Getting Data In

Discussions

Thread Info

Index /var/log even though Splunk doesn't run on root

Hello Splunkers, So our Splunk Enterprise runs on a non-root user and our requirement is to forward /var/log/secur...

by Builder in

How to get data from host to heavy forwarder to indexer?

I have an indexer, search head, heavy forwarder and license master server configured. I also have a test server (host...

by New Member in

Search Archived Buckets in Hadoop

I'm working on pushing out Hadoop data roll for archived data to our index cluster. The buckets are rolling as expect...

by Communicator in

How to automatically extract key value pairs after using translatefix

I have used translatefix to decode the fix messages logs and it worked fine. But Splunk is not able to automatically ...

by Path Finder in

Should I use a heavy forwarder or an indexer cluster for my particular scenario?

Hi, I'm hoping for some advice as I'm trying to understand the best way to configure Splunk components in the sce...

by Path Finder in

Convert DateTime format befor indexing and write in _time. Time of event have hex format.

Hello everybody! I have trouble with parsing time of event in time indexing.Fields of time in my raw event have hex s...

by Explorer in

Can I use Splunk 6.5 to monitor Windows 7 hosts?

Can I use Splunk 6.5 to monitor Windows 7 hosts? My indexer is on Server 2012 so I know I can install 6.4.5 I just ne...

by Engager in

How to create a custom field to match a particular string?

I have an interesting use case, where I have a list of strings that I search for within our proxy logs to identify pr...

by Explorer in

how to filter and forward to multiple destination

Hello, I tried this configuration but it ended up badly, there were no more log on Splunk: [pan:log] TRANSFORMS...

by Path Finder in

Is there a way to change collection interval for HTTP Event Collector?

I am using HTTP Event Collector to collect Symantec ATP logs, my current ingest rate varies based on log size. It is ...

by New Member in

How to filter or blacklist all event type/level "information" on Splunk 6.5.0?

I would like to filter/blacklist all event type/level "information" on Splunk 6.5.0, i am using wmi to collect logs f...

by New Member in

How can I index SNMP traps on Windows with Splunk?

I would like my Juniper and Cisco network devices to send snmp traps to Splunk indexer running on Win2008. Anyone ...

by Splunk Employee in

Getting SNMP Data into Splunk

Hey everyone, I am trying to figure out the most efficient way to get polled SNMP data into splunk. Strangely while t...

by Builder in

Sending SNMP to Splunk

Still have some doubts about sending SNMP to Splunk http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSN...

by Explorer in

SNMP Hell. Just awful install and support.

ok. We have spent hours on trying to get our snmp logs into Splunk. Everyone should be aware of the Hell. First, for ...

by Engager in

What is the best practice for setting time zone?

We have Splunk instances running in EST, however the application log files are in GMT & EST. When Splunk is indexing ...

by Engager in

How to fix an incorrectly indexed timestamp?

Splunk is not showing the correct time on the events. The time that Splunk gives the log is 5 hours behind the time t...

by Engager in

How to enable the forwarder to add another field (such as an alias of a host) during index time?

Adding an index-time value on a forwarder to capture the hostnames as the host (custom name) is already added in inpu...

by New Member in

How can I set the sourcetype to a value from the input stream?

I have a name value data stream which contains the following - "msg_sourcetype": "syslog-test". How can I set the sou...

by Ultra Champion in

Configure Splunk Forwarder to encrypt data?

I have recently (yesterday) installed a new instance of Splunk on a VM. Another VM in a separate datacentre has the S...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Index /var/log even though Splunk doesn't run on root

How to get data from host to heavy forwarder to indexer?

Search Archived Buckets in Hadoop

How to automatically extract key value pairs after using translatefix

Should I use a heavy forwarder or an indexer cluster for my particular scenario?

Convert DateTime format befor indexing and write in _time. Time of event have hex format.

Can I use Splunk 6.5 to monitor Windows 7 hosts?

How to create a custom field to match a particular string?

how to filter and forward to multiple destination

Is there a way to change collection interval for HTTP Event Collector?

How to filter or blacklist all event type/level "information" on Splunk 6.5.0?

How can I index SNMP traps on Windows with Splunk?

Getting SNMP Data into Splunk

Sending SNMP to Splunk

SNMP Hell. Just awful install and support.

What is the best practice for setting time zone?

How to fix an incorrectly indexed timestamp?

How to enable the forwarder to add another field (such as an alias of a host) during index time?

How can I set the sourcetype to a value from the input stream?

Configure Splunk Forwarder to encrypt data?

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Instrumenting Java Websocket Messaging

approximate pie chart percentage

How to I index a payload that has leading and trai...

How to check for artifacts found during playbook e...

SSL: UNKNOWN_PROTOCOL Error with Gitlab Auditor TA

Help with MSSQL JDBC driver incompatibility error?