Getting Data In

Discussions

Thread Info

universal forwarder vs. dedicated rsyslog/syslog-ng servers to forward syslog to splunk indexer

Conventional wisdom for collecting syslog data from external sources (network equipment, etc) was to put a couple of ...

by Contributor in

Why is the forwarder sending data to dev?

Our forwarder has the following - $ cat /opt/splunk/splunkforwarder/etc/system/local/deploymentclient.conf [target...

by Ultra Champion in

How to configure inputs.conf to send data from 1 directory to 2 different clusters with different index/sourcetype

We have a scenario where we need to forward data from 1 directory to 2 different indexer clusters. While this is achi...

by Path Finder in

Please provide the time_prefix and time_format for below event type.

Hi folks, Could you please anyone provide the TIME_PREFIX and TIME_FORMAT for below events type. 10.30.3.247 - ...

by Explorer in

Explanation of Checksum for seekptr didn't match, will re-read entire file

Fellow Splunkers, I've been lurking most of the topics related to the re-indexing of log files and Splunk creatin...

by Path Finder in

Applying timezone on basis of sourcetype and hostname

Hello, I have requirement for applying time-zone on incoming data on basis of source type and host location both. I ...

by Explorer in

unarchive_cmd with Java on a Windows system

Hello, I have a question for the property unarchive_cmd. I want to parse a textfile and recombine info to a new Log b...

by Explorer in

REST API to check persistent queue file size

Hi all, As per the title, may I know if there is any REST API to get the persistent queue size in Heavy Forwarder?...

by Path Finder in

How to configure Latin accents?

Hi, I have accentes in my logs like ç, ã, õ and I need to configure the sourcetype to understand it right. I have tri...

by Engager in

JSON event breaks not working - sometimes

I have a log file of properly formatted JSON events, but the event break is not working properly. Sometimes it separa...

by Builder in

Sending Perfmon data to metrics index

I would like to collect my windows perfmon data into a metrics index. Is this feature planned for the near future? ...

by Path Finder in

Splunk .bat script file not getting triggered

I'm having a simple alert (for POC, so checking with _internal data) and on alert action there is 'add to triggered a...

by New Member in

Getting duplicate record after uploading json (even dedup not working)

Hi, I have uploaded a json file to splunk and using spath command to get output, but the output shows two rows for a ...

by Path Finder in

CSV numbers imported as strings... and tonumber() returning null

I'm a Splunk newbie. I'm trying to import a CSV, including both strings and numbers, with source="csv": while stri...

by Path Finder in

Add new indexers to existing indexer cluster

Hello I am having Splunk Enterprise 6.5.1. Now there is a task to add 2 more indexers to the Indexer cluster(6 Indexe...

by Engager in

Changing Index for ActiveDirectory Sourcetype within Splunk_TA_windows

Hello All, I'm using the Splunk_TA_windows app from Splunk to understand windows data. I've modified the app to po...

by Builder in

How to upload log files to Splunk using REST API?

Hi , I want to upload log files using Splunk Rest APIs. Can you please share how I can do that

by Engager in

Assigning sourcetype to a source in HeavyForwarder props.conf is not working

Shouldn't this work ? Only If I assign the sourcetype in the inputs.conf of the Universal forwarder this works.. But ...

by Communicator in

Why is the timestamp showing up in the future on some sourcetypes?

Hi Team, Currently we are having issue for certain sourcetype the indexed events are with the future time stamp. The ...

by Motivator in

JSON transformations

Hi. I have a problem with transformations in Splunk: Example event(small part of it): Dec 1 22:29:42 127.0.0.1 1 2...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

universal forwarder vs. dedicated rsyslog/syslog-ng servers to forward syslog to splunk indexer

Why is the forwarder sending data to dev?

How to configure inputs.conf to send data from 1 directory to 2 different clusters with different index/sourcetype

Please provide the time_prefix and time_format for below event type.

Explanation of Checksum for seekptr didn't match, will re-read entire file

Applying timezone on basis of sourcetype and hostname

unarchive_cmd with Java on a Windows system

REST API to check persistent queue file size

How to configure Latin accents?

JSON event breaks not working - sometimes

Sending Perfmon data to metrics index

Splunk .bat script file not getting triggered

Getting duplicate record after uploading json (even dedup not working)

CSV numbers imported as strings... and tonumber() returning null

Add new indexers to existing indexer cluster

Changing Index for ActiveDirectory Sourcetype within Splunk_TA_windows

How to upload log files to Splunk using REST API?

Assigning sourcetype to a source in HeavyForwarder props.conf is not working

Why is the timestamp showing up in the future on some sourcetypes?

JSON transformations

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Issue filtering events with regex and props.conf

Why am I receiving warning in Splunk log for timed...

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...