Getting Data In

Discussions

Thread Info

-0500 ERROR TcpOutputFd - Read error. Connection reset by peer. not not able to forward data into index

$ tail -f splunkd.log 06-19-2017 06:08:12.823 -0500 ERROR TcpOutputFd - Read error. Connection reset by peer 06-19-20...

by Engager in

Where can I find the complete documentation of configuration options for universal forwarder?

In the Forwarder manual (http://docs.splunk.com/Documentation/Forwarder/6.6.3/Forwarder/Abouttheuniversalforwarder), ...

by New Member in

Create Table from json data

Hi I have a json input that has the following format: { "body": { "1": { "dataId": 1, "first": "Mihail", "address"...

by Motivator in

Looking for network traffic from a list of domain names in firewall traffic that only has IP addresses.

I have a csv file with domain names. I need to search my firewall traffic to see if any traffic matches to/from any o...

by Path Finder in

Problem filtering with props.conf and transform.conf

Hi, I parsed a lot of post on splunk answers, but I still have a problem to filter a specific sourcetype. Here...

by Communicator in

FREE Splunk that permits up to 500MB volume per day. How do I obtain this?

Hello! How do I obtain a free version of Splunk that permits up to 500MB volume per day maximum? Is this something...

by Communicator in

How can I use a CSV of email addresses to search indexed data?

Hi everyone, I'm having a little trouble querying with a CSV and wondered if you could provide assistance. I ha...

by New Member in

Where does props.conf need to exist in a distributed deployment?

I think I need to push this from the deployment to each device or at least the forwarder and search head. I have 5...

by Path Finder in

Are there any apps for Apache and/or Tomcat?

Hi Guys,looking for any app that deals with Tomcat and Apache.

by Path Finder in

Log that has wildly different times, but Splunk thinks it is a single event

It recognizes the datetime correctly based on the first line, but it seems to randomly be grouping up lines. Examp...

by New Member in

Issue with specifying sourceype when logging data from multiple servers

While ingesting the data all the logs from the server are falling into single source type. Can any one suggest me how...

by New Member in

Start Splunk using batch file

Hi all, I want splunk start using batch script ,when splunk is stopped.. I tried like this .. when splunk status is s...

by Motivator in

DMC and dual purpose Splunk server

I have an indexer and universal forwarder on the same server. The reason for this is that the connection from the ind...

by Splunk Employee in

Data being auto-indexed as .tmp file instead of .csv

Hello, I have an auto-index set up on a folder in my splunk directory and the past two times when a user copied th...

by Path Finder in

WinEventLogs breaking the field extractions when sent to a third-party. Why?

Im able to Send the WinEventlogs to third party server through SYSLOG TCP port. But the props which i have created is...

by Loves-to-Learn in

how to add a column "seen in last 24 hours" to my current report and verify the list of hosts from the csv file were reporting into splunk from last 24 hours or not?

I have a query which contains multiple csv files as lookup tables and their result contains list of hosts and their d...

by Builder in

Anonymize Data in Splunk Search

Hey, I am running a local instance of splunk for testing purposes. The aim is toAnonymize certain parts of the data t...

by Explorer in

In selective indexing with defaultGroup=noforward, do I have to worry about adding _INDEX_AND_FORWARD_ROUTING to Splunk default inputs also?

I'm reading the section Index one input locally and then forward all inputs in Route and Filter data where selectiveI...

by Motivator in

How to combine different types of events from different data sources into one event?

Hello I have three different data sources (so 3 different types of events) DataSource_1: Event_Number Ticket D...

by Path Finder in

How can I filter a transaction that contains multiple matches - and force a numeric sort?

I have used the 'transaction' command to isolate transactions that are made up of roughly 45 events each. I have a re...

by Path Finder in

Does Splunk provide fully supported Docker universal forwarder ?

We are looking at using the Docker Universal Forwarder for logging forwarding from the official GitHub Splunk reposit...

by Explorer in

Splunk not detecting local files recursively.

I am I have a couple hundred log files I pulled from client computers using powershell. I am experimenting with havin...

by Path Finder in

Splunk is ingesting archive files of syslog data that has already been ingested.

our setup 2 SH, 1 deployment server, 1 license server and 2 indexers , our two indexers are also syslog servers and t...

by Communicator in

Why do I get errors for index=ALL when using | delete?

When deleting via index=xxx sourcetype=yyyy | delete I got the following page - So, in addition to the pro...

by Ultra Champion in

Should I "normalize" data prior to indexing?

I have the opportunity to pull in some ticket system data and create some statistics / visualizations. The data consi...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

-0500 ERROR TcpOutputFd - Read error. Connection reset by peer. not not able to forward data into index

Where can I find the complete documentation of configuration options for universal forwarder?

Create Table from json data

Looking for network traffic from a list of domain names in firewall traffic that only has IP addresses.

Problem filtering with props.conf and transform.conf

FREE Splunk that permits up to 500MB volume per day. How do I obtain this?

How can I use a CSV of email addresses to search indexed data?

Where does props.conf need to exist in a distributed deployment?

Are there any apps for Apache and/or Tomcat?

Log that has wildly different times, but Splunk thinks it is a single event

Issue with specifying sourceype when logging data from multiple servers

Start Splunk using batch file

DMC and dual purpose Splunk server

Data being auto-indexed as .tmp file instead of .csv

WinEventLogs breaking the field extractions when sent to a third-party. Why?

how to add a column "seen in last 24 hours" to my current report and verify the list of hosts from the csv file were reporting into splunk from last 24 hours or not?

Anonymize Data in Splunk Search

In selective indexing with defaultGroup=noforward, do I have to worry about adding _INDEX_AND_FORWARD_ROUTING to Splunk default inputs also?

How to combine different types of events from different data sources into one event?

How can I filter a transaction that contains multiple matches - and force a numeric sort?

Does Splunk provide fully supported Docker universal forwarder ?

Splunk not detecting local files recursively.

Splunk is ingesting archive files of syslog data that has already been ingested.

Why do I get errors for index=ALL when using | delete?

Should I "normalize" data prior to indexing?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures