Getting Data In

Ask a Question

Discussions

Thread Info

Send data to heavy forwarder to filter events AND change sourcetype - help please

Hello, As the question states, i'm looking to send events from a universal forwarder to a heavy forwarder to have ...

by Path Finder in

Adding additional column after grouping for JSON records

The incoming logs are stored in Splunk in a JSON format. Example JSON records below. Entry 1 : { data:[ ...

by Explorer in

Heavy Forwarder not showing in Deployment Server

Hi Team, I am facing a very strange issue. I have two heavy forwarder, let say host1 and host2. I am getting da...

by Communicator in

How to handle LINE_BREAKER regex for multiple capture groups? Specifically now that we are getting both ip4 and ip6 logs?

In the past we had an easy LINE_BREAKER regex that broke on newlines where an ip4 was present ([\r\n]+)\d+.\d+.\d+.\d...

by Contributor in

How to confirm a udp input is running?

Hi, I'm having issues with what should be a very basic setup. I have an appliance sending syslog messages to a hea...

by Champion in

Some host's IP address not being resolved to hostname for syslog data sent to udp port 514

Prior to setting connection_host to DNS for udp:514, all my hosts sending data via syslog got indexed with the host f...

by Path Finder in

How to prevent directory bombs on forwarders?

Spent all day yesterday trying to figure out why a client's logs weren't indexing. Most of the time I had no access t...

by Influencer in

Search for account failing a log on at repeating intervals

I'm trying to make a search that looks for an account trying to log onto a destination at a repeating interval. This ...

by Communicator in

How to change a host from test01 to test02 for a specific sourcetype ?

Hi All, Currently we have request to change only the host from test01 to test02 for a sourcetype=sap:script:error and...

by Motivator in

Why is my forwarder missing from the list of forwarders?

I have installed universal forwarders on all of the servers I want to monitor with Splunk. If I go on the Splunk Serv...

by Engager in

Unable to install Splunk Universal Forwarder on Windows Server 2003 (32-bit)

Hello, I'm currently facing a problem on installing splunk universal forwarder on 1 of our windows server, the ins...

by Communicator in

Splunk Plugin for Jenkins (DevOps): Why has the plugin stopped working on one of my cluster masters?

Splunk (6.4.2) large cluster. Splunk Plugin for Jenkins 1.3.1 I have the Splunk plugin on 4 Jenkins masters. On...

by Explorer in

Splunk search result to csv format

Hello, We have requirement to have Splunk search/dashboard result data in csv format to be fed into another tool. ...

by Contributor in

transforms.conf returning events that match REGEX value as value of FORMAT key

I am trying to build a filter so I only index events that match this regex: .*[%].* I asked a question previ...

by Path Finder in

Forwarder management: deployment server vs Chef

I have very little experience with chef. I have a client with very high security requirements. I was wondering if any...

by Builder in

More linebreaking issues

I'm having some issues with linebreaks in one of our logs. I used LINE_BREAKER = WSDL(,\s*) that covered most of the ...

by Explorer in

DNS lookup failing

Hi I read http://www.splunk.com/base/Documentation/4.2.2/Knowledge/Addfieldsfromexternaldatasources and see my de...

by Explorer in

How do I use lookup to filter results? Need search to contain (not equal) a value

I am looking to filter events in splunk by values in a lookup table. I implemented the solution from this question, a...

by Path Finder in

Can I create indexes.conf and inputs.conf files on my search heads to send /var/log/ logs to my indexer cluster?

My SHC of 3 members is Linux. I need to create an inputs.conf to ingest /var/log/* and send them to my indexer-cluste...

by Path Finder in

Help searching a CSV file with multiple conditions

Hi, I spent a lot of hours to find the request I need with no success so I ask your help. My goal is to build a...

by New Member in

Performance impact of using ignoreOlderThan on forwarder

Hi So we have a server which writes out thousands of files a day. Over course of two months we can have 70K+ files...

by Contributor in

Managing SPLUNK in an Enterprise environment

Good morning everyone, I have a question. We have Enterprise apps like Microsoft Exchange and we would like specif...

by Explorer in

Having source ip from 3 sourcetypes, how do I combine them all in one field and table the results?

I have source ips from 3 different log sources with 3 different field names. I want to have all the values from the 3...

by Path Finder in

What are the differences between heavy forwarder and universal forwarder?

hi, we are currently monitoring windows security event logs across 3000 machines in our organization using UF's, t...

by Path Finder in

How to configure different timezones requirement for different apps , running on same server such that same user has access to multiple apps?

Hi , We are working on a clustered environment, having multiple apps all running on default server timezone (Europe/L...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Send data to heavy forwarder to filter events AND change sourcetype - help please

Adding additional column after grouping for JSON records

Heavy Forwarder not showing in Deployment Server

How to handle LINE_BREAKER regex for multiple capture groups? Specifically now that we are getting both ip4 and ip6 logs?

How to confirm a udp input is running?

Some host's IP address not being resolved to hostname for syslog data sent to udp port 514

How to prevent directory bombs on forwarders?

Search for account failing a log on at repeating intervals

How to change a host from test01 to test02 for a specific sourcetype ?

Why is my forwarder missing from the list of forwarders?

Unable to install Splunk Universal Forwarder on Windows Server 2003 (32-bit)

Splunk Plugin for Jenkins (DevOps): Why has the plugin stopped working on one of my cluster masters?

Splunk search result to csv format

transforms.conf returning events that match REGEX value as value of FORMAT key

Forwarder management: deployment server vs Chef

More linebreaking issues

DNS lookup failing

How do I use lookup to filter results? Need search to contain (not equal) a value

Can I create indexes.conf and inputs.conf files on my search heads to send /var/log/ logs to my indexer cluster?

Help searching a CSV file with multiple conditions

Performance impact of using ignoreOlderThan on forwarder

Managing SPLUNK in an Enterprise environment

Having source ip from 3 sourcetypes, how do I combine them all in one field and table the results?

What are the differences between heavy forwarder and universal forwarder?

How to configure different timezones requirement for different apps , running on same server such that same user has access to multiple apps?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions