Getting Data In

Discussions

Thread Info

Why is "machineTypesFilter" not pushing to both Windows apps?

I've got an odd issues where my Linux clients are getting the 'forward logs' app, but my Windows ones are not. My Win...

by Path Finder in

How to resolve error "SRC did not 'startsrc splunkweb' on our behalf: exit code=1" when restarting a 6.0.13 universal forwarder on AIX?

My Splunk Deploy Server is CentOS 6.7 The UF, Splunk Universal Forwarder 6.0.13 running on server, AIX 7.1. If ...

by Splunk Employee in

How to configure a Splunk forwarder for a network switch/router?

Hello Team: We would like to capture the network traffic data at a network switch/router level and then we want to...

by New Member in

Hide Radio Input in Dashboard

Does anyone know how to hide a radio input in a Dashboard? We have a regex calculation that we've assigned to a radio...

by Path Finder in

How do you enable debug logging for scripted input

I am trying to debug a scripted input that isn't running when it should and I want to enable debug logging. When I lo...

by Communicator in

How to log REST API calls?

Hi, I am trying to debug Splunk REST API calls and need verbose logging of life cycle of that transaction on serve...

by Explorer in

How to properly parse my JSON input?

Hi, I have a JSON input file, and am having two issues. First, I can't seem to get the timestamp to map appropriat...

by Champion in

Is it possible to configure Splunk to show the filename only and not the contents of the file we're monitoring?

In the Splunk deployment we have, I'm using the Splunk universal forwarder to monitor changes to a folder, specifical...

by Engager in

How to access a JSON that does not have a field name?

Hi All, I've used spath before to access JSON, but the log entry i currently have does not have a name associated ...

by Engager in

How can I pull out values in a log path and route it to a specific index?

I am looking to route logs to different indexes based on a specific value identified in the log path. For example: ...

by Path Finder in

Line breaks and the 'Add Data' process

I'm a fairly inexperience Splunk admin, and I've used the Add Data feature a couple of times to test out new sourcety...

by Builder in

Is there a way to specify how Splunk handles future dates?

I have a system that sometimes gets its clock messed up and starts sending events that are in the future. Splunk is r...

by Contributor in

Why is the timestamp of event data not being recognized and events are not breaking?

I initially tried auto, but was getting the same issue of the event data not line breaking correctly. I tried to modi...

by Contributor in

How do I delete old log data past a certain time on an index?

We're running out of disk space. How do I delete old log data past a certain time on an index? If I set a max ...

by Path Finder in

How to max out Windows forwarder file descriptors limits?

I'm trying to max out Windows forwarder file limits. When using "max_fd" in limits.conf, I get the following warning:...

by Contributor in

Reindex Duplicates / Reindex duplicate data

HI Splunkers, I got a little complicated issue I cannot figure out. Everyday I receive a host file that we ind...

by Communicator in

Why are Windows Event Logs not forwarded after installing a new Windows server?

Hi there, I have the following issue detected in our environment and I'm not sure where the problem comes from. We...

by Contributor in

How to convert the reported Pacific Time (PT) from one source to Universal Time Coordinated (UTC) within my search?

I am currently working on a report with 3 different data sources. Two of these sources report events in Universal Tim...

by New Member in

Using a REST command to query the status of the splunkweb process?

I'd like to be able to check on the status of the splunkweb process from distributed splunk instances within a splunk...

by Motivator in

How to enable HTTP Event Collector on indexers?

Hello All, We wanted to enable HTTP Event Collector (HEC) in our environment. We have one deployment server and fo...

by Contributor in

How to rename a JSON field by editing a configuration file (NOT when running search)?

There is a log source that publishes events in JSON format, but the field name is in 3-digit numbers, not in English,...

by Path Finder in

Why does using the Splunk Forwarder with Splunk Free display message "This feature is not available with your installed set of licenses"?

From my understanding the Splunk free license still lets you forward logs from other servers using the Splunk univers...

by Explorer in

How to distribute splunk.secret to Windows Heavy Forwarders

Hello guys, We are going to install two Heavy Forwarders on Windows 2012 R2 servers. The remaining instances of Sp...

by Path Finder in

How to correctly configure Splunk to monitor a directory with wildcards?

I must be doing something wrong. Splunk is seeing and indexing the first log file it finds and nothing else after wit...

by Contributor in

Can someone help me parse this XML into Splunk on the backend? Also should I add this to the props.config in my Deployment Server or my Search Head Deployer?

Here is what I have tried and it is not working: Edit the local/inputs.conf file and add this: [monitor:///dire...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why is "machineTypesFilter" not pushing to both Windows apps?

How to resolve error "SRC did not 'startsrc splunkweb' on our behalf: exit code=1" when restarting a 6.0.13 universal forwarder on AIX?

How to configure a Splunk forwarder for a network switch/router?

Hide Radio Input in Dashboard

How do you enable debug logging for scripted input

How to log REST API calls?

How to properly parse my JSON input?

Is it possible to configure Splunk to show the filename only and not the contents of the file we're monitoring?

How to access a JSON that does not have a field name?

How can I pull out values in a log path and route it to a specific index?

Line breaks and the 'Add Data' process

Is there a way to specify how Splunk handles future dates?

Why is the timestamp of event data not being recognized and events are not breaking?

How do I delete old log data past a certain time on an index?

How to max out Windows forwarder file descriptors limits?

Reindex Duplicates / Reindex duplicate data

Why are Windows Event Logs not forwarded after installing a new Windows server?

How to convert the reported Pacific Time (PT) from one source to Universal Time Coordinated (UTC) within my search?

Using a REST command to query the status of the splunkweb process?

How to enable HTTP Event Collector on indexers?

How to rename a JSON field by editing a configuration file (NOT when running search)?

Why does using the Splunk Forwarder with Splunk Free display message "This feature is not available with your installed set of licenses"?

How to distribute splunk.secret to Windows Heavy Forwarders

How to correctly configure Splunk to monitor a directory with wildcards?

Can someone help me parse this XML into Splunk on the backend? Also should I add this to the props.config in my Deployment Server or my Search Head Deployer?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Mimecast App to get Archive logs

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout