Getting Data In

Discussions

Thread Info

Why am I unable to initialize modular input "TA-Akamai_SIEM" defined inside the app "Splunk_TA_siem_connector"?

Unable to initialize modular input "TA-Akamai_SIEM" defined inside the app "Splunk_TA_siem_connector": Introspecting ...

by New Member in

dynamicly assigning index based on eventsize

Hi everyone, I would like to send events based on their size in different indexes. I'm currently using the props.c...

by Path Finder in

deployment server serverclass.conf file index configuration

Hi, I have the below configuration deployed in deployment server serverclass.conf to send the index.conf configurati...

by Path Finder in

Splunk Log Monitoring

Hi All, My company have decided now to monitor logs via SIEM tool Splunk. Actually the logs what we are capturing ...

by Explorer in

Forwarder Configuration - Cloud Setup

Hi, Have installed universal forwardesr in my linux machines & configured as below : Step 1: ./splunk add forw...

by Explorer in

Why is the indexer discovery clear text password not being encrypted?

I've enabled indexer discovery on my 6.3.1 linux universal forwarders. http://docs.splunk.com/Documentation/Splunk...

by Motivator in

REST API Install local App

Hello, I would like to install an app on my local computer to a remote Splunk instance using rest api. I get the f...

by Engager in

Why are the Universal Forwarders CPU spiking every hour?

Hi, I have over 150+ UF and they all behave the same. splunkd CPU usage is about 5% but every hour it spikes, up t...

by Path Finder in

Best way to implement an external script

We're using Splunk to index events from Bit9 and interact with its API to ban/approve files. We've written a python s...

by Builder in

SOAP API data input - Maintaining Auth

I have a user who has a SOAP API they would like to collect data from and Index. I can authenticate to the SOAP API u...

by Explorer in

What is the forwarder to indexer compatibility matrix?

I have a mixed environment of forwarders and indexers (3.4, 4.0, and 4.1) and I would like to know which versions are...

by Splunk Employee in

timestamp extraction from two places during index time within an event

I have an event like "abcabcabc....abc.........time:-2017-05-05T0*8:08:08.987........abcxyz...abcxyz.....date:-201...

by Contributor in

How to Configure host = $decideOnStartup correctly?

I have application with inputs.conf as [monitor:xxxxx] sourcetype=xxxx index=xxxx host = $decideOnStartup In serve...

by Explorer in

How to extract JSON at index time?

I am trying to extract some json data at index time. I have found the article about using regular expressions to crea...

by Explorer in

Why is the data in index from using collect is not being indexed?

Hello, I'm trying to take a list of IDs that were given to me and confirm that they are in our system. I imported ...

by Explorer in

Splunk forwarders failing to send some of the Windows application Event logs for some devices

Why are Splunk forwarders failing to send some of the Windows application Event logs for some devices? We are using S...

by New Member in

Why am I getting this error on the Universal Forwarder "Parameters must be in the form '-parameter value'"?

Getting the above error when running the following command splunk install app C:\Program Files\SplunkUniversalForw...

by Engager in

spkunk forwarder runit configuration

in Our organisation we are using runit as the service manager. What is the config for the run.sh in runit so that ...

by New Member in

Unable to install splunk forwarder on SOLARIS SPARC

hi, I am trying to install splunk forwarder solaris package but getting checksum error and not able to untar it. P...

by Engager in

why are props.conf keys not recognized

I have a verry strange behaviour in props.conf, the following stanza does not work: [SDCS-liveclone-xxxxxx-st_XmlW...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why am I unable to initialize modular input "TA-Akamai_SIEM" defined inside the app "Splunk_TA_siem_connector"?

dynamicly assigning index based on eventsize

deployment server serverclass.conf file index configuration

Splunk Log Monitoring

Forwarder Configuration - Cloud Setup

Why is the indexer discovery clear text password not being encrypted?

REST API Install local App

Why are the Universal Forwarders CPU spiking every hour?

Best way to implement an external script

SOAP API data input - Maintaining Auth

What is the forwarder to indexer compatibility matrix?

timestamp extraction from two places during index time within an event

How to Configure host = $decideOnStartup correctly?

How to extract JSON at index time?

Why is the data in index from using collect is not being indexed?

Splunk forwarders failing to send some of the Windows application Event logs for some devices

Why am I getting this error on the Universal Forwarder "Parameters must be in the form '-parameter value'"?

spkunk forwarder runit configuration

Unable to install splunk forwarder on SOLARIS SPARC

why are props.conf keys not recognized

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

SEDCMD trouble

Issue filtering events with regex and props.conf

Why am I receiving warning in Splunk log for timed...

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...