Getting Data In

Discussions

Thread Info

Timing multiple event actions in IIS logs

Hi, This is a bit of a long one so sorry in advance. I am attempting to time some events which are happening ...

by Path Finder in

How to set different host values on one udp port

Hi I want to set different host value on udp 514 . Events host values equals their IPs, so I want to change it to hos...

by Engager in

Why is the frozen data not deleted automatically?

I have these settings for my index maxTotalDataSizeMB = 100000 coldPath = C:/colddb homePath = C:/db coldToFrozenD...

by New Member in

Adapt search filter to a query

Hello, i need to insert IP addresses here coded as follow: <input type="text" token="host" searchWhenC...

by New Member in

How to calculate the average durations and assemble this into a table/report of duration data that would cover all UserId/SessionId combos?

Hello, I've looked at a lot of the duration posts (covering transaction, streamstats, etc.) -- generally these dea...

by New Member in

SA modular input powershell is directing data to default main indexer?

Hi All, i tried using SA_modular_input_powershell app and i gave windows index in inputs.conf as index = windows. wh...

by New Member in

How to find IP address of a host reporting in Splunk?

Hello fellow splunkers, Fairly remedial question but I have a heavy forwarder that has stopped reporting to splunk...

by Explorer in

Restoring specific source from frozen

Hello guys, we need to restore frozen data, however is it possible to choose which source to restore (not all sour...

by Motivator in

Unexpected precedence of monitor stanzas in inputs.conf

I have two monitor stanzas to watch nginx access logs: a specific stanza to route a team's error logs to their specif...

by Explorer in

Splunk UI: Some JSON Logs Not Being Parsed Correctly

I recently introduced some new fields to my boilerplate logging strategy. After this introduction, Splunk's UI is not...

by Explorer in

Input CSV and run search against subset of users

I have a list of accounts that I wish to monitor in a csv file, say accounts.csv. The file looks like: userid,user...

by New Member in

Can't login when setting up a universal forwarder

My freshly installed splunk server has by default listening enabled on port 9997. When I try to configure a univer...

by Engager in

Can Splunk ingest the "Details tab - xml view" of a Windows Event Log?

Hello All, We have a customer that we are ingesting a number of windows event logs for ... we are using the pre-de...

by Path Finder in

configuration problem splunk - azure, how is the configuration in splunk to connect with azure?

I have a problem, I have installed splunk addon azure in the splunk application, I have made the splunk configuration...

by Explorer in

Why did my heavy forwarder stopped forwarding data abruptly?

The HF in our environment stops forwarding data abruptly, while the Splunk process is still running. Initial investig...

by Path Finder in

Route data on Heavy Forwarder is not working

Hi guys I tried hard here and read some docs: (https://docs.splunk.com/Documentation/Splunk/7.1.0/Admin/Inputsconf) (...

by Explorer in

Are there any changes to the HTTP Event Collector (HEC) updates since 6.3?

Has there been any changes to the HEC since its initial release in 2015 as part of Splunk 6.3? If so, are there any r...

by Contributor in

TailReader Error then file uploaded a few hours later

I was trying to load data via my auto index and I was getting a tail reader error because I think Splunk was reading ...

by Path Finder in

Can a scripted input be deployed on universal forwarders via deployment server?

Hi, I need inputs from a timely scheduled script from a remote server. Can I configure this script on deploymen...

by Path Finder in

increasing maxKBPS for only one splunk forwarder host

Hi Splunkers , I am getting this splunkd log entry in only one splunk forwarder . 05-09-2018 08:11:39.579 +0000...

by Communicator in

How to change default "acceptFrom" for all Splunk REST API endpoints?

In the restmap.conf file, you can specify acceptFrom to limit access to Splunk REST API endpoints to specific IPs. By...

by Path Finder in

Login Woes

I downloaded and installed Windows version of Splunk. But its not accepting my login ID and Password. What should I d...

by New Member in

How to configure Universal Forwarder on my personal machine where Splunk Enterprise is installed for learning purpose?

I installed Splunk Universal Fwd and Splunk Enterprise on my C drive. I created a sample file and modified the inputs...

by New Member in

Why does Splunk (re-)index this rolled file? How to troubleshoot?

Inputs stanza from btool: [monitor:///apps/Logs/*/www/Reporting/CRTLog.log*] _rcvbuf = 1572864 disabled = 0 host =...

by Influencer in

Does the Greylog deployment forward events to the indexer or the forwarder?

I just found out that we need to allow our Greylog deployment to forward events to SPLUNK. It looks like Greylog has ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Timing multiple event actions in IIS logs

How to set different host values on one udp port

Why is the frozen data not deleted automatically?

Adapt search filter to a query

How to calculate the average durations and assemble this into a table/report of duration data that would cover all UserId/SessionId combos?

SA modular input powershell is directing data to default main indexer?

How to find IP address of a host reporting in Splunk?

Restoring specific source from frozen

Unexpected precedence of monitor stanzas in inputs.conf

Splunk UI: Some JSON Logs Not Being Parsed Correctly

Input CSV and run search against subset of users

Can't login when setting up a universal forwarder

Can Splunk ingest the "Details tab - xml view" of a Windows Event Log?

configuration problem splunk - azure, how is the configuration in splunk to connect with azure?

Why did my heavy forwarder stopped forwarding data abruptly?

Route data on Heavy Forwarder is not working

Are there any changes to the HTTP Event Collector (HEC) updates since 6.3?

TailReader Error then file uploaded a few hours later

Can a scripted input be deployed on universal forwarders via deployment server?

increasing maxKBPS for only one splunk forwarder host

How to change default "acceptFrom" for all Splunk REST API endpoints?

Login Woes

How to configure Universal Forwarder on my personal machine where Splunk Enterprise is installed for learning purpose?

Why does Splunk (re-)index this rolled file? How to troubleshoot?

Does the Greylog deployment forward events to the indexer or the forwarder?

Index This | What are the 12 Days of Splunk-mas?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Mimecast App to get Archive logs

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout