Getting Data In

Discussions

Thread Info

Windows Server 2008R2 Splunk server not receiving Windows Event Logs from a Windows 7 PC with Universal Forwarder installed

I initially tested the Splunk Server on a Windows 7 machine and installed the Universal Forwarder on another WIndows ...

by Engager in

Can a custom app send data to the indexer via memory?

I wonder what would be an efficient way for a custom app to communicate with an indexer? Can the custom app write to ...

by Ultra Champion in

Accidentally uploaded the same license on indexers and master node. How to resolve a "Duplicated license situation"?

Hi Experts, I got a situation. By mistake, I uploaded the same license that I used for Indexers and Master node. N...

by Builder in

Considerations for adjusting autoLBFrequency in outputs.conf

When using automatic load balancing of outputs from universal forwarders (UF), the default number of seconds a forwar...

by Builder in

Why are my nearly identically-named log files not being indexed by Splunk?

For our "ATA42_NETWORK" application we have indexed *.NCD files These files are located in an “input directory” monit...

by New Member in

Whats the best way to migrate /db from one drive to another?

I'm migrating a standalone indexer from Windows to Linux. I mounted the snapshot onto the Linux box and currently mov...

by SplunkTrust in

What is the user-seed.conf file?

I'm a bit confused about the user-seed.conf. Based on the documentation provided by Splunk, it seems this is to set u...

by Explorer in

How can I improve the performance of Splunk monitoring hundreds of active files?

When Splunk monitors hundreds/thousands of files, there seems to be a long lag between the time the event is generate...

by Splunk Employee in

Forwarded events not indexed

Hello! I am preparing for the architect exam and I have set the following lab: 10.37.129.10 spl-search-head 10.37....

by Communicator in

How should I implement a Splunk architecture on a 2 virtual machine, development environment?

Hi, we have to implement a Splunk architecture (for a development/test environment). We have 2 virtual devices, and w...

by New Member in

Deployment client is not indexing data to the Deployment server? (50 credit will be rewarder for the person who found the solution)

Hi the following were the splunkd.log messages in the deployment client. I don't know why it isn't showing any warnin...

by Builder in

How do I configure the Deployment Server to have a Universal Forwarder send logs to a specific index?

Hello everyone, I have in theory a very simple question. Hopefully this is as simple as I think it is. I have a de...

by Explorer in

An index was not prepared to ingest data, so I cannot see events from previous days. How do I fix this?

Hello, I forgot to have an index ready when I started to ingest data (log file with data from last week to present...

by Communicator in

In props.conf, why is BREAK_ONLY_BEFORE_DATE not properly line breaking my events?

My props.conf is like: BREAK_ONLY_BEFORE_DATE = true TIME_PREFIX = GMT TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3N MAX_DAY...

by New Member in

What do Splunk Ninjas think are the top three daily Splunk tasks in a large distributed environment?

Hello all, I am trying to build a workflow for our new Splunk product and want to know what top three regular dail...

by Path Finder in

How to edit my universal forwarder monitor stanza to index Active Directory server logs?

I am trying to monitor the Active Directory Server for logs. I have a universal forwarder installed on a Windows AD S...

by Explorer in

How to add modular data inputs using Splunk command line?

I am trying to install a TA from Splunk command line. Referring to http://docs.splunk.com/Documentation/Splunk/6.5.0/...

by Communicator in

How to alert when the last event in an index is older than 1 hour, and if any forwarder has not phoned home in the last hour?

Hello Splunkers. I'm working on 2 scenarios, and I'm sure you guys can help me. Scenario 1: We have about 15 in...

by Communicator in

Custom command for json event

Hi, I'm using the below line, while creating custom command for key value field extraction. My events are in json...

by Explorer in

How to load data into multiple indexes based on the event data?

Can I dynamically assign index value at the indexer level to the events based on the data and load the data into the ...

by New Member in

Getting Data In

Discussions

Windows Server 2008R2 Splunk server not receiving Windows Event Logs from a Windows 7 PC with Universal Forwarder installed

Can a custom app send data to the indexer via memory?

Accidentally uploaded the same license on indexers and master node. How to resolve a "Duplicated license situation"?

Considerations for adjusting autoLBFrequency in outputs.conf

Why are my nearly identically-named log files not being indexed by Splunk?

Whats the best way to migrate /db from one drive to another?

What is the user-seed.conf file?

How can I improve the performance of Splunk monitoring hundreds of active files?

Forwarded events not indexed

How should I implement a Splunk architecture on a 2 virtual machine, development environment?

Deployment client is not indexing data to the Deployment server? (50 credit will be rewarder for the person who found the solution)

How do I configure the Deployment Server to have a Universal Forwarder send logs to a specific index?

An index was not prepared to ingest data, so I cannot see events from previous days. How do I fix this?

In props.conf, why is BREAK_ONLY_BEFORE_DATE not properly line breaking my events?

What do Splunk Ninjas think are the top three daily Splunk tasks in a large distributed environment?

How to edit my universal forwarder monitor stanza to index Active Directory server logs?

How to add modular data inputs using Splunk command line?

How to alert when the last event in an index is older than 1 hour, and if any forwarder has not phoned home in the last hour?

Custom command for json event

How to load data into multiple indexes based on the event data?

AWS Config Aggregator to Splunk

Issue with getting data to Splunk App for Hyperled...

Splunk fundamental training lab 4

unable to get MS Azure event hub using Splunk Addo...

Citrix TA-XD7-Broker - ps script requires cloud lo...