Getting Data In

Discussions

Thread Info

Why is Splunk not parsing a CSV file correctly with TAB as a delimiter and \n as a line separator?

Hi, I'm trying to parse csv file with TAB as separator and \n as a line separator. I don't have time in csv, I would ...

by Explorer in

Data not coming in Splunk Apps for Windows Infrastructure

I am using Splunk 6.2 version And Installed App Windows Infrastructure 1.0 Version, Sometimes I am not getting data i...

by New Member in

How to send different data to different receivers using a single Splunk Universal Forwarder ?

How to send different data to different receivers using single Splunk Universal Forwarder ?

by New Member in

Where is the default sourcetype for udp:514 set?

The sourcetype for udp514 is set to syslog. Where is this defined? Is it hard coded in Splunkd or is it defined in a ...

by Communicator in

Has anyone seen Java code that can parse and interpret Splunk time modifiers?

not a Splunk problem, but this community is most likely to have an answer.... I have a non-Splunk related utility ...

by Contributor in

How to override the host and indexer if they are from a specific IP address?

Hi everyone, I would like overwrite the host and indexer coming from my Splunk universal forwarder in my main ind...

by Communicator in

How to merge a multiline event correctly ?

I have a problem that is similar to this topic : http://answers.splunk.com/answers/188776/events-are-not-properly-spl...

by Path Finder in

Why is the latest indexed data from our domain controllers showing 120 minutes old Windows security logs ?

Hi, We have the same app deployed on multiple Domain Controllers. On some DC's, the data indexed in Splunk is old...

by Explorer in

Dealing with badly structured json events

I am pulling in some json events that are poorly structured (at least for my needs). Specifically, I need to be able ...

by Communicator in

How to associate a value generated by a host with a field/event outside of the source?

This is an overview of how my system produces a certain value: Usually each area has a set of hosts, but t...

by Communicator in

How to index two different datestamps in a single sourcetype?

We had logs initially with timestamp: [05/18/15 6:00:02.3898 AM] With the latest release, the timestamp in logs ch...

by Contributor in

How can I push a comma separated line of fields to Splunk using the Java SDK?

I have a Java program that reads in a CSV and prints off lines where one field has a certain value, and want to set i...

by New Member in

Why am I not able to get Aruba wireless controllers logs into Splunk via UDP port 514?

Hello guys, I am trying to forward the logs of Aruba wireless controllers into Splunk, but I am not able see the l...

by Path Finder in

How do I tell my Light Forwarder to stop forwarding internal logs?

I have enabled the SplunkLightForwarder app and it sends internal logs to my indexers. Is there a way for me to stop ...

by Splunk Employee in

Will upgrading our Splunk indexer server with high performance hardware and dividing the indexer with multiple servers solve our high CPU performance issue?

Hi Team, Currently we are facing a high CPU utilization issue on our indexer because of Splunk's high usage. To r...

by Communicator in

Is it possible to process a raw log file and give a out put in tabular structure?.Please help me out.My logs are like this only.

Hi I am new to splunk. My log file sample is given below: Raw log data given below: 2011-01-01T00:00:50.665998Z : ...

by New Member in

Getting Data In

Discussions

Why is Splunk not parsing a CSV file correctly with TAB as a delimiter and \n as a line separator?

Data not coming in Splunk Apps for Windows Infrastructure

How to send different data to different receivers using a single Splunk Universal Forwarder ?

Where is the default sourcetype for udp:514 set?

Has anyone seen Java code that can parse and interpret Splunk time modifiers?

How to override the host and indexer if they are from a specific IP address?

How to merge a multiline event correctly ?

Why is the latest indexed data from our domain controllers showing 120 minutes old Windows security logs ?

Dealing with badly structured json events

How to associate a value generated by a host with a field/event outside of the source?

How to index two different datestamps in a single sourcetype?

How can I push a comma separated line of fields to Splunk using the Java SDK?

Why am I not able to get Aruba wireless controllers logs into Splunk via UDP port 514?

How do I tell my Light Forwarder to stop forwarding internal logs?

Will upgrading our Splunk indexer server with high performance hardware and dividing the indexer with multiple servers solve our high CPU performance issue?

should_linemerge for json data using universal forwarder

How to configure forwarding on an amazone EC2 server linux ?

How do I troubleshoot linebreak / linemerge issues?

Multiple source types to a single listner

Is it possible to process a raw log file and give a out put in tabular structure?.Please help me out.My logs are like this only.

Will Splunk index old data present in a folder aft...

Get count of top level keys from JSON?

Failed to reap viewstate

Extract-Display the Details Tab from windows event...

crushed logs master