Getting Data In

Discussions

Thread Info

How to configure a Heavy Forwarder to forward a subset of Cisco ASA events to Indexers, while sending ALL events to external syslog servers?

Running 6.5.0. Attempting to use a Heavy Forwarder to forward a subset of cisco:ASA events to Splunk indexers, wh...

by Engager in

Will my outputs.conf edits work to send both compressed and uncompressed outputs from universal forwarder?

I have a Universal Forwarder (UF) that I'd like to send out both compressed and uncompressed data streams to a single...

by New Member in

Why has using the rest command to search REST API stopped working after upgrading to 6.5.3?

Hi, I used to periodically query the REST API using the search app in Splunk Web, something like so: | rest /se...

by Path Finder in

I cannot get splunk to ingest my csv files!

I have some csv files that have 30+ columns and I cannot get splunk to ingest them. I keep getting crc errors. I've t...

by Builder in

Index holding data

Hi Team, We wanted to keep one year data in splunk for few of the indexes in our environment, we understand that w...

by Contributor in

How to sync csv file with splunk and how to update splunk automatically when there is change in csv file ?

csv file should be synced with splunk so that next time I changed the data in csv file, it should reflect automatical...

by New Member in

Moving splunk from one directory to another in Windows

We have several servers where the Universal Forwarder has been installed to the wrong drive/directory. During our upg...

by Contributor in

The exported csv file of the Splunk results is not aligned

Hi, I have exported my search results into a csv file using Export button. The output result contains a list of Email...

by Explorer in

splunk extract incorrect time

Hi,everyone. My raw log is like this: 2017-05-22 01:00:01 dst:100.100.100.2 src:118.32.120.110 port:60046 count:6 ...

by Communicator in

How to ensure logs generated during Universal Forwarder upgrade are not lost or duplicated?

We are about to upgrade several hundred Universal Forwarders (UF) in our environment. We want to make sure that any l...

by Contributor in

need help in writing time prefix and time format

Hello All i have events like this: hn:keng01-dev01-ins01-rpt31.int.dev.mykronos.com|pid:3161|prod:iHub|****4145...

by Path Finder in

Indexing compressed vs raw logs

Hello, Say for example a five 50MB sample.log.gz (250MB) and if decompressed, it becomes five 600MB (3GB) sample.l...

by Builder in

What is the ideal Splunk setup for log monitoring of different inputs?

How to determine if Splunk needs to be scaled horizontally or vertically? For logs up to 5GB from different inputs, w...

by New Member in

How to enable REST endpoints so that users can use other tools to grab data from Splunk?

How to enable REST endpoints so that users can use other tools to grab data from Splunk? Port 8089 is already opened....

by Path Finder in

How to collect FTP and SFTP activity on servers via Splunk?

We would like to gather information on inbound and outbound ftp and secure ftp connections made to our servers from w...

by New Member in

Proper way to blacklist .gz files in inputs.conf?

According to the documentation, it is this: [monitor:///mnt/logs] blacklist = .gz$ However, I've tried...

by Builder in

how does time synchronization work between forwarder and indexer?

Hi we have hosts sending logs to indexer using universal forwarders. The hosts are spread across different time zones...

by Loves-to-Learn Lots in

how to handle thousands of events with the same timestamp...

Hi, I have a feed that collects snmp performance stats every 5 minutes. I am parsing this logfile with a heavy for...

by Champion in

Can't delete Events

Hello, we got some Events, which we need to clean up. So we need to wipe them: $HOME/bin/splunk search 'index=i...

by Communicator in

Why am I getting "access denied" when trying to edit inputs.conf on a Windows universal forwarder?

Recently I have configured a universal forwarder on a Windows 32 bit machine. I can see the Splunk process is running...

by Path Finder in

Splunk forwarder is logging data but why is Splunk Enterprise not showing the data in Splunk Web?

Splunk Forwarder metrics log on application node : metrics.log:05-19-2017 13:09:07.625 -0500 INFO Metrics - group...

by Observer in

How to read syslog events in Linux CLI?

hai, I have installed Splunk on cent-os 6.5 and able to see the syslog events on GUI. I want to see those events o...

by New Member in

How to override an index on per event basis?

So basically, I have a ton of events coming in on UDP 514. Based on the document linked below, I was able to configu...

by Explorer in

How to write the correct TIME_FORMAT and LINE_BREAKER for my sample data?

Hello all, i have a log file in which there is no date in the log events and it might also contain stack-trace ...

by Path Finder in

How to convert "LastBootUpTime" to epoch time (including the timezone offset) in order to get the epoch reported in GMT?

I'm having difficulties converting Microsoft's LastBootUpTime into Epoch taking the timezone offset into account to g...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to configure a Heavy Forwarder to forward a subset of Cisco ASA events to Indexers, while sending ALL events to external syslog servers?

Will my outputs.conf edits work to send both compressed and uncompressed outputs from universal forwarder?

Why has using the rest command to search REST API stopped working after upgrading to 6.5.3?

I cannot get splunk to ingest my csv files!

Index holding data

How to sync csv file with splunk and how to update splunk automatically when there is change in csv file ?

Moving splunk from one directory to another in Windows

The exported csv file of the Splunk results is not aligned

splunk extract incorrect time

How to ensure logs generated during Universal Forwarder upgrade are not lost or duplicated?

need help in writing time prefix and time format

Indexing compressed vs raw logs

What is the ideal Splunk setup for log monitoring of different inputs?

How to enable REST endpoints so that users can use other tools to grab data from Splunk?

How to collect FTP and SFTP activity on servers via Splunk?

Proper way to blacklist .gz files in inputs.conf?

how does time synchronization work between forwarder and indexer?

how to handle thousands of events with the same timestamp...

Can't delete Events

Why am I getting "access denied" when trying to edit inputs.conf on a Windows universal forwarder?

Splunk forwarder is logging data but why is Splunk Enterprise not showing the data in Splunk Web?

How to read syslog events in Linux CLI?

How to override an index on per event basis?

How to write the correct TIME_FORMAT and LINE_BREAKER for my sample data?

How to convert "LastBootUpTime" to epoch time (including the timezone offset) in order to get the epoch reported in GMT?

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk

How to Ingest Azure Monitor Logs into Splunk in Ne...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions