Getting Data In

Discussions

Thread Info

Question on migrating a small Splunk Enterprise environment to new hardware

Hi all, We have a relatively small Splunk environment that has 2 Universal forwarders and 1 Indexer on separate s...

by Engager in

Can I log Exchange logs without the paid app?

I would like to send Exchange logs to splunk, but I do not have the pay version of the Exchange app. What kind of fun...

by Path Finder in

double indexing, does it count towards your license limit

if i send all syslog data to one splunk enterprise instance to be indexed and then it is forwarded onto another splun...

by New Member in

How can I determine the last date of an epoch time?

So for the dashboard time dropdown, I want to determine whether the To: date that user select is the last date of tha...

by Contributor in

How to index duplicate files which has different name

Hello All, Is there any application or method in Splunk, where we can index the files(which has same contain) in S...

by Communicator in

How to capture snmp traps in splunk ?

Hi All, I have told to configure one of the Heavy forwarder instance to receive and index the CISCO prime traps. i ha...

by Motivator in

how does UF handle both metrics and event data

I have my UF and indexer set up and what I want to do is sending both metrics and event data from UF to indexer. from...

by Splunk Employee in

Why isn't this data indexing?

Hello all, I am trying to filter the data to be indexed however not success. Nothing is indexed. I have the bel...

by Communicator in

How to write the transforms.conf for varying password lengths

Hello, Since i am new to Splunk, i'm having hard time understanding and writing the transforms for varying passwor...

by Path Finder in

Can outputs.conf be reloaded without restarting splunk

Is there a rest or sysinternal command that can be executed that will reload outputs.conf.

by Communicator in

How to skip Splunk license agreement page on Containerise the splunk?

I have created a Dockerfile when the container build during that time I need to create multiple login users on backsi...

by Engager in

how to get all the available sourcetypes from a list of hosts on a lookup?

I have a list of hosts on a lookup around 40 hosts. For the list of hosts I want to check the list of sourcetypes lik...

by Builder in

JSON element names contains dynamic part - how to create table

My JSON log file contains metrics - below message example. Json elements name and number are not fixed. As you can se...

by New Member in

Issue with forwarder. Couldn't complete HTTP request: Connection timed out

I have several forwarders, all installed on Ubuntu 14.04 boxes. One of them stopped working but the rest are fine. Af...

by New Member in

Can't get value of job.resultCount when using Custom Alert Action

How the alert is defined I have created a custom alert action after following documentation found here http://docs...

by Contributor in

events with the same id and sourcetype but different name field

I've been working on a project and have been uploading several files on splunk. One of which is a headcount report th...

by New Member in

Universal Forwarder authentication

Our use case is to have our Splunk indexer(s) running in one DC and our production hardware in another, in the public...

by Explorer in

Timeout talking to Deployment Server Windows

I'm seeing this message in the splunkd.log file just before a Universal Forwarder starts a shutdown. 11-25-2017 18...

by Communicator in

How can I create a supression/whitelist for traffic between two IP addresses?

I want to create a suppression / whitelist for traffic between these IPs: 192.168.10.12/13/64/65 ---> 192.168.17.20/2...

by New Member in

check who is ingesting data to index=main

is there a way on how to check who is ingesting data to index=main I want to know list of source, sourcetype,host fo...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Question on migrating a small Splunk Enterprise environment to new hardware

Can I log Exchange logs without the paid app?

double indexing, does it count towards your license limit

How can I determine the last date of an epoch time?

How to index duplicate files which has different name

How to capture snmp traps in splunk ?

how does UF handle both metrics and event data

Why isn't this data indexing?

How to write the transforms.conf for varying password lengths

Can outputs.conf be reloaded without restarting splunk

How to skip Splunk license agreement page on Containerise the splunk?

how to get all the available sourcetypes from a list of hosts on a lookup?

JSON element names contains dynamic part - how to create table

Issue with forwarder. Couldn't complete HTTP request: Connection timed out

Can't get value of job.resultCount when using Custom Alert Action

events with the same id and sourcetype but different name field

Universal Forwarder authentication

Timeout talking to Deployment Server Windows

How can I create a supression/whitelist for traffic between two IP addresses?

check who is ingesting data to index=main

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

wildcard don't work in log file name for input.con...

Do we have a Splunk script that will tell us the t...

Documentation for AWS app for S3

Why are Splunk some logs missing from kiwi syslog?

Get Blob Data W/O Key or SAS Token (use service ac...