Getting Data In

Discussions

Thread Info

Why is Splunk not indexing the file but configuring inputs.conf?

So I am trying to monitor a file on the local indexer. I am setting it up through the Web UI to be sure it works. I g...

by Path Finder in

How can I check that Splunk indexed the entire contents of a given file?

I would like to check that a given file has been fully indexed by Splunk. I tried counting the lines in the source...

by Splunk Employee in

How to forward events to a cluster environment?

Initially, I have a cluster environment( 3 indexes + 1 master node) I want to configure my setup like below: wi...

by Communicator in

SCCM Windows KB# and Dates

Hi everybody, We just started to ingest SCCM v1606 Logs into our Splunk, the main goal is to see the following: ...

by Explorer in

REST API with namespace?

I have a Search Macro in my Splunk application. I would like to invoke this Search Macro via REST API. To do that, I ...

by Splunk Employee in

Line Breaker help

Hi Guys, I'm trying to ingest an entire html file as a single event everytime it gets written. The html file ALWAYS ...

by Contributor in

Universal forwarder (Windows) does not send logs even though "active"

Hi Folks, I am testing log forwarding using universal forwarder from Windows to Splunk but can't seem to receive a...

by Explorer in

File monitor not indexing all data in a file

I've installed UF on a Windows 2012 R2 server and created a directory monitor via the inputs.conf file at C:\Program ...

by Explorer in

How to spot differences in two names in a list in CSV files?

I'm having a hard time coming up with the right query or search. My dilemma is I have 2 separate lists containing nam...

by New Member in

User can see data in one index but not another with the same config

I've recently added some configuration that creates indexes for data. Each index has a corresponding role that adds b...

by Path Finder in

Can you index certain filetypes contained within a zipped file?

I've seen older answers that state you cannot ingest only certain files from a zip file. Say, only .csv files from a ...

by Builder in

Host in Props.conf Not Working

I need to lengthen the lines in my events so I went into Splunk\etc\system\local\props.conf and added [SRV-DCP01U...

by SplunkTrust in

What is the best method to index only set event ids from the security event log?

Hey Guys, So I'm setting up a lab for some testing, what I would like to do is index only set Windows Security Eve...

by Communicator in

How to import this kind of CSV data?

I've a CSV file like the one reported below, and on my UF I've added the following props but on the search heads the ...

by New Member in

How to improve performance on data-models with additional indexers or search heads

Hi I have been looking at this doc on Capacity Planning Manual http://docs.splunk.com/Documentation/Splunk/7.1.0/C...

by Influencer in

Setting up Splunk monitoring of rsyslog with UDP

I am running Splunk on an RHEL7 VM. I wish to be able to receive data from a Lexmark printer, which I have configured...

by Explorer in

Multiple SplunkTCPTokens on inputs.conf

We are looking to utilize the splunktcptoken as additional security measure to validate that we trust the sender of d...

by New Member in

Syslog Data not indexing

Hello. We are currently running Splunk 7.0.2 on Windows Server 2012 r2 and are attempting to send syslog data from ou...

by New Member in

How can I tell whether Splunk forwarder has read through monitored files

We have rsyslog writing files to numerous directories on Splunk heavy forwarders. In order to keep the logfiles from ...

by Splunk Employee in

"HTTP Event Collector" not available or missing from Data Inputs panel, "Settings > Data inputs"

This screenshot speaks the issue. Due to no Http Event collector I'm not able to create one.

by Splunk Employee in

Why am I getting these errors on my Splunk master node and Heavy forwarders for Splunkd?

Audit event generator: Now skipping indexing of internal audit events, because the downstream queue is not accepting ...

by Explorer in

How long does it take for fschange to identify a change?

All, How long by default does it take for the old FSCHANGE type to notice a change? thanks -Daniel

by Builder in

In a log file that has multiple events with the same timestamp, how can each one of these to be ingested as a separate event and insert milliseconds during the indexing time?

Hi, I have a log file that has multiple events with the same timestamp. Foe instance: 2018-01-06 00:24:01 - ! [476...

by New Member in

Can splunk search/monitor files that are not indexed?

Is it possible to search/monitor non-indexed files? We create daily status files and we like to present the contents ...

by New Member in

What is the easiest way to send SNMP logs into Splunk for CISCO devices?

Hello guys, Need your help guys ,What is the easiest way to send SNMP logs into Splunk for CISCO devices? Your ...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why is Splunk not indexing the file but configuring inputs.conf?

How can I check that Splunk indexed the entire contents of a given file?

How to forward events to a cluster environment?

SCCM Windows KB# and Dates

REST API with namespace?

Line Breaker help

Universal forwarder (Windows) does not send logs even though "active"

File monitor not indexing all data in a file

How to spot differences in two names in a list in CSV files?

User can see data in one index but not another with the same config

Can you index certain filetypes contained within a zipped file?

Host in Props.conf Not Working

What is the best method to index only set event ids from the security event log?

How to import this kind of CSV data?

How to improve performance on data-models with additional indexers or search heads

Setting up Splunk monitoring of rsyslog with UDP

Multiple SplunkTCPTokens on inputs.conf

Syslog Data not indexing

How can I tell whether Splunk forwarder has read through monitored files

"HTTP Event Collector" not available or missing from Data Inputs panel, "Settings > Data inputs"

Why am I getting these errors on my Splunk master node and Heavy forwarders for Splunkd?

How long does it take for fschange to identify a change?

In a log file that has multiple events with the same timestamp, how can each one of these to be ingested as a separate event and insert milliseconds during the indexing time?

Can splunk search/monitor files that are not indexed?

What is the easiest way to send SNMP logs into Splunk for CISCO devices?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

sc4s app_parsers don't seem to work

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!