Getting Data In

Discussions

Thread Info

What is the best practice for configuring a Splunk Forwarder 5.0.3 for custom fields to be appended to the source?

Hi all, I'm looking to add some custom fields to the Splunk Forwarder, but am struggling to find the a way of achi...

by Engager in

How to remove and prevent error "minimum free disk space (5000MB) reached for /var/run/splunk/dispatch" on my heavy forwarder?

I keep getting the "minimum free disk space (5000MB) reached for /var/run/splunk/dispatch" on one of my heavy forward...

by Contributor in

Is there a way to delete data on an indexer from Splunk Web to free up disk space?

Hi , We are about to reach the maximum size of the disk on our Indexer server. Please suggest if there is any way ...

by Path Finder in

How to route data to certain indexes based on host, sourcetype, and index?

Hi. I have a requirement to route events to index based on the fields host, sourcetype, and index. Field host ...

by Explorer in

How do I set up a Splunk forwarder to monitor and forward log files within a certain path?

We are wanting to modify our Splunk forwarders on workstations to look at other log files and I am curious how to go ...

by New Member in

Can I enable SSL for a universal forwarder (public IP), but not for a local universal forwarder (private IP)?

Hi, Can I enable the SSL for the universal forwarder that will access it through the public ip, but not the forwar...

by New Member in

Why is the monit process sometimes restarting

I have Linux servers with Splunk, and the process monit to check my processed. But sometimes I see an issue where ...

by Communicator in

Total number of indexed volume per day

Hi, Currently I have a splunk server receiving logs from few servers. I will like to do a search that is schedu...

by Path Finder in

If an identical input is specified in inputs.conf for multiple apps on a universal forwarder, will this result in duplicate data?

If an input is specified identically in the inputs.conf file of multiple apps running on a Universal forwarder, will ...

by Explorer in

How to filter Windows Security events by changing inputs conf

I have made the following changes in my inputs.conf. However no luck Could anyone help me with this? [WinEventLog:...

by Communicator in

How to use inputlookup to filter

Hi, I have multiple queries that I use to do daily report on errors in our production Splunk. I would like to filt...

by Explorer in

Does Splunk process events before sending to nullqueue?

We have configured a default null queue to discard all events that we don't want to allow to be indexed without autho...

by Path Finder in

What are recommended specs for a virtual host for our multisite sandbox environment?

Hi there, I've been tasked with building a Splunk Enterprise 6.3 multisite virtual environment sandbox. The enviro...

by Path Finder in

Why am I missing metrics.log data from some of my forwarders/hosts?

Hi folks! I've made a search that returns all hosts that sends events of some kind to indexer, but does not send i...

by Builder in

How to drop _internal logs received from universal forwarders on a heavy forwarder?

Hi Team, We need to drop _internal logs forwarded by universal forwarders as _internal logs are consuming most of ...

by Path Finder in

What is the precedence for "SEDCMD" attribute?

I think the precedence for "SEDCMD" attribute within single stanza is ASCII order. For example props.conf: [foo...

by Path Finder in

How do we monitor Disk I/O in Splunk?

Hi Splunk Support, When activating the Performance Monitoring in inputs.conf, I was able to send free disk space t...

by Explorer in

Why is CPU on the universal forwarder not used most of the time and we see error "Could not send data to output queue (parsing queue), retrying...."?

Hi, I was monitoring Universal Forwarder's CPU usage with the environment below, and I put 13GB sized file on Uni...

by Path Finder in

How to configure a heavy forwarder to filter events based on the hostname found in IIS logs?

I have not yet started ingesting IIS logs from my systems. The systems have roughly 2 years of logs stored on them, t...

by Path Finder in

How to find the path for an unknown data source that is sending data to Splunk?

How can I tell where data is coming from? I have inherited an old Splunk 5.0.1 Enterprise Infrastructure. I can see d...

by Explorer in

Getting Data In

Discussions

What is the best practice for configuring a Splunk Forwarder 5.0.3 for custom fields to be appended to the source?

How to remove and prevent error "minimum free disk space (5000MB) reached for /var/run/splunk/dispatch" on my heavy forwarder?

Is there a way to delete data on an indexer from Splunk Web to free up disk space?

How to route data to certain indexes based on host, sourcetype, and index?

How do I set up a Splunk forwarder to monitor and forward log files within a certain path?

Can I enable SSL for a universal forwarder (public IP), but not for a local universal forwarder (private IP)?

Why is the monit process sometimes restarting

Total number of indexed volume per day

If an identical input is specified in inputs.conf for multiple apps on a universal forwarder, will this result in duplicate data?

How to filter Windows Security events by changing inputs conf

How to use inputlookup to filter

Does Splunk process events before sending to nullqueue?

What are recommended specs for a virtual host for our multisite sandbox environment?

Why am I missing metrics.log data from some of my forwarders/hosts?

How to drop _internal logs received from universal forwarders on a heavy forwarder?

What is the precedence for "SEDCMD" attribute?

How do we monitor Disk I/O in Splunk?

Why is CPU on the universal forwarder not used most of the time and we see error "Could not send data to output queue (parsing queue), retrying...."?

How to configure a heavy forwarder to filter events based on the hostname found in IIS logs?

How to find the path for an unknown data source that is sending data to Splunk?

Data Onboarding Strategy

Module 4 data upload fail without errors

serverclass.conf whitelist from pathname not worki...

How to produce stats with based on a field clientI...

Connect to your Azure Storage account with the Spl...