Getting Data In

Discussions

Thread Info

Transforms.conf to props.conf?

I created a new app named sample_app_1. Inside my new app's local folder i created a transforms.conf that will be cal...

by Explorer in

monitor cisco switch environment

I would like to monitor about 15 cisco devicces on my network. 3 ASA devices, 4 l3 switches and the rest are L2 switc...

by Engager in

Indexing Kaspersky Logs

Need help to monitor event logs from Kaspersky Security Centre in #Splunk. Merely pointing forwarder to collect Windo...

by Contributor in

How can I transfer logs of a sever to an indexer?

I have created an index A for server X and I have done all the required setting in the inputs.conf file of server X. ...

by New Member in

How to do event linebreaking and timestamp recognition in header lines without timestamp information!

Hi Folks, I am adding data from a log file with filename: server_zmslx1xt1119.log For the timestamp, first 7 li...

by Explorer in

How to extract my event in index time using props.conf and transforms.conf?

How to extract my event in index time using props.conf and transform .conf? How to extract by event in index time to ...

by Builder in

Can you index evtx on linux heavy forwarder? 4.3

Does not make it clear here: http://splunk-base.splunk.com/answers/141/can-splunk-index-windows-event-logevtevtx-f...

by Path Finder in

We are receiving _internal logs from universal forwarders but we are not receiving data from indexes which are created externally???

Universal forwarder sending data _internal logs and we are receiving those logs and appeared on search heads. But ...

by Explorer in

How can I grab the latest source from a csv file, ranging from the earliest to anything within 5 minutes of that time?

I have splunk import a csv file every time it's changed. Splunk imports each line of the csv file as an event. I have...

by Path Finder in

How to EXTRACT regex expression in props.conf?

I have this file with this appearance first.prop.one=1 first.prop.two=2 first.prop.third=3 I was using KV_MODE...

by Communicator in

How to push *.conf to universal forwarders?

I've got my Universal Forwarder doing indexing on some data sources for my Splunk instance. After spending some time ...

by Contributor in

ActiveSync Logs from Office365?

How are people grabbing ActiveSync logs out of Office365 into Splunk? I do not believe that these are coming through ...

by Engager in

Deployment server app inputs.conf vs Forwarder inputs.conf

I have updated an app inputs.conf (/opt/splunk/splunkforwarder/etc/apps/inputs_prod/local) in one of my Universal For...

by Path Finder in

Can I Splunk my wtmp files?

The file /var/log/wtmp is where most *nix systems keep track of all logins and logouts to the system. The file is ...

by Splunk Employee in

splunkd: error while loading shared libraries: ld-linux-armhf.so.3

Hi I have a Synology NAS (RS212) with an ARM Processor (mv6282) but I can't get the ARM Forwarder to work. I get t...

by Splunk Employee in

How to truncate events in SplunkWeb

Hello, I have an unusual requirement for Splunk. I have a source that returns error messages from Java application...

by Path Finder in

Joining two csv files

Hi, I have two CSV files that I want to be joined ex. file1 and file2 there are values in file2 which do not have a m...

by Communicator in

Universal Forwarderのログ転送先について

Syslogサーバー(+Universal Forwarder) → Splunkサーバー上記の図のように、Syslogサーバーにフォワーダーをインストールし、正常にSplunkサーバーにもログが取り込めていることは確認できて...

by New Member in

How can I capture when members are removed from domain admins group?

I am trying to identify when a member has been removed from security enabled groups such as domain admins, using inde...

by Path Finder in

Is restart required after making changes to Props.conf and Transforms.conf?

Do I need to restart Splunk after I make changes to Props.conf and Transforms.conf for the changes to take effect? ...

by Builder in

Why is the Http event collector not visible in UI?

Hi, Splunk version : 6.6.1 Http event collector not visible in UI, we are not able to find it under data inputs...

by Explorer in

How does the indexer forward data to itself?

I want to blacklist some events that the Splunk server is sending to itself but my indexer isn't even running the Spl...

by Explorer in

Why has the TCP output processor has paused the data flow and why has forwarding to output group default-autolb-group been blocked?

Please help me to resolve the following issue. It seems I am getting no data through now at all Tcpout Processor: ...

by New Member in

How to change the default of 10 lines per page in forwarder management?

Is there a way to change the default of "10 lines" in Forwarder Management? I find it extremely annoying that this pa...

by Path Finder in

Does the index and sourcetype gets changed when the logs, sent by ryslog linux server, get to the heavy forwarder?

Hello, we have a splunk instance that is being fed by a splunk heavy forwarder. We have a rsyslog linux server forwar...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Transforms.conf to props.conf?

monitor cisco switch environment

Indexing Kaspersky Logs

How can I transfer logs of a sever to an indexer?

How to do event linebreaking and timestamp recognition in header lines without timestamp information!

How to extract my event in index time using props.conf and transforms.conf?

Can you index evtx on linux heavy forwarder? 4.3

We are receiving _internal logs from universal forwarders but we are not receiving data from indexes which are created externally???

How can I grab the latest source from a csv file, ranging from the earliest to anything within 5 minutes of that time?

How to EXTRACT regex expression in props.conf?

How to push *.conf to universal forwarders?

ActiveSync Logs from Office365?

Deployment server app inputs.conf vs Forwarder inputs.conf

Can I Splunk my wtmp files?

splunkd: error while loading shared libraries: ld-linux-armhf.so.3

How to truncate events in SplunkWeb

Joining two csv files

Universal Forwarderのログ転送先について

How can I capture when members are removed from domain admins group?

Is restart required after making changes to Props.conf and Transforms.conf?

Why is the Http event collector not visible in UI?

How does the indexer forward data to itself?

Why has the TCP output processor has paused the data flow and why has forwarding to output group default-autolb-group been blocked?

How to change the default of 10 lines per page in forwarder management?

Does the index and sourcetype gets changed when the logs, sent by ryslog linux server, get to the heavy forwarder?

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout

Missed data from SOPHOS

Deployment server for heavy forwarders best practi...

[Cohesity Add-on] Extension with “Protection Runs”...

Splunk VMware OVA for ITSI vs Splunk OVA for VMwar...

How to Execute a Python Script via a Button and Di...