Getting Data In

Community Activity

How to handle large amount of log volume and reduce single points of failure running Splunk Enterprise on AWS EC2? We're currently running Splunk Enterprise on AWS EC2 as a single instance deployment. We have ~ 10,000 forwarders pu... by rosenzw New Member in Getting Data In 01-31-2018 0 7	0	7
Is it possible to add comments to lines in a CSV file? Is it possible to add comments to lines in a csv file? I'd like to be able to #comment. For example, csv list of IP ... by mikesangray Path Finder in Getting Data In 01-31-2018 0 6	0	6
How to edit props.conf to exclude headers in CSV files from getting indexed? Hi, I have a CSV file with header that is monitored by Splunk. Rows are correctly read, but the headers are also inc... by SirHill17 Communicator in Getting Data In 01-31-2018 0 9	0	9
What can be done with an indexer in a "hung" state? We reach situations where one out of the ten indexers reaches a "hung" state. All the large queues are filled up for... by ddrillic Ultra Champion in Getting Data In 01-31-2018 0 4	0	4
Can a Heavy Forwarder both be a receiver and a forwarder? We currently use nxlog on our Windows domain controllers to forward logs one destination. With nxlog I can forward... by jwalzerpitt Influencer in Getting Data In 01-31-2018 0 5	0	5
What is the difference between splunk forwarder and syslog diversion to index? Hi , I would like to know the difference between Splunk forwarder and syslog diversion to indexer . I use Linux and... by rageshkg New Member in Getting Data In 01-31-2018 0 1	0	1
Why am I unable to receive logs after a new index is configured in my environment? A new index is configured in our environment and all required settings are being made. But we are still not receiving... by Utkarsh_Singh New Member in Getting Data In 01-31-2018 0 3	0	3
Props/transforms issue with host extraction and Line breaking Transforms.conf [force_host_for_testdata] DEST_KEY = MetaData:Host REGEX = server:([^\]+) FORMAT = host::$1 [force_... by sidhantbhayana Path Finder in Getting Data In 01-30-2018 0 6	0	6
SPECIFIC sourcetypes are not forwarded while everything is forwarded.Splunk Forwarder is showing that log file is emptyline as a WARN message in Splunkd.log as Follow : Splunk Forwarder is showing that log file is emptyline as a WARN message in Splunkd.log as Follow : 01-23-2018 20:5... by akhil36109 New Member in Getting Data In 01-30-2018 0 0	0	0
Configure SYSLog on a Windows Server Hello, my question might be dumb but it is worth to ask, On a Windows Servers, how do i configure to send the authe... by jesusgalloEMC Explorer in Getting Data In 01-30-2018 0 1	0	1
How to pass Auth Key in Threat Intelligence Download URL? I created a 'Threat Intelligence Download' mod input and I am needing to pass Auth Key as I was getting an error as "... by harish_ka Communicator in Getting Data In 01-30-2018 1 1	1	1
What conf files must I update to change the 50000 limit for external scripts? Hello, I currently have an external python script that is called by my search to manipulate data. Everything works ... by andrewtrobec Motivator in Getting Data In 01-30-2018 0 2	0	2
Splunkforwarder not collecting some logging data from host? Running Splunk 6.5.0, host in question is a linux box, seeing that it's collecting _internal logs, other defined "app... by joesrepsol Path Finder in Getting Data In 01-30-2018 0 2	0	2
The Common Information Model, Syslog logs, and unsure where to go from here. Hey splunk>answers, As the title suggests I'm not sure what or how I should go about any of this. The long story sho... by tentontitan New Member in Getting Data In 01-30-2018 0 2	0	2
SEDCMD not executing I am trying to clean up some log data at index time using SEDCMD. I have a custom sourcetype (cloudfront_http) tha... by jcbrendsel Path Finder in Getting Data In 01-30-2018 0 8	0	8
How to use Splunk to check a directory to see if it exceeds 200 files to send an alert? Using Windows version of Splunk to check a directory and if it exceeds 200 files, send an alert. Thank you for your ... by Falcon1 New Member in Getting Data In 01-30-2018 0 5	0	5
How do we assign each JSON document to a distinct event? We have a case in which multiple json documents are being clamped together into one Splunk event. How do we untangle ... by ddrillic Ultra Champion in Getting Data In 01-30-2018 0 14	0	14
Monitoring large amounts of SCADA type data and producing reports Hi, I'd like to use Splunk to be able to monitor a large amount of SCADA type data e.g. a sensor which updates each... by streddy Explorer in Getting Data In 01-30-2018 1 4	1	4
Refresh Transform Hi I am trying to define a new transform.conf in SPLUNK 7 so that a lookup can take a wild character. The initial... by robertlynch2020 Influencer in Getting Data In 01-30-2018 0 1	0	1
Why does search via REST API only outputs internal debug data? Hi, we have a Splunk 5 system running. When we try to do a search via the REST API, we get debug output information b... by tpaulsen Contributor in Getting Data In 01-30-2018 0 2	0	2
AggregatorMiningProcessor - Log ERROR Hello all, I am facing the below error and I dont know the reason for that. Does someone know the possible reasons t... by danillopavan Communicator in Getting Data In 01-30-2018 0 4	0	4
File Monitor: Avoid indexing files during the copy process Hello, I have a problem with the file monitor. I guess it's not the right way using it, but I don't know any other m... by BMacher Path Finder in Getting Data In 01-30-2018 0 3	0	3
Why is the event line breaking not working properly for JSON format? I tried a few solutions but none worked for me so far: answer-614348 I have an application that writes in some sort... by fmorar Engager in Getting Data In 01-30-2018 0 2	0	2
HTTP Event Collector 400 Bad Request I am sending a request to Splunk using .NET code which returns a response of (400) Bad Request. The bytes are seen as... by KP2018 New Member in Getting Data In 01-29-2018 0 3	0	3
What happens when indexer encounters an event with timestamp older than configured retention period I had this particular scenario where I was not able to assert Splunk indexer behavior. Retention period for a index i... by immortalraghava Path Finder in Getting Data In 01-29-2018 0 4	0	4