Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
azooju

Is there an event limit for Windows event log ingestion?

I have a Splunk Forwarder running on Windows 2012 and I'm monitoring a share with archived .evtx files from other Win...
by azooju Engager in Getting Data In 04-13-2017
0 1
0
1
himynamesdave

indexes.conf and setting volumes globally

Hi - I am re-architecting our Splunk environment. I have mounted various volumes to each of my indexers (3 total) fo...
by himynamesdave Contributor in Getting Data In 04-13-2017
0 3
0
3
mmccul

Why are Windows Event Logs sent and indexed every half hour?

Our domain controllers were resending the entire Windows EventLog every 30 minutes. No duplicate inputs entries. No...
by SplunkTrust SplunkTrust in Getting Data In 04-13-2017
0 2
0
2
robertlynch2020

monitoring recursive directories , with only one line

Hi I have a directory /net/dell425srv/dell425srv/apps/SPLUNK_BACK_UP_LIVE/MXTIMING_MEDIUM3 However it looks like ...
by robertlynch2020 Influencer in Getting Data In 04-13-2017
0 7
0
7
tom8h

How can I monitor the indexers in cluster via DMC?

Hello, I would like to know how to configure the DMC to monitor the indexers in the indexer cluster. In my understa...
by tom8h Explorer in Getting Data In 04-13-2017
0 2
0
2
kgriffen

Is there a good list of Windows Event IDs pertaining to security out there?

I am looking to create searches that follow a "User \ Group" lifecycle, and want to know if anyone has a good list of...
by kgriffen Engager in Getting Data In 04-12-2017
1 7
1
7
rewritex

Splunk Management Console - Error [subsearch] Rest Processor ... https://127.0.0.1:8089

I have an indexing cluster and this error is when I'm working from the Management Console on the Master. I go to: Ind...
by rewritex Contributor in Getting Data In 04-12-2017
0 2
0
2
JamesRConley

How do I know which apps I can remove? Where can I get more information about all installed apps?

By default there are many apps installed. I am attempting to find out which of my apps I am able to remove from the I...
by JamesRConley Explorer in Getting Data In 04-12-2017
0 2
0
2
koshyk

How to get a snapshot (say 200 events) of all data belonging for every sourcetypes?

I want to import all type of data from prod system to dev system after sanitising it. Also we want to capture all typ...
by koshyk Super Champion in Getting Data In 04-12-2017
0 2
0
2
dankulinski

After deploying KV_MODE = auto_escaped in props.conf to my search head cluster, why are we seeing unexpected search results?

I am trying to set up KV_MODE = auto_escaped for a particular source. The stanza looks like the following: [source:...
by dankulinski New Member in Getting Data In 04-12-2017
0 4
0
4
jaredlaney

Are there any plans to consolidate the many "deployment models" between forwarders, indexers, and search heads?

I'm wondering if there are any plans to simplify the deployment mechanisms. Right now there seems to be a lot of con...
by jaredlaney Contributor in Getting Data In 04-12-2017
7 6
7
6
aoliullah

The minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch on an Indexer

Hi. I get the following error on one of my indexers. The minimum free disk space (5000MB) reached for /opt/splunk/va...
by aoliullah Path Finder in Getting Data In 04-12-2017
0 15
0
15
sri_seyanam

How to import custom algorithms into SPLUNK Cloud

We are trying to import polynomial algorithm to Splunk Cloud Trail version. in the Splunk documentation we found the ...
by sri_seyanam New Member in Getting Data In 04-12-2017
0 1
0
1
TiagoTLD1

Delims missing field when value is empty

Hello I have an event like this: "2017-04-11 19:03:35.738","I1","0","localhost","",,,"2147479552","142176256",,,,,,...
by TiagoTLD1 Communicator in Getting Data In 04-12-2017
0 4
0
4
koshyk

How to get sourcetypes to TA/apps mapping via Splunk API?

As part of performance analysis, we are asked to do sourcetypes and regex analysis. The first step I wanted to see is...
by koshyk Super Champion in Getting Data In 04-11-2017
0 4
0
4
ankush_gupta

How can I create Splunk Alert using REST API?

I am trying to create Splunk Alert using REST API. I am trying to use the saved search for the purpose. services/sav...
by ankush_gupta New Member in Getting Data In 04-11-2017
0 1
0
1
kiran331

How to Monitor .txt file without indexing old data?

Hi I have a .txt file of large size which has all logs in a single file, I have to monitor the file, is there a way...
by kiran331 Builder in Getting Data In 04-11-2017
0 1
0
1
Ed_Alias

Universal Forwarder DsBind failed since upgrade to 6.0.2

Hi, i juste upgraded my universal Forwarder on a windows server, and since it gives me this error in Splunkd.log ...
by Ed_Alias Path Finder in Getting Data In 04-11-2017
3 11
3
11
nanduni

Using custom indices to retrieve docker container logs

Hi all, I want to retrieve the event logs of a docker container with a custom index that I created using the Splunk ...
by nanduni Explorer in Getting Data In 04-11-2017
0 3
0
3
yoyu777

Why does the Universal Forwarder not forward files to the index or sourcetype configured in inputs.conf?

Hi, I've spent one day trouble-shooting this issue but still don't have any luck. The files I want to forward are a...
by yoyu777 Explorer in Getting Data In 04-11-2017
0 1
0
1
sympatiko

Why am I getting "ERROR S2SFileReceiver - event=statSize replicationType=eJournalReplication...status=failed" in my indexer cluster?

Hi, I'm getting the following error on my indexers' splunkd.log. I have a RF=3 and SF=3 indexer clustering with 1 ma...
by sympatiko Communicator in Getting Data In 04-11-2017
0 5
0
5
vaianna

Indexer Cluster: Why am I seeing "event=replicationData... event=rename replicationType=eJournalReplication status=failed" errors on one indexer?

Hi, I have a Splunk indexer cluster with these parameters: 1 Master node 1 Search Head node 2 Indexers 2 Forwarders ...
by vaianna New Member in Getting Data In 04-10-2017
0 2
0
2
jravida

How to prevent internal Splunk audit logs from being written to /var/log/audit?

Hi folks, So I am running a distributed deployment. It seems that, on my index server (running RedHat), SPlunk is se...
by jravida Communicator in Getting Data In 04-10-2017
1 5
1
5
jpolson

How to parse an unusual timestamp format?

Hi all, I have have some inconsistent timestamp parsing issues that I believe are due to an incorrect TIME_FORMAT va...
by jpolson New Member in Getting Data In 04-10-2017
0 4
0
4
plynch52

How to report on the top 10 fields when logs have a variable number of key value pairs that are numeric?

I have log records with a variable number of KV (key value) pairs. Both the field and the values are numeric. The f...
by plynch52 Explorer in Getting Data In 04-10-2017
0 1
0
1
Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...
Top Solution Authors
View All