Getting Data In

Discussions

Thread Info

How to blacklist a log data from being monitored from router device ending with host name 03r /04r and keeping other devices still monitored?

Hi All, My exact requirement, currently we need to route two router devices at the site 03r and 04r point to index=ne...

by Motivator in

Load Balancing with universal forwarders as intermediate layer

In current design, we proposed two load balanced HFs to collect the data from 200+ end-points and pass it to next lev...

by Explorer in

Getting Error from TailReader

Hello, I am trying to upload a .csv file through my auto-index and I am getting this error in my internal logs " -...

by Path Finder in

How to use K-anonymity with Splunk?

Hello, Let's say i have a csv file that contains sensitive data, I want on index to group multiple lines as one event...

by New Member in

Help needed with Search to correlate Windows Event Logs

Hi All, I have a requirement to write a Splunk query that will alert if windows event logs capture three EventCod...

by Explorer in

High Availability for Heavy forwarder configuration?

Current setup of Splunk Instance is 10 UF---->2HF---->3IDX, In HF for load balance we go with config of autoLB with ...

by New Member in

Process monitoring in Windows

Hi, In our system, there will be multiple java.exe process will be running, we are in need for monitoring the cpu ...

by New Member in

What happens if you specify two paths in a volume in indexes.conf?

What happens if you specify two paths in a volume in indexes.conf? For example: [volume:example] path = /opt/splu...

by Communicator in

Parse JSON nested inside a Windows Event

Hello, I am looking for a way to parse the JSON data that exists in the "Message" body of a set of Windows Events. Id...

by Engager in

How do I get an older version of Splunk DB Connect 1, particularly version 1.1.7?

Hi, I am unable to get DB Connect 1, version 1.2 to work, and I'd like to try 1.1.7, but I can't find it. How do I...

by Champion in

Can I forward local text log files from my laptop to Splunk (for testing purposes)? Splunk and the forwarder would be on the same laptop in this hypethical.

How to use Splunk Forwarder in my personal laptop for testing purpose and forward the data to Splunk from a monitored...

by New Member in

Search using metadata returns different results

I'm getting different search results for the metadata I added to my log events. What did I misconfigure? Added to ...

by New Member in

Splunk Forwarding audittrail data to third party system via syslog not working

Attempting to forward audittrail sourcetype data via syslog to our existing SIEM. I have a similar setup already work...

by Path Finder in

Retrieve JSON payload using REST API

Hi, I have an application that exposes performance metrics via a REST API. - that is - I can issue a HTTP REST mes...

by New Member in

Removing all white spaces from event at Index time

Hi all, I want to remove the whitespaces from only the account value, and not the whole event at index time. Is t...

by Path Finder in

How can I monitor a specific process in Windows using a forwarder?

I want to monitor a specific process in windows server using Splunk forwarders. for example. our servers will run ...

by New Member in

Files not indexing due to fast rotation

Hi All, Hope you are doing good. I have come across a difficult situation in indexing a file. We have few Unive...

by Path Finder in

Another JSON Event Break Assistance request ..

An excerpt from my JSON output ... Trying to Event break at the following line "type": "story", where a new event ...

by Builder in

timestamp and line breaks

The timestamp and linebreaking doesn't seem to be working as expected. They are nagios/pnp4nagios logs. I get a burst...

by Contributor in

How do I convert a timestamp?

Hi, I have a field with timestamp value "2017-09-21T20:48:48.535427Z" in format. I need to convert it to "09/21/20...

by Builder in

Are inputs.conf attribute values case sensitive?

[monitor:///tmp/ABC.txt] is my monitor stanza. But if i have the file welcomeabcdef.txt that is "abc" (lowercase i...

by Path Finder in

Unable to send same source data to two different logical indexes and two different indexers groups.

Hi All, Facing few challlenges, mine is playing around with the same transforms. I'm trying to achieve the same...

by Path Finder in

how to split a log file which contain multiple KPI information as many individual events using the delimiter "==========="?

[Pra] KPI_DB_001: Transactions per sec Detailed breakdown of processing time % Total *****************************...

by Engager in

How to display time, host, source type when the statement is as follows:

I have a stack trace for one particular error like this, [9/20/17 5:40:13:428 EDT] 000000e0 SystemOut O 20 Sep 2017 0...

by New Member in

I would like to understand if it is possible to work with multiple CPUs in the Heavy Forwarder.

I would like to understand if it is possible to work with multiple CPUs in the Heavy Forwarder. In my current arch...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to blacklist a log data from being monitored from router device ending with host name 03r /04r and keeping other devices still monitored?

Load Balancing with universal forwarders as intermediate layer

Getting Error from TailReader

How to use K-anonymity with Splunk?

Help needed with Search to correlate Windows Event Logs

High Availability for Heavy forwarder configuration?

Process monitoring in Windows

What happens if you specify two paths in a volume in indexes.conf?

Parse JSON nested inside a Windows Event

How do I get an older version of Splunk DB Connect 1, particularly version 1.1.7?

Can I forward local text log files from my laptop to Splunk (for testing purposes)? Splunk and the forwarder would be on the same laptop in this hypethical.

Search using metadata returns different results

Splunk Forwarding audittrail data to third party system via syslog not working

Retrieve JSON payload using REST API

Removing all white spaces from event at Index time

How can I monitor a specific process in Windows using a forwarder?

Files not indexing due to fast rotation

Another JSON Event Break Assistance request ..

timestamp and line breaks

How do I convert a timestamp?

Are inputs.conf attribute values case sensitive?

Unable to send same source data to two different logical indexes and two different indexers groups.

how to split a log file which contain multiple KPI information as many individual events using the delimiter "==========="?

How to display time, host, source type when the statement is as follows:

I would like to understand if it is possible to work with multiple CPUs in the Heavy Forwarder.

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

UF

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout