Getting Data In

Discussions

Thread Info

Trouble getting the Windows universal forwarder to forward data

Hello all, I can't seem to get the windows universal forwarder to forward data. - Splunk indexer (7.x.x) is on CentOS...

by Path Finder in

Does Splunk allow you to validate structure of a file?

Hi, I need to be able to validate the format of a file. This entails checking if a date column is actually a date ...

by Path Finder in

Enrich Data with Lookup File

Hi all I'm trying to enrich sone data with a csv lookup file. I've created the csv and defined the lookup but I ca...

by Path Finder in

Windows NT to forward logs to Splunk Enterprise, how?

I've been tasked to forward logs from Windows NT to Splunk Enterprise however, there is no Syslog inbuilt for Windows...

by Path Finder in

ESXi, Vmware, logs by udp syslog

Installed addon Splunk_TA_esxilogs from https://splunkbase.splunk.com/app/3215/ and moved to /depployment-appsConfigu...

by Builder in

logs by udp syslog

HI at all I have a very strange thing: I'm using Splunk 7.0.0 in all systems. I have two Heavy Forwarders with a Load...

by SplunkTrust in

how to index locally and forward a specific sourcetype

Hello, When events with a specific sourcetype arrive on my indexers, I would like to have both local indexing (de...

by Communicator in

events were not deleted and delete-query hangs

Currently, we want to delete some events (that is, all events with a certain sourcetype in a defined range in 2016) f...

by Path Finder in

filter a table in a dashboard from textbox

Hello, This seems like it should be straightforward but I am struggling to find a solution. I would like to filter...

by Path Finder in

How to resolve "ERROR ExecProcessor...No such file or directory" error from a python script through a universal forwarder?

Hi to all, I installed on monitored server, by universal forwarding, an app that uses python script to load data abou...

by Explorer in

Use JSON epoch date time instead of index time

I have a JSON that is for emails like the following: { [-] computer: { [+] } date: 2018-...

by Path Finder in

Forwarding specific data?

Hi Guys, My question is, is it possible to only forward specific data to my Splunk environment? So my situati...

by Communicator in

Need help executing a script with powershell v3 Modular Input

Could somebody help me with this problem, i have simple powershell script: Write-Host "Num Args:" $args.Length; fo...

by Engager in

How To Compare Dates Between Two Different Sourcetypes

I want to calculate how long it takes until a event from one sourcetype switches to another sourcetype. For example e...

by Path Finder in

How to request an accelerated report via REST?

Hi, We have a requirement to pull data out of a report that they want updated at (near-enough) real time, so we've...

by Communicator in

Why do we need to set up same instances on every Indexer for Distributed search?

Let' s say 2 servers behaving as Indexers which have Splunk Enterprise already deployed on them. There is one For...

by Explorer in

event duplication every time I update my Json input file. Can I avoid or do I even need to care (ie I can 'dedup' my searches)?

I am a new user to Splunk and had the assumption that when using a json file as a continuously monitored datasource S...

by New Member in

How to line break this structured log?

I have a script generating an output, however all my output is being registered as one event. I am trying to break ea...

by Path Finder in

Field Extraction

I am trying to extract a field but it is not working properly. I am able to extract single words but when spaces gets...

by Path Finder in

License usage for one index broken down by sourcetype

How can I get a license usage for one index broken down by sourcetype? I know this question came up recently in diffe...

by Ultra Champion in

How to monitor Microsoft SQL server using the Splunk Add-on for Microsoft SQL server ?

Hi All, I have a requirement from data base team to monitor bunch of Microsoft SQL server in our organization. I had ...

by Motivator in

How to monitor a Error Log file on Remote Windows machine via the inputs.conf ?

Hi All, We have more than 100 + servers that needs to be monitored via splunk to capture SQL Error logs from these se...

by Motivator in

How do I monitor only the changes to Windows Registry?

How do I monitor only the changes (add, delete, change value) to Windows Registry? I am only interested in seeing cha...

by Explorer in

How to integrate Splunk with Netcool OMNIbus?

Hi, We are looking to integrate Splunk 6.x with Netcool OMNIbus. Please help us how can we proceed. Thanks!!

by New Member in

Splunk Query Fails When I use '/' in Query

I have a query as follows: index="idx" sourcetype="st" host="host" |search Port=1/0/23 It shows "No Results Found"...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Trouble getting the Windows universal forwarder to forward data

Does Splunk allow you to validate structure of a file?

Enrich Data with Lookup File

Windows NT to forward logs to Splunk Enterprise, how?

ESXi, Vmware, logs by udp syslog

logs by udp syslog

how to index locally and forward a specific sourcetype

events were not deleted and delete-query hangs

filter a table in a dashboard from textbox

How to resolve "ERROR ExecProcessor...No such file or directory" error from a python script through a universal forwarder?

Use JSON epoch date time instead of index time

Forwarding specific data?

Need help executing a script with powershell v3 Modular Input

How To Compare Dates Between Two Different Sourcetypes

How to request an accelerated report via REST?

Why do we need to set up same instances on every Indexer for Distributed search?

event duplication every time I update my Json input file. Can I avoid or do I even need to care (ie I can 'dedup' my searches)?

How to line break this structured log?

Field Extraction

License usage for one index broken down by sourcetype

How to monitor Microsoft SQL server using the Splunk Add-on for Microsoft SQL server ?

How to monitor a Error Log file on Remote Windows machine via the inputs.conf ?

How do I monitor only the changes to Windows Registry?

How to integrate Splunk with Netcool OMNIbus?

Splunk Query Fails When I use '/' in Query

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!