Getting Data In

Discussions

Thread Info

Splunk logging Driver Bringing Down the Entire Docker Swarm Cluster

Hello, We implemented collecting Docker logs using splunk logging driver, It pushes the docker logs very well and...

by Engager in

Should props.conf match inputs.conf?

Does the props.conf file of an indexer has the same contents as the inputs.conf file of the forwarder from which it i...

by Path Finder in

Script input troubleshoot

Hi, I am trying to index from my python script. I followed the steps in this page to setup my data: http://docs.splun...

by Contributor in

Find out the type of logs which are captured when it is using a script \bin\scripts\splunk-wmi.path ?

I installed SplunkForwarder and during the installation wizard, I checked all the logs for Windows (Application, Secu...

by Explorer in

How do I configure a UF on Linux to receive and forward windows events?

I need to configure a Linux based UF to receive Windows events and then forwarder those to the indexers. I am guessin...

by Path Finder in

How to index data from AWS into Splunk?

We want to move files from Amazon s3 to Splunk server (ex: /opt/splunk/logs ) continuously and display those details ...

by New Member in

After matching 2 different data sources based on srcip, why is the output none?

Hi, I try to match two events in one search. one event must match virus and the other android. because the clearpa...

by Engager in

Syslog from switch to indexer

Hello, we want to send syslog from cisco switches directly to the splunk indexer. So I made a NAT from UDP 514 to ...

by Path Finder in

Splunk internal logs stopped logging; can you please provide information about permission setup for log files?

Hello Splunkers: This question is for the splunkers who are running their instances with splunk user. Three logs have...

by New Member in

I need a config to direct outputs to two different Splunk stacks?

All, I have a legacy install of Splunk and a new Splunk ES stack. Transition is going to take a year. So far I ju...

by Builder in

CSV file with last 2 fields XML payloads

Need help with the following CSV (everything I am trying, the XML fields are getting parsed incorrectly) so I have...

by Engager in

How to reindex data which is coming from syslog server to splunk ?

Please hlep me how I can reindex data which is coming from syslog server to splunk? Thanks , splunker969

by Communicator in

Tip: Sample pfSense Logs Parsed Here

Hi, I have parsed some pfSense logs. For anyone making an app, please go ahead and use this info. Cheers and us...

by Explorer in

How to ingest Nginx running in a Docker container logs to Splunk?

Nginx container runs in Docker container on an Amazon EC2 instance. We're soon going to setup Docker Enterprise editi...

by New Member in

Custom Filters

I'm using the Unversal Forwarder to 'monitor' log files on the clients but I just can't index everything forwarded, t...

by Explorer in

Why am I still seeing debug logs in the Splunk heavy forwarder filtering?

I have set the following on transforms.conf and props.conf but I still see DEBUG logs in my search. what did I miss ...

by Communicator in

Can I create an index locally and have it selectively forward specific fields from a source?

Hi all- I have a unique requirement/question, I think. I'm wondering if there is a way in Splunk to set up a heavy...

by Path Finder in

I am unable to remove the standard Blue Coat heades tha begin with the # comment. I have tried several iterations of the nullQueue using REGEX and SEDCMD

This is a copy of the log header and how I currently have the props.conf and transforms.conf configured Software:...

by Path Finder in

Options on installing universal forwarders on "Windows Machines"

Hello All, Im a bit confused with the installation of a UF on the windows machine. According to the documents, there ...

by Communicator in

What's causing the error global name 'Event' is not defined after upgrading Microsoft OMS Modular Inputs TA from v1.2 to v1.3.3?

After upgrading from TA-OMS_Inputs from v1.2 to v1.3.3 on, splunk v6.5.4 we are getting the following errors when log...

by Explorer in

Splunk UDP Data Input Fails To Send Data

Hi everyone, I am working on a school project where multiple batches of students will work on the same project and...

by Explorer in

Windows Universal Forwarder Hide Domain Password

Hello I need to deploy Windows Universal Forwarders with Domain Account and I am wondering where if: There is ...

by Influencer in

What should I be sourcetyping /var/log/messages?

All, On the list of pretrained sourcetypes I see /var/log/messages as linux_messages_syslog (https://docs.splunk....

by Builder in

How to return job errors when searching via API?

When I call the Splunk API via Python SDK, I get results fine. However, when I run the same query via the UI, I somet...

by Engager in

High availability for HF scripts

I have a pair of HFs located in a DMZ that can collect data from the Internet via a script input. All other Splunk i...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk logging Driver Bringing Down the Entire Docker Swarm Cluster

Should props.conf match inputs.conf?

Script input troubleshoot

Find out the type of logs which are captured when it is using a script \bin\scripts\splunk-wmi.path ?

How do I configure a UF on Linux to receive and forward windows events?

How to index data from AWS into Splunk?

After matching 2 different data sources based on srcip, why is the output none?

Syslog from switch to indexer

Splunk internal logs stopped logging; can you please provide information about permission setup for log files?

I need a config to direct outputs to two different Splunk stacks?

CSV file with last 2 fields XML payloads

How to reindex data which is coming from syslog server to splunk ?

Tip: Sample pfSense Logs Parsed Here

How to ingest Nginx running in a Docker container logs to Splunk?

Custom Filters

Why am I still seeing debug logs in the Splunk heavy forwarder filtering?

Can I create an index locally and have it selectively forward specific fields from a source?

I am unable to remove the standard Blue Coat heades tha begin with the # comment. I have tried several iterations of the nullQueue using REGEX and SEDCMD

Options on installing universal forwarders on "Windows Machines"

What's causing the error global name 'Event' is not defined after upgrading Microsoft OMS Modular Inputs TA from v1.2 to v1.3.3?

Splunk UDP Data Input Fails To Send Data

Windows Universal Forwarder Hide Domain Password

What should I be sourcetyping /var/log/messages?

How to return job errors when searching via API?

High availability for HF scripts

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions