Getting Data In

Discussions

Thread Info

How to upgrade 15 Solaris hosts from Splunk 4.1.3 to 6.4.0 universal forwarders?

As unix support staff drafted to be an inexperienced Splunk support staffer, I hope I can appeal to someone who knows...

by New Member in

How to disable a search peer via the CLI or REST API call?

Hi Splunkers, Is there a way to disable a search peer via the CLI or an API call? Specifically, I would like t...

by Path Finder in

Should Splunk be barking back at this type of time stamp string? 2016/04/07T10:04:02.113[+0000] ? I can't tell if it meets the ISO standard.

Hello Splunkers, I have a timestamp below that does not seem to want to get recognized / converted properly by Spl...

by Communicator in

What is the order of precedence transforms are applied within a single props.conf stanza?

Given a couple transforms.conf stanzas that both operate on the host field (index-time manipulation), reading from th...

by SplunkTrust in

Two diffent indexes

Is it possible to send different logs on two different indexes [default] host = EDGE1 [script://$SPLUNK_HOME\bi...

by Path Finder in

How to configure a local Splunk Enterprise instance as both a forwarder and indexer?

Hi, I have installed Splunk Enterprise version locally and configured the below from Splunk Web. 1-forwarding host...

by Explorer in

If we plan to ingest roughly 10 GB of logs daily, how much extra data should I consider being added to indexing done by the Splunk server?

As we begin to plan out our deployment of Splunk, one thing is starting to puzzle me, and this is mostly a "should we...

by Explorer in

'Invalid Key in Stanza' errors being generated at startup for inputs.conf whitelist on a 6.1.4 Heavy Forwarder that docs say should work

Per these docs http://docs.splunk.com/Documentation/Splunk/6.1.4/Data/MonitorWindowsdata I have changed from the old ...

by Motivator in

Is it possible to configure inputs.conf to forward events based on "Custom Views" in Microsoft Event Viewer?

Hi Splunk Community, Can one configure inputs.conf to forward events based on a "Custom Views" in Event Viewer? Sp...

by New Member in

Why are text input fields unexpectedly blank in custom alert action UI?

I am developing an add-on that adds a custom alert action. I've built a custom HTML fragment (as described in the cus...

by Explorer in

Is there a unique ID assigned to each forwarder to help me determine from which forwarder certain indexed data belongs to?

Hi, I have set up multiple forwarders sending events to a remote indexer. I am going to use the indexed data for f...

by Explorer in

ERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf.

Team, In one of the Unix servers where SplunkForwarder is running, I have the below log in the splunkd.log file. O...

by New Member in

How do I get hosts (universal forwarders) show on the Splunk Light home page?

I have Splunk Light installed and set up on my server. I have the receiving port set. On the client I want Splunk Lig...

by New Member in

What is this 'Learned' file under apps?

I was just poking around to find out why my data had this strange sourcetype history-y2016-m06-d-10, and when I went ...

by Path Finder in

Why am I getting "Invalid key in stanza _server_app_APPNAME_ABC_CDE" with udp listener?

I have a similar, but not the same inconsistency issue with inputs.conf on distributed setup. I have udp listener ...

by Explorer in

How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer?

Hi guys! How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer? I need to co...

by Path Finder in

Can I override two keys in one transforms stanza?

My current situation is that a bunch of files are all being dumped into one directory for the forwarder to monitor an...

by Contributor in

Can I forward some logs from Splunk Light Free to a third party syslog server?

Can Splunk Light Free forward some logs to a third party server? Ex. I have Splunk Light free monitoring some log ...

by Path Finder in

tarAndChecksum error for deployed app inputs.conf

Hi, I'm trying to send configuration through an app to one of my the universal forwarders. The app consists of an ...

by Path Finder in

Distributed Search Environment: Do accelerated data models reside on the indexer or search head?

I have an app with an accelerated data model. The data model is defined in a JSON file while the acceleration is enab...

by Builder in

Getting Data In

Discussions

How to upgrade 15 Solaris hosts from Splunk 4.1.3 to 6.4.0 universal forwarders?

How to disable a search peer via the CLI or REST API call?

Should Splunk be barking back at this type of time stamp string? 2016/04/07T10:04:02.113[+0000] ? I can't tell if it meets the ISO standard.

What is the order of precedence transforms are applied within a single props.conf stanza?

Two diffent indexes

How to configure a local Splunk Enterprise instance as both a forwarder and indexer?

If we plan to ingest roughly 10 GB of logs daily, how much extra data should I consider being added to indexing done by the Splunk server?

'Invalid Key in Stanza' errors being generated at startup for inputs.conf whitelist on a 6.1.4 Heavy Forwarder that docs say should work

Is it possible to configure inputs.conf to forward events based on "Custom Views" in Microsoft Event Viewer?

Why are text input fields unexpectedly blank in custom alert action UI?

Is there a unique ID assigned to each forwarder to help me determine from which forwarder certain indexed data belongs to?

ERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf.

How do I get hosts (universal forwarders) show on the Splunk Light home page?

What is this 'Learned' file under apps?

Why am I getting "Invalid key in stanza _server_app_APPNAME_ABC_CDE" with udp listener?

How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer?

Can I override two keys in one transforms stanza?

Can I forward some logs from Splunk Light Free to a third party syslog server?

tarAndChecksum error for deployed app inputs.conf

Distributed Search Environment: Do accelerated data models reside on the indexer or search head?

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >

Multiple sourcetypes on SQS based S3

How To optimize eps aggregation and filtration in ...

add blacklist to previous deploy-app

Is it Possible To Ingest Dell EMC Unity Storage lo...

ProxySG UTC+2 issue, recommended config

Getting Data In

Discussions

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >