Getting Data In

Community Activity

FS Change keeps adding and deleting files from monitoring I am monitoring /etc/hosts.allow and /etc/hosts.deny for change, with a poll period of 300 seconds. [fschange:/etc/h... by jdunlea_splunk Splunk Employee in Getting Data In 05-10-2018 2 4	2	4
Why is Splunk not indexing the file but configuring inputs.conf? So I am trying to monitor a file on the local indexer. I am setting it up through the Web UI to be sure it works. I g... by JordanPeterson Path Finder in Getting Data In 05-10-2018 1 3	1	3
How can I check that Splunk indexed the entire contents of a given file? I would like to check that a given file has been fully indexed by Splunk. I tried counting the lines in the source f... by hexx Splunk Employee in Getting Data In 05-10-2018 9 4	9	4
How to forward events to a cluster environment? Initially, I have a cluster environment( 3 indexes + 1 master node) I want to configure my setup like below: window... by riqbal Communicator in Getting Data In 05-10-2018 0 1	0	1
SCCM Windows KB# and Dates Hi everybody, We just started to ingest SCCM v1606 Logs into our Splunk, the main goal is to see the following: -Se... by JRamirezEnosys Explorer in Getting Data In 05-10-2018 1 2	1	2
REST API with namespace? I have a Search Macro in my Splunk application. I would like to invoke this Search Macro via REST API. To do that, ... by Mick Splunk Employee in Getting Data In 05-10-2018 5 2	5	2
Line Breaker help Hi Guys, I'm trying to ingest an entire html file as a single event everytime it gets written. The html file ALWAYS... by richnavis Contributor in Getting Data In 05-10-2018 0 5	0	5
Universal forwarder (Windows) does not send logs even though "active" Hi Folks, I am testing log forwarding using universal forwarder from Windows to Splunk but can't seem to receive any... by Sagar0511 Explorer in Getting Data In 05-09-2018 0 4	0	4
File monitor not indexing all data in a file I've installed UF on a Windows 2012 R2 server and created a directory monitor via the inputs.conf file at C:\Program ... by ericlavalley Explorer in Getting Data In 05-09-2018 0 10	0	10
How to spot differences in two names in a list in CSV files? I'm having a hard time coming up with the right query or search. My dilemma is I have 2 separate lists containing nam... by jcadena New Member in Getting Data In 05-09-2018 0 2	0	2
User can see data in one index but not another with the same config I've recently added some configuration that creates indexes for data. Each index has a corresponding role that adds b... by krisreeves Path Finder in Getting Data In 05-09-2018 0 3	0	3
Can you index certain filetypes contained within a zipped file? I've seen older answers that state you cannot ingest only certain files from a zip file. Say, only .csv files from a ... by thisissplunk Builder in Getting Data In 05-09-2018 0 0	0	0
Host in Props.conf Not Working I need to lengthen the lines in my events so I went into Splunk\etc\system\local\props.conf and added [SRV-DCP01UVW... by skoelpin SplunkTrust in Getting Data In 05-09-2018 0 10	0	10
What is the best method to index only set event ids from the security event log? Hey Guys, So I'm setting up a lab for some testing, what I would like to do is index only set Windows Security Event... by AaronMoorcroft Communicator in Getting Data In 05-09-2018 0 10	0	10
How to import this kind of CSV data? I've a CSV file like the one reported below, and on my UF I've added the following props but on the search heads the ... by nicolociraci New Member in Getting Data In 05-09-2018 0 9	0	9
How to improve performance on data-models with additional indexers or search heads Hi I have been looking at this doc on Capacity Planning Manual http://docs.splunk.com/Documentation/Splunk/7.1.0/Cap... by robertlynch2020 Influencer in Getting Data In 05-09-2018 1 4	1	4
Setting up Splunk monitoring of rsyslog with UDP I am running Splunk on an RHEL7 VM. I wish to be able to receive data from a Lexmark printer, which I have configured... by leongchongyu Explorer in Getting Data In 05-09-2018 0 8	0	8
Multiple SplunkTCPTokens on inputs.conf We are looking to utilize the splunktcptoken as additional security measure to validate that we trust the sender of d... by wbw4am New Member in Getting Data In 05-08-2018 0 0	0	0
Syslog Data not indexing Hello. We are currently running Splunk 7.0.2 on Windows Server 2012 r2 and are attempting to send syslog data from ou... by westpointis New Member in Getting Data In 05-08-2018 0 3	0	3
How can I tell whether Splunk forwarder has read through monitored files We have rsyslog writing files to numerous directories on Splunk heavy forwarders. In order to keep the logfiles from... by sylim_splunk Splunk Employee in Getting Data In 05-07-2018 0 1	0	1
"HTTP Event Collector" not available or missing from Data Inputs panel, "Settings > Data inputs" This screenshot speaks the issue. Due to no Http Event collector I'm not able to create one. by sylim_splunk Splunk Employee in Getting Data In 05-07-2018 0 1	0	1
Why am I getting these errors on my Splunk master node and Heavy forwarders for Splunkd? Audit event generator: Now skipping indexing of internal audit events, because the downstream queue is not accepting ... by eymanu Explorer in Getting Data In 05-07-2018 2 1	2	1
How long does it take for fschange to identify a change? All, How long by default does it take for the old FSCHANGE type to notice a change? thanks -Daniel by daniel333 Builder in Getting Data In 05-07-2018 0 0	0	0
In a log file that has multiple events with the same timestamp, how can each one of these to be ingested as a separate event and insert milliseconds during the indexing time? Hi, I have a log file that has multiple events with the same timestamp. Foe instance: 2018-01-06 00:24:01 - ! [476] ... by JJagadeesh New Member in Getting Data In 05-07-2018 0 0	0	0
Can splunk search/monitor files that are not indexed? Is it possible to search/monitor non-indexed files? We create daily status files and we like to present the contents ... by MikeStorms New Member in Getting Data In 05-07-2018 0 2	0	2