Getting Data In

Ask a Question

Discussions

Thread Info

How to create dump command and put datetime?

Hi Ask about basefilename in dump command. I would like to create a file by date with search results and I would l...

by Communicator in

Why am I encountering an Error on forwarding nginx container logs to Splunk forwarder?

https://www.splunk.com/blog/2015/08/24/collecting-docker-logs-and-stats-with-splunk.html With reference to this do...

by Engager in

indexing congestion consistenly happening

Hi, I have only started using splunk on a test server, and I am consistently getting "skipped indexing of internal...

by Explorer in

How do you change apps in in the API (Java)?

So I am following the Java Splunk API tutorials and Can list apps and saved searches but for the life of me I cannot ...

by New Member in

Why are Windows event logs with MSSQLSERVER$AUDIT as source getting truncated and the message is empty?

Hi, We have an auditing setup which logs in Windows event logs (Forwarded Events) as "MSSQLSERVER$AUDIT" source. ...

by Explorer in

How to monitor Active Directory changes and security events with Universal forwarder?

We want to monitor Active Directory changes and security Events We are planning to deploy the Universal forwarder to ...

by Path Finder in

How to configure rsyslog so that it stores them in certain directories?

I would like to configure rsyslog so that it keeps logs generated by the localhost in the /var/log/messages but then ...

by Communicator in

How can we view the data retention policy we have set?

Hi All, We have set the data retention has 1 year (365 days) for in cluster master. But when we search the data in...

by Path Finder in

Why is the Splunk Universal Forwarder sending data to wrong index and, isn't sending all records of a Catalina.out?

Hello everyone, I have a lab in a Ubuntu VM. In this lab, I have the UF and the Splunk E. The forwarder monitors a...

by New Member in

timestamp match is outside of the acceptable time window

Hello, I have a log with a timestamp that does not contain the year. Moreover the events are not in a chronological o...

by Communicator in

Can Sysmon logs completely take the place of certain "Event Logs"?

So we are wondering if by implementing the collection of Sysmon logs, we can stop collecting other logs all together....

by New Member in

Are there inconsistencies in behavior with the need for INDEXED_EXTRACTIONS?

The admin class (lab) says that for json we need the following in the props.conf of the forwarder. INDEXED_EXTRACT...

by Ultra Champion in

Why can't the Splunk server index or show events forwarded by windows host with universal forwarder?

alt text I have installed universal forwarder on my windows host and the forwarder does forward the events to the Spl...

by New Member in

Why am I not getting syslogs on port 512?

I am new to Splunk and I have it installed on my PC at work. I have Aruba Clear Pass syslog target set to forward to ...

by New Member in

How to restrict transaction to group events from the same source and the same host?

Search a same log file on many different hosts . Use transaction : startwith and endwith to capture one process withi...

by Path Finder in

Why does Splunk always get en-GB instead of en-US on the url?

Is there a way to change the URL form en-GB to en-US so the dateTime picker shows MM/DD/YY? http://1xx.1xx.1xx.1xx...

by Explorer in

How to create an If Statement in Props.conf?

I need to set a value based on another value. How would I do this: if severity = 1 severity=high One of my ...

by Path Finder in

Is there a way to use some sort of regular expression with field aliases?

Is there a way to simply the props.conf configurations and do the following in one command - FIELDALIAS-alias01 = ...

by Ultra Champion in

How can I forward data from UniversalForwarder for 2 instances?

I have universal forwarder with Splunk_TA_Stream and my app _server_app_audit where in inputs.conf I write _TCP_Routi...

by Explorer in

How to redirect logs to separate indexes based on host?

Hi.. I have a question From a heavy forwarder , based on the incoming host, I like to send the logs into a separat...

by Engager in

Why does the csv sourcetype work for upload but not via the forwarder?

The following sourcetype works fine when we upload a file against this sourcetype, but via the forwarder the csv fiel...

by Ultra Champion in

how do i find where each hosts are indexing data

the reason for this is because someone made a mix-up on the UF and then some hosts are indexing to the wrong index. I...

by Communicator in

How to create a summary Index that will give license usage by index and sourcetype?

Hi All, I am trying to create a summary index which will gives us the license usage by index and sourcetype, which...

by Path Finder in

How to assign a field alias to a json field?

We have the following in props.conf - FIELDALIAS-alias1 = apiRequest.apiInfo.clientID AS clientID It doesn't s...

by Ultra Champion in

How to search for logins not in CSV?

I am trying to write a query in Splunk that will tell me if any user IDs in my CSV file were used to log into any mac...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to create dump command and put datetime?

Why am I encountering an Error on forwarding nginx container logs to Splunk forwarder?

indexing congestion consistenly happening

How do you change apps in in the API (Java)?

Why are Windows event logs with MSSQLSERVER$AUDIT as source getting truncated and the message is empty?

How to monitor Active Directory changes and security events with Universal forwarder?

How to configure rsyslog so that it stores them in certain directories?

How can we view the data retention policy we have set?

Why is the Splunk Universal Forwarder sending data to wrong index and, isn't sending all records of a Catalina.out?

timestamp match is outside of the acceptable time window

Can Sysmon logs completely take the place of certain "Event Logs"?

Are there inconsistencies in behavior with the need for INDEXED_EXTRACTIONS?

Why can't the Splunk server index or show events forwarded by windows host with universal forwarder?

Why am I not getting syslogs on port 512?

How to restrict transaction to group events from the same source and the same host?

Why does Splunk always get en-GB instead of en-US on the url?

How to create an If Statement in Props.conf?

Is there a way to use some sort of regular expression with field aliases?

How can I forward data from UniversalForwarder for 2 instances?

How to redirect logs to separate indexes based on host?

Why does the csv sourcetype work for upload but not via the forwarder?

how do i find where each hosts are indexing data

How to create a summary Index that will give license usage by index and sourcetype?

How to assign a field alias to a json field?

How to search for logins not in CSV?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Parsing Multimetric Logs

SC4S Syslog server update fails during download wi...

SplunkForwarder flooding splunkd.log with reconnec...

Event break multiline PowerShell Transcript Log

uberAgent

Getting Data In

Are you a member of the Splunk Community?

Discussions