Getting Data In

Discussions

Thread Info

How to update an existing index for a file, id the file is updated with new fields/attributes

Hi, I Have a CSV file with some values that i am forwarding to my indexer and for this file, events and indexes ar...

by New Member in

how to listen to port UDP 514 when splunk is not root

On linux systems, only a process running as root can listen to ports < 1024. I want splunk to listen to syslog on UDP...

by Splunk Employee in

Using multiple OR operators

Hi guys Im doing a correlation search where Im looking for hostnames and filtering for events I dont want. eg. ...

by Path Finder in

What are the minimum server requirements to install the Universal Forwarder (32-bit)?

Hi, we are having trouble installing Universal Forwarder (32-bit) to a server that has system specifications of: OS: ...

by Observer in

Filtering fields in log before forward to indexing

Hi, If i need to filtering some data in the log before forward to indexing, how to go abt doing it? thks

by Communicator in

Hardware Architecture & Scaling

So, I'm slightly confused. I'm looking at the Splunk documentation and they reference only sending 50 GB/day to an in...

by Contributor in

Forwarders configuration

Hi to all, I configured a forwarder as following In Splunk Server: - in /opt/splunk/etc/deployment-apps I copyed t...

by Explorer in

How to edit my configurations to assign sourcetype?

Hello, I am trying to index following files: c:\test\access.log c:\test\access_00.0.log c:\test\access_00...

by Path Finder in

splunk stop indexing data

All my other indexes are indexing data. I created a new one, and i need to have 1164 data and its only appear 994, i ...

by Engager in

Does anyone know of a few Windows event logs to monitor in Splunk for system crashes and errors?

Hi Splunkers! I’d like to pick your brain to see if you know of 3-5 key windows event log events to monitor that w...

by Path Finder in

scripted input

I have a korn shell that creates a log. I want to run the script via the inputs.conf, every Monday at 5am. I don't wa...

by Path Finder in

Is it possible to have multiple TCP output groups in outputs.conf and have events auto load balanced (autoLB) between them?

Is it possible to have multiple tcp output groups in outputs.conf and have the events autoLB'd between them? My under...

by New Member in

How to allow shell wildcard in scripted input's argument?

For example, if I put this in inputs.conf [script:/bin/ls /*/lib /var/lib /usr/lib ] sourcetype = ls The latte...

by SplunkTrust in

Why is my Event line breaking not working properly?

Hi, I've reviewed almost all the question about event line breaking but still have some inconsistency with data inges...

by Explorer in

Why is the substr function not working for JSON logs in Splunk 6.5.2?

The substr function is not working for json logs for us in 6.5.2 for Dev version. Whereas the Prod version of the Spl...

by Observer in

Is it possible for a single splunk universal forwarder to be managed by two different deployment servers?

I was wondering if possible for a single splunk universal forwarder to be managed by two different deployment servers...

by Path Finder in

Splunk rest command: Is it possible to generate a POST request instead of GET?

Hi, I need to use Splunk rest command in search - but I wish to generate a POST request instead of GET. Is it poss...

by Communicator in

If not condition in TIME_PREFIX

I am working in the FIX log messages and have two fields that contain timestamps. I need to check for one field and i...

by Path Finder in

Unable to get events indexed from WinEventLog:Setup and WinEventLog:HardwareEvents

I have deployed SplunK_TA_Windows and setup monitoring for Applicatiom, System ,Security, HardwareEvents and Setup wi...

by Explorer in

How to exclude Host using Inputlookup?

index=bp_prod NOT ([|inputlookup serverBP.csv|fields Servers Status |where Status=="N"] ) |eventstats count as "total...

by Builder in

How to forward extracted data from Splunk to 3rd party?

I have a requirement where I will be getting logs from various sources in Splunk, extract some useful information fro...

by New Member in

Why is my connection from forarder to indexer timing out?

I have 2 VMs, one running an indexer: hostname "splunkbox" ip 192.168.56.151 and one running a universal forwa...

by Path Finder in

How to find index size before splunk adding indexes...i mean raw data size

I have 10 indexes...i want to find the actual size of the index before splunk adding its indexing. and after as we...

by New Member in

Hi, Want to break event using line_breaker property.

2017-04-02 22:45:19.023 -0600 so-splunky.local sshd[68061]: Accepted keyboard-interactive/pam for sowings from xx.xx....

by Explorer in

Timezones differ for User's position and internal events timestamps

Hi all, In our case timestamps within the splunk events are standard GMT where people working from different time...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to update an existing index for a file, id the file is updated with new fields/attributes

how to listen to port UDP 514 when splunk is not root

Using multiple OR operators

What are the minimum server requirements to install the Universal Forwarder (32-bit)?

Filtering fields in log before forward to indexing

Hardware Architecture & Scaling

Forwarders configuration

How to edit my configurations to assign sourcetype?

splunk stop indexing data

Does anyone know of a few Windows event logs to monitor in Splunk for system crashes and errors?

scripted input

Is it possible to have multiple TCP output groups in outputs.conf and have events auto load balanced (autoLB) between them?

How to allow shell wildcard in scripted input's argument?

Why is my Event line breaking not working properly?

Why is the substr function not working for JSON logs in Splunk 6.5.2?

Is it possible for a single splunk universal forwarder to be managed by two different deployment servers?

Splunk rest command: Is it possible to generate a POST request instead of GET?

If not condition in TIME_PREFIX

Unable to get events indexed from WinEventLog:Setup and WinEventLog:HardwareEvents

How to exclude Host using Inputlookup?

How to forward extracted data from Splunk to 3rd party?

Why is my connection from forarder to indexer timing out?

How to find index size before splunk adding indexes...i mean raw data size

Hi, Want to break event using line_breaker property.

Timezones differ for User's position and internal events timestamps

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions