Getting Data In

Discussions

Thread Info

Blacklist log events (not log filenames) using a string to limit events forwarding to Splunk Indexers

I have a dns log that is very chatty with internal requests (e.g. localserver5.internal). I would like to forward dns...

by Contributor in

How to configure the input to index Task scheduler logs from a windows machine?

Hello All, can any one please help me out in how to index the Task scheduler logs from the windows box..?? Need...

by Explorer in

Windows XP, Splunk keeps converting User Account Name to some random ID, how to avoid the converting?

[WinEventLog://Security] disabled=0 start_from=oldest current_only=0 evt_resolve_ad_obj=0 checkpointInterval=5 whitel...

by Path Finder in

Will monitored files that are renamed be reindexed?

I have an application that uses rolling logging. The rolling logging works as such: logs are initially written to ...

by Path Finder in

How to monitor and index tar.gz files in Splunk?

I have a tar.gz file and I wan't to continuously monitor it. I tried to index it to Splunk Enterprise via Settings>Da...

by Communicator in

Persistent Queue not working for Heavy Forwarder on Splunk Enterprise 6.3.2

Hi all, I am current trying to test persistent queue to see whether it works on heavy forwarder. However, it doesn...

by Explorer in

How do you get data into Splunk Enterprise with a universal forwarder?

I installed a Splunk Enterprise 7.0 on a Unix machine and wish to get data from a Windows machine (any data would suf...

by Path Finder in

Trouble getting data to indexer from fortigate

I am not getting data to my indexer(centos) from fortigate firewall. Port 514 is open but i am unable to telnet. Is t...

by Path Finder in

Data masking using heavy forwarders

Been trying to mask data before indexing into indexer using heavy forwarders. below is the log sample and data am try...

by Contributor in

Trouble installing Splunk Enterprise for Windows 64-bit

In trying to go through the training, I installed Splunk Enterprise for Windows 64-bit and it will not start. This...

by New Member in

Time series visualization on top count

Hi, Below is the search I am using to find the report_ID values that have top count. index=apache_web sourcetyp...

by Path Finder in

delete metrics data

I am trying to figure out how to delete metrics data. "| delete" doesn't work with mstats, is there another way? T...

by Engager in

Why are universal forwarders reporting "Error in SSL_read = 10054" trying to forward data to our two intermediate heavy forwarders?

Hi, We have a Splunk cluster where we have 1400 hosts with Universal Forwarders installed. These UFs are forwardin...

by Explorer in

Issues with Splunk_TA_nix and AIX

Customer reports various issues with Splunk_TA_nix with regards to the vmstat.sh, bandwidth.sh, passwd.sh and df.sh f...

by Splunk Employee in

Where is the logtype source type defined?

I've added a (universal) forwarder's local /var/log as a data input, specifying sourcetype = automatic. For audit.log...

by Contributor in

Shell script or python to to delete older than 6 months frozen data ?

Hello guys, Would you have an example of shell script or python to to delete older than 6 months frozen data? O...

by Motivator in

Why doesn't the LastLogon timestamp match betweeen the active directory (AD) and SA-LdapSearch information?

Good Morning, I have been using SA-LdapSearch for a project. I have had the same issue with the time for I see res...

by Communicator in

How to trouble shoot this ERROR TcpOutputFd - Connection to host=10.X.X.X failed ?

Hi All, Currently we have been informed that two of the Windows domain server is not reporting as expected, so when c...

by Motivator in

DATA filtering using Heavy forwarders

i was tyring to filter a set of data to indexer by filtering out few data and below are the sample logs and configura...

by Contributor in

Help in Configuring Indexes.conf

Hello Guys, I am trying to configure the indexes.conf, Here is the scenario, I need to have hot bucket for 6 month...

by New Member in

Whitelist Services? How

How do you whitelist services you wish to monitor and not forward redundant ones to the Splunk Server.... I've don...

by Path Finder in

Is Splunk planning to offer guidance on naming conventions in the Metrics Index in relation to CIM?

Splunk 7.0 introduced the Metrics Index feature and a whole new naming scheme. Is Splunk planning to use or offer ...

by Champion in

Why does the author appear as "nobody" from this search?

hi all~ | rest /services/apps/local author is nobody How do I find the real author?

by Engager in

What will be the final 6.x.x release prior to 7.0?

What will be the final 6.x.x release prior to 7.0? All of our servers are at 5.0.1 right now. At some point we'll upg...

by Path Finder in

CSV file import, problem with date format

I have been trying to onboard at custom dataset into splunk as a csv file. But the dateformat doesnt get right. 1...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Blacklist log events (not log filenames) using a string to limit events forwarding to Splunk Indexers

How to configure the input to index Task scheduler logs from a windows machine?

Windows XP, Splunk keeps converting User Account Name to some random ID, how to avoid the converting?

Will monitored files that are renamed be reindexed?

How to monitor and index tar.gz files in Splunk?

Persistent Queue not working for Heavy Forwarder on Splunk Enterprise 6.3.2

How do you get data into Splunk Enterprise with a universal forwarder?

Trouble getting data to indexer from fortigate

Data masking using heavy forwarders

Trouble installing Splunk Enterprise for Windows 64-bit

Time series visualization on top count

delete metrics data

Why are universal forwarders reporting "Error in SSL_read = 10054" trying to forward data to our two intermediate heavy forwarders?

Issues with Splunk_TA_nix and AIX

Where is the logtype source type defined?

Shell script or python to to delete older than 6 months frozen data ?

Why doesn't the LastLogon timestamp match betweeen the active directory (AD) and SA-LdapSearch information?

How to trouble shoot this ERROR TcpOutputFd - Connection to host=10.X.X.X failed ?

DATA filtering using Heavy forwarders

Help in Configuring Indexes.conf

Whitelist Services? How

Is Splunk planning to offer guidance on naming conventions in the Metrics Index in relation to CIM?

Why does the author appear as "nobody" from this search?

What will be the final 6.x.x release prior to 7.0?

CSV file import, problem with date format

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions