Getting Data In

Thread Info

Running a single instance of Splunk, but why does Health Check in the Monitoring Console warn of non-indexer instances that are not sending logs to the indexer?

I have a single instance Splunk Enterprise setup. When I run the Health Check in the Monitoring Console, it gives me ...

by Communicator in

Is there a way to push summary index data to more than one indexer?

Is there a way to include more than one indexer for scheduled searches that write to a summary index? The schedule...

by Motivator in

problem of monitoring windows files

Now I want to monitor eee.txt. The file path is "C:\Program Files\new_folder(86)\eee.txt" and configure the input ste...

by Explorer in

dmc_forwarder_asset not displaying Universal Forwarders

Is there a reason why "dmc_forwarder_assets" is not displaying the universal forwarders in DMC ? It was displaying it...

by Explorer in

Upgrading a splunk server hardware

We are in the process of upgrading our splunk server hardware and I was looking for some sort of best practice. I am ...

by Explorer in

How to troubleshoot why a Windows universal forwarder is sending metrics, but not Windows event logs?

Here's my setup: I have three clustered indexers, two search heads, a deployment server, as well as several Heavy For...

by Builder in

Possible to define a sub-sourcetype?

We are ingesting IIS logs in json format as we are adding some additional fields to the log file that contain informa...

by Influencer in

Moved indexed data to different mount - not seeing it

Hi, I was running out of space due to large volume of vmware data that we are indexing and I had to move the data ...

by Communicator in

Json match `field.name` to `field.value` fields

Hi all, I have some office 365 json events that have an ExtendedProperties array field containing multiple json ob...

by Explorer in

What is the best way to filter WMI Event Logs by type without just whitelisting or blacklisting?

Current Splunk Enterprise Server Version: 6.2.1 Current Splunk Test Server Version: 6.5.0 Question: What is the...

by New Member in

SNMP V3 Not Working

Hi, I have spent a large amount of time trying to configure SNMP V3 with Splunk Enterprise. I cannot get SNMP V3 t...

by New Member in

LINE_BREAKER trouble

I'm struggeling to get splunk to break some json events properly. This is due to the fact, that my input has no new l...

by Communicator in

How to configure props.conf and transforms.conf to ignore the first two lines of an imported log file?

We have following log file which we need to import in Splunk: "cdrRecordType","globalCallID_callManagerId","global...

by Path Finder in

How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

Hello guys, we are working with a Heavy forwarder and its receiving logs from a lot of sources and of course send...

by New Member in

How to achieve blacklist for folder level

I would like monitor all the files below except the first one Because sample.log from environment a1 conusming more d...

by Communicator in

SplunkでLHAのアーカイブを取り込めますか？

SplunkでLHA (LZH形式)のアーカイブファイルをZIPファイルのように取り込みたいのですが、可能でしょうか？ Can I import a LHA (LZH format) archived file?

by Explorer in

Why is WMI Input field data being truncated?

So I would like to implement a WMI based input via WMI.conf among a subset of Splunk Universal Forwarders. In this ca...

by Builder in

Data collection Methods, is there a way to see what feeds a datasource?

I am working on a matrix of data sources for my splunk deployment. I need to map my data sources -collection method (...

by Contributor in

Why am I getting a "Permission Denied" error when running './splunk list forward-server'?

I am trying to add the forwader or list it, but it ends up in permission denied messsage ./splunk list forward-ser...

by Engager in

Spath parsing error, last event in JSON

I have the following JSON in each event payload={fields1=values1, field2=value2, etc} When running spath I enc...

by Contributor in

How do I do highly robust Splunking?

Hi, I'm (we're) new to Splunk and engaging in some proof of concept work. So bear with me if this question has som...

by Explorer in

What is the best way to forward Guardium database data to Splunk?

We are using Guardium to track all database activities of high-privileged database users. All the data is stored in t...

by Engager in

Heavy Forwader data route between multiple indexer

Hi! I know there are several questions in this topic, but I didn't find a solution for me. I try to create a simpl...

by Communicator in

Domain Controller logs - Best practice?

We are currently pulling the event logs for 6-8 domain controllers. We are having issues with some of the domain cont...

by Path Finder in

Setting sourcetype based on source with wildcards via web console?

Hello all, I am looking to set the sourcetype of my logs based of the logs' source. I know how to do this by modifyin...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Running a single instance of Splunk, but why does Health Check in the Monitoring Console warn of non-indexer instances that are not sending logs to the indexer?

Is there a way to push summary index data to more than one indexer?

problem of monitoring windows files

dmc_forwarder_asset not displaying Universal Forwarders

Upgrading a splunk server hardware

How to troubleshoot why a Windows universal forwarder is sending metrics, but not Windows event logs?

Possible to define a sub-sourcetype?

Moved indexed data to different mount - not seeing it

Json match `field.name` to `field.value` fields

What is the best way to filter WMI Event Logs by type without just whitelisting or blacklisting?

SNMP V3 Not Working

LINE_BREAKER trouble

How to configure props.conf and transforms.conf to ignore the first two lines of an imported log file?

How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

How to achieve blacklist for folder level

SplunkでLHAのアーカイブを取り込めますか？

Why is WMI Input field data being truncated?

Data collection Methods, is there a way to see what feeds a datasource?

Why am I getting a "Permission Denied" error when running './splunk list forward-server'?

Spath parsing error, last event in JSON

How do I do highly robust Splunking?

What is the best way to forward Guardium database data to Splunk?

Heavy Forwader data route between multiple indexer

Domain Controller logs - Best practice?

Setting sourcetype based on source with wildcards via web console?

Mastering Data Pipelines: Unlocking Value with Splunk

The Latest Cisco Integrations With Splunk Platform!

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Palo alto Strata logging service logs

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?