Getting Data In

Community Activity

How to properly disable a WatchedFile using the Universal Forwarder? On Solaris 10/11 - Our $SPLUNK_HOME/var/log/splunk/splunkd.log file has many of the following messages, 1 per second... by thabben Engager in Getting Data In 01-12-2018 0 2	0	2
Inconsistent linebreaker behavior Hello all, I have configured the props file to NOT break the event when encounters a new line with a date, however, ... by danillopavan Communicator in Getting Data In 01-12-2018 0 38	0	38
splunk shell scripted input not working `!/bin/sh touch $SPLUNK_HOME/etc/apps/check-status-inputs/status.txt SERVICE_STATUS=`systemctl status stackdriver-age... by saifuddin9122 Path Finder in Getting Data In 01-12-2018 0 2	0	2
Multiline event breaking not working I have a log source for LDAP that includes a mix of single line events and multiline events. The multiline events lo... by responsys_cm Builder in Getting Data In 01-12-2018 0 1	0	1
Universal Forwarder resending event log data If the IP address for a host changes or if it gets a new GUID, would the forwarder resend the entire Windows event lo... by splunkjas1 Path Finder in Getting Data In 01-12-2018 0 9	0	9
Not getting data from Heavy Forwarder Hello, Recently we have deployed the Splunk Enterprise. Our moto is to monitor Wi-Fi usage, our Wi-Fi devices sending... by munisankar New Member in Getting Data In 01-12-2018 0 21	0	21
Duplicate entries in index with JSON and missing values When I index JSON files I get duplicate entries in the Splunk index and some values are not indexed at. Example of t... by rbruinsma New Member in Getting Data In 01-12-2018 0 11	0	11
Under Web Analytics what does Top ClientIPs="-" mean? Under Web Analytics what does Top ClientIPs="-" mean? by ajay2614 New Member in Getting Data In 01-11-2018 0 1	0	1
Cisco eStreamer - Some IPS events have incorrect SID Versions Splunk Enterprise v7.0.0 Cisco eStreamer eNcore v3.0.0 Problem I currently have an issue where eStreamer ... by datorres Explorer in Getting Data In 01-11-2018 0 0	0	0
Json event breaking no longer working since forwarding method changed from using a universal forwarder to AWS Firehose Hello! I have some json data being generated by a client-side tool: { "name": "open_sockets", "hostIdentifi... by gary_richardson Path Finder in Getting Data In 01-11-2018 0 12	0	12
Where is the data for my monitor file var/log/zimbra.log file? I set up a monitor zimbra.log file, but I find it is missing the data pushed to the Splunk server compared to the act... by vumanhtai Path Finder in Getting Data In 01-11-2018 0 4	0	4
weblogic and line breaking i am trying to read the weblogic DefaultAuditRecorder.log which looks like this (and doesn't seem to be covered in th... by murhammr Path Finder in Getting Data In 01-11-2018 0 14	0	14
How to split one massive log file across multiple indexers? Is it possible to ingest one huge log file (100gb uncompressed) and round robin CHUNKS of the data to multiple indexe... by thisissplunk Builder in Getting Data In 01-11-2018 0 9	0	9
I am not able to run splunkkd service on windows10 Please find the attached error which is getting and let me know, if anyone find the solution for this error. Thanks,... by RAM2521 Engager in Getting Data In 01-11-2018 0 3	0	3
Creating new soucertype using Props.conf and transform.conf All my network data comes to default source type irrespective of type of devices. index = network sourcetype = netw... by raomu Explorer in Getting Data In 01-11-2018 0 4	0	4
Splunk Forwarder from public server to local server on a network Hello, I was able to set splunk forwarder from local server to local splunk server on our network. How can i set it ... by johnnykhoueiry Explorer in Getting Data In 01-11-2018 0 3	0	3
Could you please help me write the timestamp extraction for below events. Hi Folks. Could you please help me write the Time_perfix and Time_format extraction for below events. 07:22:50,932 ... by lksridhar Explorer in Getting Data In 01-11-2018 0 2	0	2
Windows Physical Memory Usage I have a Splunk forwarder installed on a Windows 2008 box. I have no issues getting back standard information, anythi... by nickkoe Explorer in Getting Data In 01-11-2018 1 2	1	2
Detect gaps in Windows Universal forwarder eventstrem Hello, We have Splunk 6 running with Universal forarders on all our Windows servers. The forwarders are used to tran... by coenvandijk Observer in Getting Data In 01-11-2018 0 1	0	1
Splunk windows docker image Dear Splunk team, I am trying to pull docker windows image. I can find only the linux image in the docker store. ht... by splunksundar Explorer in Getting Data In 01-11-2018 2 6	2	6
The "level" field is being automatically added by splunk, how to we ask splunk to extract log level from my json message ? The "level" field is being automatically added by splunk, how to we ask splunk to extract log level from my json mess... by kishoresanke New Member in Getting Data In 01-10-2018 0 9	0	9
universal forwarder vs. dedicated rsyslog/syslog-ng servers to forward syslog to splunk indexer Conventional wisdom for collecting syslog data from external sources (network equipment, etc) was to put a couple of ... by jeff Contributor in Getting Data In 01-10-2018 5 5	5	5
Why is the forwarder sending data to dev? Our forwarder has the following - $ cat /opt/splunk/splunkforwarder/etc/system/local/deploymentclient.conf [target-b... by ddrillic Ultra Champion in Getting Data In 01-10-2018 0 6	0	6
How to configure inputs.conf to send data from 1 directory to 2 different clusters with different index/sourcetype We have a scenario where we need to forward data from 1 directory to 2 different indexer clusters. While this is achi... by tusharsaran1 Path Finder in Getting Data In 01-10-2018 0 9	0	9
Please provide the time_prefix and time_format for below event type. Hi folks, Could you please anyone provide the TIME_PREFIX and TIME_FORMAT for below events type. 10.30.3.247 - - [0... by lksridhar Explorer in Getting Data In 01-10-2018 0 4	0	4