Getting Data In

Ask a Question

Discussions

Thread Info

Time series visualization on top count

Hi, Below is the search I am using to find the report_ID values that have top count. index=apache_web sourcetyp...

by Path Finder in

delete metrics data

I am trying to figure out how to delete metrics data. "| delete" doesn't work with mstats, is there another way? T...

by Engager in

Why are universal forwarders reporting "Error in SSL_read = 10054" trying to forward data to our two intermediate heavy forwarders?

Hi, We have a Splunk cluster where we have 1400 hosts with Universal Forwarders installed. These UFs are forwardin...

by Explorer in

Issues with Splunk_TA_nix and AIX

Customer reports various issues with Splunk_TA_nix with regards to the vmstat.sh, bandwidth.sh, passwd.sh and df.sh f...

by Splunk Employee in

Where is the logtype source type defined?

I've added a (universal) forwarder's local /var/log as a data input, specifying sourcetype = automatic. For audit.log...

by Contributor in

Shell script or python to to delete older than 6 months frozen data ?

Hello guys, Would you have an example of shell script or python to to delete older than 6 months frozen data? O...

by Motivator in

Why doesn't the LastLogon timestamp match betweeen the active directory (AD) and SA-LdapSearch information?

Good Morning, I have been using SA-LdapSearch for a project. I have had the same issue with the time for I see res...

by Communicator in

How to trouble shoot this ERROR TcpOutputFd - Connection to host=10.X.X.X failed ?

Hi All, Currently we have been informed that two of the Windows domain server is not reporting as expected, so when c...

by Motivator in

DATA filtering using Heavy forwarders

i was tyring to filter a set of data to indexer by filtering out few data and below are the sample logs and configura...

by Contributor in

Help in Configuring Indexes.conf

Hello Guys, I am trying to configure the indexes.conf, Here is the scenario, I need to have hot bucket for 6 month...

by New Member in

Whitelist Services? How

How do you whitelist services you wish to monitor and not forward redundant ones to the Splunk Server.... I've don...

by Path Finder in

Is Splunk planning to offer guidance on naming conventions in the Metrics Index in relation to CIM?

Splunk 7.0 introduced the Metrics Index feature and a whole new naming scheme. Is Splunk planning to use or offer ...

by Champion in

Why does the author appear as "nobody" from this search?

hi all~ | rest /services/apps/local author is nobody How do I find the real author?

by Engager in

What will be the final 6.x.x release prior to 7.0?

What will be the final 6.x.x release prior to 7.0? All of our servers are at 5.0.1 right now. At some point we'll upg...

by Path Finder in

CSV file import, problem with date format

I have been trying to onboard at custom dataset into splunk as a csv file. But the dateformat doesnt get right. 1...

by New Member in

How to get Cyberoam logs in splunk.?

please help me in detail step-by step i have no idea on Cyberoam.

by Engager in

What happens when the forwarder is configured to send data to a non-existent index?

Hello, I would like to know what happens when the forwarder is configured to send data to a non-existent index, ei...

by Explorer in

Testing props.conf file of app in $SPLUNK_HOME/etc/apps/my_app/local

I am having some issues breaking a multiline event properly. Each event starts with a 'Date ...' string that I can us...

by New Member in

Trying to ingest a stock price file into Splunk

Goodday, I am a Newbie. Am trying to ingest a stock price file into Splunk, I open Splunk by using http://localhos...

by New Member in

How to extract the Fields from .txt file

I am indexing Server.txt file from 1000+ forwarders. The file format is as below. I want to extract below header valu...

by Explorer in

Universal Forwarder, Server Class.

I install UF on linux client. Than I ./splunk set deploy-poll *.*.*.*:8089 Client did not appear in Forwarder...

by Builder in

Splunk Windows Firewall log file pfirewall.log

Hello, I'm very new to Splunk and trying to use it to gather local Windows Firewall Log file information. I thought ...

by New Member in

how route data to specific index when we use heavy forwarder?

I build distributed Splunk Enterprise network the network flow is like below UF--->HF------->IDX----->SH In which I m...

by Explorer in

How to move index from main to custom index?

Hello I failed and miss index for nginx and all logs saved to main. Now I created new index "nginx_logs" and how me m...

by Builder in

How to apply Time Zone TZ = UTC to only 14 hosts out of 16

Let's say we have 16 hosts with the same sourcetype=devicetype 14 hosts are in UTC, 2 hosts are in EST (local) time z...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Time series visualization on top count

delete metrics data

Why are universal forwarders reporting "Error in SSL_read = 10054" trying to forward data to our two intermediate heavy forwarders?

Issues with Splunk_TA_nix and AIX

Where is the logtype source type defined?

Shell script or python to to delete older than 6 months frozen data ?

Why doesn't the LastLogon timestamp match betweeen the active directory (AD) and SA-LdapSearch information?

How to trouble shoot this ERROR TcpOutputFd - Connection to host=10.X.X.X failed ?

DATA filtering using Heavy forwarders

Help in Configuring Indexes.conf

Whitelist Services? How

Is Splunk planning to offer guidance on naming conventions in the Metrics Index in relation to CIM?

Why does the author appear as "nobody" from this search?

What will be the final 6.x.x release prior to 7.0?

CSV file import, problem with date format

How to get Cyberoam logs in splunk.?

What happens when the forwarder is configured to send data to a non-existent index?

Testing props.conf file of app in $SPLUNK_HOME/etc/apps/my_app/local

Trying to ingest a stock price file into Splunk

How to extract the Fields from .txt file

Universal Forwarder, Server Class.

Splunk Windows Firewall log file pfirewall.log

how route data to specific index when we use heavy forwarder?

How to move index from main to custom index?

How to apply Time Zone TZ = UTC to only 14 hosts out of 16

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

SC4S Syslog server update fails during download wi...

Event break multiline PowerShell Transcript Log

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Getting Data In

Are you a member of the Splunk Community?

Discussions