Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Monitoring a file that is continiouisly written to

Hi fellow splunkers, I got the task to monitor a file on a system that gets created on serverstart and then gets w...

by SplunkTrust in

How can I configure Splunk to read in a log that is identical to another log int he same directory?

All, We have a report that runs every hour. Basically 10 line CSV. Might grow to 20 lines on an off week. myrepo...

by Builder in

How can I read a tgz file into Splunk?

According to a book (Splunk Essentials By: Betsy Page Sigman) I recently read on Splunk, Splunk can read in data from...

by New Member in

How to import Multiple CSVs as exclude and include lists?

Hello, I'm trying to do a search for requests made to a list of malicious domains defined in a csv file, but exclu...

by Engager in

Sourcetype Not Showing Up

So I noticed today for whatever reason that my graphs were not giving up to date information. I looked into the issue...

by Explorer in

I created a field that has 3 values. How can I change one of the values from WARNING to WARN using lookups?

I created a field and it has 3 values. I just want change one of the values from WARNING to WARN using lookups(.CSV)....

by New Member in

fschange and legacy system logs app

Have an app that monitors system logs. Specifically files in the /etc/ path using fschange. I know that fschange is "...

by Builder in

ipv6 forwarders?

At one of the Splunklives last week, someone mentioned that they had a full-on ipv6 network and were unable to use sp...

by Splunk Employee in

Why does Splunk CSV export change the time format to Epoch time? How to fix it?

I am a newbie on Splunk. When I do a search on Splunk, time is shown as normal MM:DD:YYYY HH:MM:SS format However...

by New Member in

Using a csv lookup to exclude results from a query, but not working if more than one column of fields

I have a lookup table that I want to use to exclude results from a search. I want to exclude results if something in ...

by Explorer in

Is it possible for me to enable TCP data inputs on Splunk Cloud?

Hi, Could I enable TCP Data Inputs on Splunk Cloud? I'm trying to check which data inputs are available for Sp...

by Engager in

Are there any apps for Heroku on Splunk Cloud for event monitoring?

Hi Team, Do we have any apps for Heroku on Splunk Cloud for event monitoring, similar to the Splunk App for Salesf...

by Explorer in

How do I configure props.conf for Splunk to index a binary .dat file?

Hi, Today I encountered a strange thing in Splunk. I have Splunk 6.4.1 running on a Linux server. I tried t...

by Explorer in

We have a shortage of disk space in one indexer. Can we delete data present in the colddb directory?

We are currently running out of space in one Splunk indexer out of 5 indexers in our distributed environment. Using S...

by Motivator in

Why can't I install Splunk on windows 7 64 bit and getting error "Splunk Enterprise Setup Wizard ended prematurely..."?

Hello I'm newbie with Splunk. I would like to discover the product after a friend had talk to me about it. So I got t...

by New Member in

props.conf stanza and zip files containing logs

Hi everyone, yesterday I spent most of the day battling through transforms.conf and props.conf - with lucrative resul...

by Communicator in

Heavy forwarder with 2nics not communicating on 8089

I have a heavy forwarder running 6.4.1 on CentOS 7 with 2 nics on seperate subnets (data and mgt) that won't communic...

by Path Finder in

Compare the time for the execution

Hello Champions, I come across a very complex logic to tag jobs on its start time. We have one calculated valu...

by Explorer in

Has Anyone put a Forwarder on a Tablet?

Has anyone captured Windows Event Logs from tablets and forwarded it to their indexer? We're currently trying to ...

by SplunkTrust in

Does Splunk index gzip files?

I'd like to index a directory of 50,000 gzip files. The files range in size from 1 KB to 5 MB. Can Splunk monitor the...

by Splunk Employee in

Getting Data In

Discussions

Monitoring a file that is continiouisly written to

How can I configure Splunk to read in a log that is identical to another log int he same directory?

How can I read a tgz file into Splunk?

How to import Multiple CSVs as exclude and include lists?

Sourcetype Not Showing Up

I created a field that has 3 values. How can I change one of the values from WARNING to WARN using lookups?

fschange and legacy system logs app

ipv6 forwarders?

Why does Splunk CSV export change the time format to Epoch time? How to fix it?

Using a csv lookup to exclude results from a query, but not working if more than one column of fields

Is it possible for me to enable TCP data inputs on Splunk Cloud?

Are there any apps for Heroku on Splunk Cloud for event monitoring?

How do I configure props.conf for Splunk to index a binary .dat file?

We have a shortage of disk space in one indexer. Can we delete data present in the colddb directory?

Why can't I install Splunk on windows 7 64 bit and getting error "Splunk Enterprise Setup Wizard ended prematurely..."?

props.conf stanza and zip files containing logs

Heavy forwarder with 2nics not communicating on 8089

Compare the time for the execution

Has Anyone put a Forwarder on a Tablet?

Does Splunk index gzip files?

Getting Data from OpenVMS into Splunk Cloud

when to use http event collector api to create ven...

Splunk cloud and Microsoft Infrastructure

How to match join on certain conditions within the...

Prevent duplicates from generic S3 input