Getting Data In

Discussions

Thread Info

strip sensitive data before indexing

Hi all, We run several tools in our environment for network inspection and the logging it provides logs things li...

by Path Finder in

Does inputcsv honor dispatch=true?

I'm am unable to get inputcsv to read from the dispatch (search job-specific directory). Does anyone know if this is ...

by Super Champion in

Can we delete Disk_objects.log file in Splunk Universal Forwarder ?

We have only 2 GB of minimum disk space allocated for Splunk universal forwarder and my envirnoment team has asked to...

by Contributor in

Removal of unnecessary fields BEFORE INDEX

Hi all! There is a way to prevent the indexing of unnecessary fields? i'm indexing a syslog file from a firewall so i...

by Path Finder in

How to monitor Fedora OS logs using journald (binary file) in Splunk?

HI, I want to monitor fedora Server's (Version 21) logs into Splunk Enterprise. I already tried to monitor logs fr...

by Engager in

Any file size limit of threat intelligence list?

Arrcoding to your guide "http://docs.splunk.com/Documentation/ES/4.7.2/Admin/Addthreatintelcustomlookup", I can uploa...

by New Member in

Eventgen not getting data properly

Hi, eventgen doesn't get the data correctly, using eventgen configuration data fields like host, source get in correc...

by Communicator in

time range to display count of weekly

i have 4 months data. where i want to display the order count in weekly range.for example date count 2018/03/01 - ...

by Builder in

How to edit my configurations so that my Kubernetes host log will be reformatted entering Splunk?

Hi , In my kubernetes host generating logfile for the docker container, the logs are coming to Splunk in the followin...

by Path Finder in

How to create dump command and put datetime?

Hi Ask about basefilename in dump command. I would like to create a file by date with search results and I would l...

by Communicator in

Why am I encountering an Error on forwarding nginx container logs to Splunk forwarder?

https://www.splunk.com/blog/2015/08/24/collecting-docker-logs-and-stats-with-splunk.html With reference to this do...

by Engager in

indexing congestion consistenly happening

Hi, I have only started using splunk on a test server, and I am consistently getting "skipped indexing of internal...

by Explorer in

How do you change apps in in the API (Java)?

So I am following the Java Splunk API tutorials and Can list apps and saved searches but for the life of me I cannot ...

by New Member in

Why are Windows event logs with MSSQLSERVER$AUDIT as source getting truncated and the message is empty?

Hi, We have an auditing setup which logs in Windows event logs (Forwarded Events) as "MSSQLSERVER$AUDIT" source. ...

by Explorer in

How to monitor Active Directory changes and security events with Universal forwarder?

We want to monitor Active Directory changes and security Events We are planning to deploy the Universal forwarder to ...

by Path Finder in

How to configure rsyslog so that it stores them in certain directories?

I would like to configure rsyslog so that it keeps logs generated by the localhost in the /var/log/messages but then ...

by Communicator in

How can we view the data retention policy we have set?

Hi All, We have set the data retention has 1 year (365 days) for in cluster master. But when we search the data in...

by Path Finder in

Why is the Splunk Universal Forwarder sending data to wrong index and, isn't sending all records of a Catalina.out?

Hello everyone, I have a lab in a Ubuntu VM. In this lab, I have the UF and the Splunk E. The forwarder monitors a...

by New Member in

timestamp match is outside of the acceptable time window

Hello, I have a log with a timestamp that does not contain the year. Moreover the events are not in a chronological o...

by Communicator in

Can Sysmon logs completely take the place of certain "Event Logs"?

So we are wondering if by implementing the collection of Sysmon logs, we can stop collecting other logs all together....

by New Member in

Are there inconsistencies in behavior with the need for INDEXED_EXTRACTIONS?

The admin class (lab) says that for json we need the following in the props.conf of the forwarder. INDEXED_EXTRACT...

by Ultra Champion in

Why can't the Splunk server index or show events forwarded by windows host with universal forwarder?

alt text I have installed universal forwarder on my windows host and the forwarder does forward the events to the Spl...

by New Member in

Why am I not getting syslogs on port 512?

I am new to Splunk and I have it installed on my PC at work. I have Aruba Clear Pass syslog target set to forward to ...

by New Member in

How to restrict transaction to group events from the same source and the same host?

Search a same log file on many different hosts . Use transaction : startwith and endwith to capture one process withi...

by Path Finder in

Why does Splunk always get en-GB instead of en-US on the url?

Is there a way to change the URL form en-GB to en-US so the dateTime picker shows MM/DD/YY? http://1xx.1xx.1xx.1xx...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

strip sensitive data before indexing

Does inputcsv honor dispatch=true?

Can we delete Disk_objects.log file in Splunk Universal Forwarder ?

Removal of unnecessary fields BEFORE INDEX

How to monitor Fedora OS logs using journald (binary file) in Splunk?

Any file size limit of threat intelligence list?

Eventgen not getting data properly

time range to display count of weekly

How to edit my configurations so that my Kubernetes host log will be reformatted entering Splunk?

How to create dump command and put datetime?

Why am I encountering an Error on forwarding nginx container logs to Splunk forwarder?

indexing congestion consistenly happening

How do you change apps in in the API (Java)?

Why are Windows event logs with MSSQLSERVER$AUDIT as source getting truncated and the message is empty?

How to monitor Active Directory changes and security events with Universal forwarder?

How to configure rsyslog so that it stores them in certain directories?

How can we view the data retention policy we have set?

Why is the Splunk Universal Forwarder sending data to wrong index and, isn't sending all records of a Catalina.out?

timestamp match is outside of the acceptable time window

Can Sysmon logs completely take the place of certain "Event Logs"?

Are there inconsistencies in behavior with the need for INDEXED_EXTRACTIONS?

Why can't the Splunk server index or show events forwarded by windows host with universal forwarder?

Why am I not getting syslogs on port 512?

How to restrict transaction to group events from the same source and the same host?

Why does Splunk always get en-GB instead of en-US on the url?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures