Getting Data In

Thread Info

Configuring Time Zone of Source

Hello, I am indexing data from an MS SQL database using the DB Connect App. The time format is in Unix epoch and is b...

by New Member in

Why is Splunk not showing empty lines when ingesting files?

This is such a basic question I'm almost embarrassed to ask. When I try to ingest a file into splunk that has som...

by Communicator in

Trying to Split one Event into Multiple Events

Hi All, I am trying to split a Splunk event into multiple events. I just want each line to be an event, and it was...

by Explorer in

After installing a new UF, why is it not forwarding logs to the Indexers?

05-10-2018 15:13:13.954 +0000 ERROR TcpOutputProc - Error initializing SSL context - invalid sslCertPath for server 4...

by New Member in

Should I create one syslog server and configure all the syslog sources to send logs to that central syslog server?

We have different syslog sources. Should I create one syslog server and configure all the syslog sources to send logs...

by Communicator in

Why is there large data latency coming from syslog?

Hello, we have a proxy network appliance running Websense, sending its logs via syslog to Splunk, We have a data ...

by Path Finder in

FS Change keeps adding and deleting files from monitoring

I am monitoring /etc/hosts.allow and /etc/hosts.deny for change, with a poll period of 300 seconds. [fschange:/etc...

by Splunk Employee in

Why is Splunk not indexing the file but configuring inputs.conf?

So I am trying to monitor a file on the local indexer. I am setting it up through the Web UI to be sure it works. I g...

by Path Finder in

How can I check that Splunk indexed the entire contents of a given file?

I would like to check that a given file has been fully indexed by Splunk. I tried counting the lines in the source...

by Splunk Employee in

How to forward events to a cluster environment?

Initially, I have a cluster environment( 3 indexes + 1 master node) I want to configure my setup like below: wi...

by Communicator in

SCCM Windows KB# and Dates

Hi everybody, We just started to ingest SCCM v1606 Logs into our Splunk, the main goal is to see the following: ...

by Explorer in

REST API with namespace?

I have a Search Macro in my Splunk application. I would like to invoke this Search Macro via REST API. To do that, I ...

by Splunk Employee in

Line Breaker help

Hi Guys, I'm trying to ingest an entire html file as a single event everytime it gets written. The html file ALWAYS ...

by Contributor in

Universal forwarder (Windows) does not send logs even though "active"

Hi Folks, I am testing log forwarding using universal forwarder from Windows to Splunk but can't seem to receive a...

by Explorer in

File monitor not indexing all data in a file

I've installed UF on a Windows 2012 R2 server and created a directory monitor via the inputs.conf file at C:\Program ...

by Explorer in

How to spot differences in two names in a list in CSV files?

I'm having a hard time coming up with the right query or search. My dilemma is I have 2 separate lists containing nam...

by New Member in

User can see data in one index but not another with the same config

I've recently added some configuration that creates indexes for data. Each index has a corresponding role that adds b...

by Path Finder in

Can you index certain filetypes contained within a zipped file?

I've seen older answers that state you cannot ingest only certain files from a zip file. Say, only .csv files from a ...

by Builder in

Host in Props.conf Not Working

I need to lengthen the lines in my events so I went into Splunk\etc\system\local\props.conf and added [SRV-DCP01U...

by SplunkTrust in

What is the best method to index only set event ids from the security event log?

Hey Guys, So I'm setting up a lab for some testing, what I would like to do is index only set Windows Security Eve...

by Communicator in

How to import this kind of CSV data?

I've a CSV file like the one reported below, and on my UF I've added the following props but on the search heads the ...

by New Member in

How to improve performance on data-models with additional indexers or search heads

Hi I have been looking at this doc on Capacity Planning Manual http://docs.splunk.com/Documentation/Splunk/7.1.0/C...

by Influencer in

Setting up Splunk monitoring of rsyslog with UDP

I am running Splunk on an RHEL7 VM. I wish to be able to receive data from a Lexmark printer, which I have configured...

by Explorer in

Multiple SplunkTCPTokens on inputs.conf

We are looking to utilize the splunktcptoken as additional security measure to validate that we trust the sender of d...

by New Member in

Syslog Data not indexing

Hello. We are currently running Splunk 7.0.2 on Windows Server 2012 r2 and are attempting to send syslog data from ou...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Configuring Time Zone of Source

Why is Splunk not showing empty lines when ingesting files?

Trying to Split one Event into Multiple Events

After installing a new UF, why is it not forwarding logs to the Indexers?

Should I create one syslog server and configure all the syslog sources to send logs to that central syslog server?

Why is there large data latency coming from syslog?

FS Change keeps adding and deleting files from monitoring

Why is Splunk not indexing the file but configuring inputs.conf?

How can I check that Splunk indexed the entire contents of a given file?

How to forward events to a cluster environment?

SCCM Windows KB# and Dates

REST API with namespace?

Line Breaker help

Universal forwarder (Windows) does not send logs even though "active"

File monitor not indexing all data in a file

How to spot differences in two names in a list in CSV files?

User can see data in one index but not another with the same config

Can you index certain filetypes contained within a zipped file?

Host in Props.conf Not Working

What is the best method to index only set event ids from the security event log?

How to import this kind of CSV data?

How to improve performance on data-models with additional indexers or search heads

Setting up Splunk monitoring of rsyslog with UDP

Multiple SplunkTCPTokens on inputs.conf

Syslog Data not indexing

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Palo alto Strata logging service logs

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?