward their containers logging into Splunk?

How to write data into different sourcetype?

How to can I configure dynamic sourcetype assignment on a Universal Forwarder or a Heavy Forwarder?

Splunk DB Connect: How do I troubleshoot why Java Bridge server not running from these error messages in the jbridge.log?

Parsing libsvm events

How to set an Approriate Sourcetype for Qradar CSV Report when add Data into Splunk?

Unable to search/index the uploaded text file in the newly built test machine?

How to turn off fields sorting from Splunk JSON results?

Sometimes get a TailReader ERROR on monitoring a file. Why?

Splunk licensing for each indexer

How are Windows instance numbers for two processes with the same name determined?

Need to omit events with specific strings (info or debug) in them.

Why are Win Event Logs (Security logs) (Win10) generating gigs of data related to SeBackupPrivilege?

Setting correct timezone for mcafee logs in dbconnect

parallelIngestionPipelines on heavy forwarder

Has anyone used the SAP Crystal Reports API for Splunk?

Monitor .Exe files

Windows Splunk instance to use http proxy

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Splunk UF after Hibernate/Sleep

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...