Getting Data In

Discussions

Thread Info

Why can't I install Splunk on windows 7 64 bit and getting error "Splunk Enterprise Setup Wizard ended prematurely..."?

Hello I'm newbie with Splunk. I would like to discover the product after a friend had talk to me about it. So I got t...

by New Member in

props.conf stanza and zip files containing logs

Hi everyone, yesterday I spent most of the day battling through transforms.conf and props.conf - with lucrative resul...

by Communicator in

Heavy forwarder with 2nics not communicating on 8089

I have a heavy forwarder running 6.4.1 on CentOS 7 with 2 nics on seperate subnets (data and mgt) that won't communic...

by Path Finder in

Compare the time for the execution

Hello Champions, I come across a very complex logic to tag jobs on its start time. We have one calculated valu...

by Explorer in

Has Anyone put a Forwarder on a Tablet?

Has anyone captured Windows Event Logs from tablets and forwarded it to their indexer? We're currently trying to ...

by SplunkTrust in

Does Splunk index gzip files?

I'd like to index a directory of 50,000 gzip files. The files range in size from 1 KB to 5 MB. Can Splunk monitor the...

by Splunk Employee in

Does a universal forwarder's persistent queue exist after a reboot?

According to this document: http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/Usepersistentqueues The i...

by Builder in

Whats causes "Cannot create another input for the event log "Application". One already exists"?

I have 2 remote locations with multiple PCs in both places. I have installed the forwarder on all devices (Windows PC...

by New Member in

Can I force a powershell input to execute the .ps1 script as an administrator?

Our Spunk service runs as a Mcrosoft Managed Service Account (MSA) and that MSA is an admin account and we have a Pow...

by Motivator in

How to do bucketing on json data?

I have a json data similar to the example given below { "name":"srini", "date":"20160801", "distribution": { "20":...

by New Member in

Why does Splunk service startup change permissions on outputs.conf to read only on my Windows universal forwarder?

I am deploying new certificates to a number of UF's running on Windows Servers 2008 R2. This environment is restricte...

by Path Finder in

Universal forwarder error: ImportError: /opt/splunkforwarder/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /usr/lib/python2.7/lib-dynload/_ssl.x86_64-linux-gnu.so)

Hi, I have installed Universal Forwarder version 6.4.2, and using the scripted inputs to retrieve data. When r...

by Path Finder in

Is it possible to have multiple hosts for one LDAP Strategy?

Hi all, We have Splunk connected to 5 LDAP domains and each one with at least 10 servers. Today Splunk is pointin...

by Engager in

How to update a lookup with a scheduled search by appending new data or editing existing rows, not replace the entire lookup?

I can't seem to find this scenario which is odd. Basically I want to update a list of usernames. I want to run an ini...

by Builder in

Is it possible for the Splunk SDK to connect to the instances by tunneling through a bastion host?

Hi, Is it possible for the Splunk SDK to connect to the instances by tunneling through a bastion host? We have a ...

by Explorer in

How often/quickly does a Splunk universal forwarder read a file?

Hi, I have some customers who are VERY concerned about the Splunk universal forwarder on their servers. We run tes...

by Champion in

Why are infrastructure disk writes different than indexing rate in Splunk?

Hello All, Basically, I am confused as to what is actually happening in our environment. VMware shows that we are ...

by Contributor in

Seing null (\x00) bytes in indexed data from log file in Windows

I have seen several questions regarding null (\x00) bytes in data, but none have helped me resolve my issue so far. ...

by Path Finder in

Universal forwarder consuming 100% CPU. "WARN TimeoutHeap - Either time adjusted forwards by, or event loop was descheduled for 490844ms"

Splunk consumes 100% of the CPU. Installed version is 6.4. Splunk log: 07-13-2016 19:18:11.904 -0500 WARN Time...

by Path Finder in

How can I download Universal Forwarder Credentials?

The link doesn't seem to work: /en-US/dj/splunkclouduf/ufpackage Returns with 404. Any recommendations? Thanks,...

by New Member in

Getting Data In

Discussions

Why can't I install Splunk on windows 7 64 bit and getting error "Splunk Enterprise Setup Wizard ended prematurely..."?

props.conf stanza and zip files containing logs

Heavy forwarder with 2nics not communicating on 8089

Compare the time for the execution

Has Anyone put a Forwarder on a Tablet?

Does Splunk index gzip files?

Does a universal forwarder's persistent queue exist after a reboot?

Whats causes "Cannot create another input for the event log "Application". One already exists"?

Can I force a powershell input to execute the .ps1 script as an administrator?

How to do bucketing on json data?

Why does Splunk service startup change permissions on outputs.conf to read only on my Windows universal forwarder?

Universal forwarder error: ImportError: /opt/splunkforwarder/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /usr/lib/python2.7/lib-dynload/_ssl.x86_64-linux-gnu.so)

Is it possible to have multiple hosts for one LDAP Strategy?

How to update a lookup with a scheduled search by appending new data or editing existing rows, not replace the entire lookup?

Is it possible for the Splunk SDK to connect to the instances by tunneling through a bastion host?

How often/quickly does a Splunk universal forwarder read a file?

Why are infrastructure disk writes different than indexing rate in Splunk?

Seing null (\x00) bytes in indexed data from log file in Windows

Universal forwarder consuming 100% CPU. "WARN TimeoutHeap - Either time adjusted forwards by, or event loop was descheduled for 490844ms"

How can I download Universal Forwarder Credentials?

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

eventgen and outputMode = s2s not working

How to limit the use of resources like memory and ...

How to identify what stream is going to which inde...

How does one ingest Email Metadata into Spunk Ent....

WebTools Add-on with Splunk cloud

Getting Data In

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >