Getting Data In

Discussions

Thread Info

Where do I put the outputs.conf file to disable indexing on my search head?

Where do I put the outputs.conf file to disable indexing on my search head? Does this go in /splunk/etc/system/local ...

by Contributor in

How to best configure Splunk syslog and Cisco Sourcefire Defense Center?

Hi, I am new to Splunk and I'm trying to configure the Syslog for Sourcefire Defense Center. I am using the latest...

by Engager in

Where can I find data I added into Splunk?

Hi, I followed the Splunk guide http://docs.splunk.com/Documentation/Splunk/6.1.11/SearchTutorial/Getthetutorialdata...

by New Member in

IP address vs hostname

Dear Splunkers, We recently have set up SPLUNK as a syslog to gather all the logs of our Cisco routers and switche...

by New Member in

Events missing via http event collector

I'm seeing a behaviour where some of my events are missing after been sent to http event collector. I'm sending singl...

by Explorer in

Splunk Deployment App Configurations on Universal Forwarder not Working

I am using a deployment server to push out an "app" that has an input.conf file and output.conf file in the local dir...

by Path Finder in

How to resolve the parsing of key value pairs in a URL?

I have log data that contains URLs like the example below. The automatic parsing of key value pairs works very well. ...

by New Member in

ip2decimal command is exist. Is decimal2ip command exist?

Hi~ ip2decimal command is exist. Is decimal2ip command exist? example> | eval foo="210.192.120.23" | ip2deci...

by Path Finder in

How can I configure Splunk to parse the date and time from my sample log?

I am probably having a simple problem that me being a Splunk noobie is having trouble solving. I have logs that I wou...

by New Member in

export to CSV file empty

I am trying to export data to a CSV file which has always worked before I upgraded to version 6. The CSV file is blan...

by Explorer in

Why is my splunkweb service not running?

Splunk Ent Vers. 6.0 Windows Server 2012 Browser IE 10 Port http://localhost:8080 I am unable to access the Splunk...

by New Member in

How to edit my props.conf to linebreak a Simple XML log into multiple events?

Hi, I have been trying to implement a stanza to break a long line of XML into multiple events, but it is not funct...

by Path Finder in

How to parse and index a log file that contains multiple character set codes?

Hello, I want to index a log file that contains multiple character set codes and recognize the correct character s...

by Path Finder in

Splunk on RPI

Hi there, I have been looking into using the RaspberryPI (RPI) and splunk coupled with a SPAM port to monitor net...

by New Member in

How can I enable both Splunk server and Splunk Universal Forwarder at boot time?

Hi, I'm setting up a server with both splunk-server and splunk-universal-forwarder. When I try to enable the splun...

by New Member in

What should the sourcetype setting be for my sample log in order for Splunk to parse the timestamp?

<?xml version="1.0"?><Transmission xmlns="http://xxx.oracle.com/apps/xxx"><TransmissionHeader><Version>6.3.7</Version...

by Explorer in

How to map existing sourcetypes to CIM data models?

I have an environment with a large number of sourcetypes and would like to map those to the appropriate CIM data mode...

by Motivator in

How to configure Splunk on my Windows 2008 server?

i installed Splunk on my Windows 2008 server. i added the DNS name and IP to my DNS server but when i enter the DNS n...

by Explorer in

delete events that have a certain field empty?

here is the scenario: http://tinypic.com/r/1ax08/6 how can i delete the events for which the field is empty? th...

by New Member in

How to edit my configuration to add SSL on forwarders with self signed certificates?

I am working on adding SSL on forwarders with self signed certificates. Here is the /etc/system/local/outputs.conf...

by Path Finder in

How to edit my indexes.conf to configure an index to only retain data for 90 days?

Hi Team, I have created an index called "mysummary" for my Splunk app, and I want this index to store 90 days wort...

by Motivator in

How to limit mgmt port access to localhost only on Universal Forwarder or Heavy Forwarder

For security reasons we would like to disable the management port but unfortunately very neat debugging commands such...

by Path Finder in

How to edit my monitor stanza in inputs.conf on the deployment server to collect logs from our forwarders?

Hi All, I have a Splunk environment with deployment server and forwarders of nearly 200. In one of the deployment ...

by New Member in

Can I manualy create "_telemetry" index on older version indexer

My indexers are 6.2.3 I upgraded one of my searchheads to 6.5.1 to test my apps and it is trying to put data in the _...

by Motivator in

How can I exclude XML file headers from being indexed?

Hey Splunkers! I have some XML log files that I'm monitoring on a Windows 2003 server. I got my line/event breakin...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Where do I put the outputs.conf file to disable indexing on my search head?

How to best configure Splunk syslog and Cisco Sourcefire Defense Center?

Where can I find data I added into Splunk?

IP address vs hostname

Events missing via http event collector

Splunk Deployment App Configurations on Universal Forwarder not Working

How to resolve the parsing of key value pairs in a URL?

ip2decimal command is exist. Is decimal2ip command exist?

How can I configure Splunk to parse the date and time from my sample log?

export to CSV file empty

Why is my splunkweb service not running?

How to edit my props.conf to linebreak a Simple XML log into multiple events?

How to parse and index a log file that contains multiple character set codes?

Splunk on RPI

How can I enable both Splunk server and Splunk Universal Forwarder at boot time?

What should the sourcetype setting be for my sample log in order for Splunk to parse the timestamp?

How to map existing sourcetypes to CIM data models?

How to configure Splunk on my Windows 2008 server?

delete events that have a certain field empty?

How to edit my configuration to add SSL on forwarders with self signed certificates?

How to edit my indexes.conf to configure an index to only retain data for 90 days?

How to limit mgmt port access to localhost only on Universal Forwarder or Heavy Forwarder

How to edit my monitor stanza in inputs.conf on the deployment server to collect logs from our forwarders?

Can I manualy create "_telemetry" index on older version indexer

How can I exclude XML file headers from being indexed?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Mimecast App to get Archive logs

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout