Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Configuring Splunk and Rancher

Hello, I'm totally new to this and have been thrown into the fire to figure things out. I'm setting up Kubernetes ...

by Explorer in

How can I find out the max indexing delay, maybe by using the tstats command?

I would like to find out the max indexing delay per index. | tstats max(_indextime - _time) where index=* by inde...

by Motivator in

Unable to ingest the syslog-data into splunk

Hi All, I am trying to ingest the syslog data into splunk for test POC. In-order to ingests the syslog data, I had fo...

by Motivator in

Error while executing scripted input deployed from universal forwarder.

I have created a scripted input and deployed it from the deployment server to the universal forwarder, but it's givin...

by Engager in

Universal Forwarder Environment Variable Windows

I'm trying to ingest logs from client computers that are written to localappdata of the user running the software. Th...

by Explorer in

The $SPLUNK_HOME/var/spool/splunk/ directory is filling up with stash_new Files

After upgrading to Splunk version 6.2.4, the $SPLUNK_HOME/var/spool/splunk/ directory starts filling up with files wi...

by Splunk Employee in

universal forwarder manipulate host and source via inputs.conf

I have a dedicated server which is running syslog-ng and a universal forwarder. i want to set 3 things one of them...

by Path Finder in

host name from log file

hi i have lot's of log file that start with this line for each log ********** LOGFILE FOR SERVER 'host22', AT THE DAY...

by Explorer in

Failed installation of trial versions of Enterprise and Universal Forwarder on domain accounts.

I am installing the trial version of Splunk Enterprise on Windows 10 pro 64bit. When I use a domain account the insta...

by New Member in

Http Event Collector ignores JSON timestamp

Hi, I have this json event I put in trough HEC: { "time": "2019-10-01T11:29:53.817", "eventType": "Computer...

by New Member in

REST API JSON output only with "result" field (without offset, etc.)

Hey guys, could you please help! I use curl -k -u 'myUser:myPwd' https://localhost:8089/services/search/jobs/expor...

by Contributor in

Do I need TIBCO or smth like that (highload to Splunk REST API queries)

Hey guys, I have an online connection with another web service Serv_1: A. it sends data to MySplunk via online REST ...

by Contributor in

How to modify syslog source type to handle rfc3339 timestamp?

We pass messages with rsyslog using the rfc3339 time format. It has microseconds, and it has a timestamp. But noticed...

by Engager in

Use RegEx to set sourcetype on UF where events are in a JSON format

Scenario: two different source types being sent to UF (snort and firewall) from the same IP/source. form...

by Path Finder in

splunk with Docker in windows

Hello is it possible to run splunk in docker container in windows ? if yes, can someone link me to the installation g...

by Communicator in

Process of Indexed Extraction Configuration

Hi All! I'm currently running into a very weird situation with a Splunk instance I inherited. I setup the props.co...

by Path Finder in

What can be the effects of rebooting a server without taking the forwarder down cleanly?

Many of the forwarders here go down when the servers go for maintenance work. What can go wrong with the forwarders w...

by Motivator in

Search Head - props.conf and transforms.conf not taking into effect in apps directory

I have a universal forwarder forwarding key-value-delimited log events to an indexer. I have created an app on the se...

by Path Finder in

Fields Extraction from JSON File

Im monitoring a JSON file and forwarding the data using UF to my indexers . Im having problems to extract the JSON fi...

by Path Finder in

ui_inactivity_timeout - web.conf

has anyone successfully implemented user session timeouts on their SHC? We are experiencing users keeping multiple da...

by Communicator in

Getting Data In

Discussions

Configuring Splunk and Rancher

How can I find out the max indexing delay, maybe by using the tstats command?

Unable to ingest the syslog-data into splunk

Error while executing scripted input deployed from universal forwarder.

Universal Forwarder Environment Variable Windows

The $SPLUNK_HOME/var/spool/splunk/ directory is filling up with stash_new Files

universal forwarder manipulate host and source via inputs.conf

host name from log file

Failed installation of trial versions of Enterprise and Universal Forwarder on domain accounts.

Http Event Collector ignores JSON timestamp

REST API JSON output only with "result" field (without offset, etc.)

Do I need TIBCO or smth like that (highload to Splunk REST API queries)

How to modify syslog source type to handle rfc3339 timestamp?

Use RegEx to set sourcetype on UF where events are in a JSON format

splunk with Docker in windows

Process of Indexed Extraction Configuration

What can be the effects of rebooting a server without taking the forwarder down cleanly?

Search Head - props.conf and transforms.conf not taking into effect in apps directory

Fields Extraction from JSON File

ui_inactivity_timeout - web.conf

Importing WebSphere - multiple SystemOut.log file...

Ingest messages from slack channels to splunk

Need to give add data capability to user in splunk...

Load Balancing UF to 3rd third party receivers

Dublicated json fields on searchHead