Getting Data In

Discussions

Thread Info

Is it possible to prevent indexing part of a line in a log file?

I know it is possible to skip lines in an input, however, I have the case where I want to skip part of a line. For...

by Path Finder in

A very singular use case (I think) in indexing XML files.

I think I have a very particular scenario using XML files. At least I did not find somebody having the same issue her...

by Explorer in

How to configure logs capture in Splunk

Hi, I am a newbie to splunk and I have a requirement like below. We are using Weblogic em console to see and downl...

by New Member in

easiest way to detect if splunk forwarder is running on 150 servers

Hey There, I am new to splunk(Please go easy on my knowledge :)). We have 150 servers that has splunk forwarders on i...

by Motivator in

How to index the correct timestamp from a log that has two dates?

Hi guys, I have a log file that occasionally logs an event which contains two dates. For example, like this: 2014-...

by Engager in

How to configure props.conf to set the universal forwarder's server time as the event timestamp?

I'm trying to solve the following problem: in our client's environment, the clocks on different servers can vary grea...

by Builder in

Why are some forwarded Windows events getting dropped and I get error "Failed to get the (record id, publisher name, level id) from event..."?

Hi, We have Splunk reading forwarded Windows events, and it appears to dropping events. Looking at the logs, I see...

by Champion in

How to blackhole unwanted server logs by configuring props.conf and transforms.conf?

Our main syslog server just forwards everything to Splunk. We have exclusions in syslog for certain applications but ...

by Explorer in

I have source data and i have inputlookup data, now i need to match them with column, but column name in source is Student and Column name in Inputlookup is Roll_Number. How can i match them?

I have source data and i have inputlookup data, now i need to match them with column, but column name in source is St...

by Explorer in

How do I monitor Forwarded Events logs on Windows?

I'm trying to monitor Forwarded Events logs on Windows (not application, system, etc.)? My inputs.conf stanza look...

by Path Finder in

Why is Powershell generated CSV data that is monitored only getting indexed once and is not indexed again until a Splunk restart?

I've got an extremely frustrating problem here, at my wit's end and finally coming here. I've got CSV files being ...

by Path Finder in

Extracting multi-level host name

I would like to extract both directory and subdirectory information while importing data. So basically the directo...

by Communicator in

Timestamp format

What could be the TIME_FORMAT=? for the below timestamp in event 2015-03-18 14:18:17 0.175

by Path Finder in

After fixing props.conf, how to re-index the same files using the new settings?

I accidentally imported some files into Splunk and the default line-breaking didn't work correctly. Now I want to rep...

by Contributor in

How to enable and disable scheduled searches using Splunk REST API in Powershell?

I have a requirement to disable scheduled search (specific ones) during a specific window and when a data load runs, ...

by Explorer in

Can you configure the Universal Forwarder on NIX (syslog) to send some logs to the indexer and others to a Heavy Forwarder?

We have a syslog server where there are many logs going to the indexer. Can we configure the Linux Universal Forwa...

by Engager in

Multiple index join with different formatted data JSON and RAW is not working

I have esbetalog in JSON format and etaprd in RAW format and outer joined as with CUSTOMER_ORDER_NUMBER column both h...

by Path Finder in

Can forwarder be configured to monitor more than one folder on Windows servers?

I installed and configured the forwarder on windows. in the monitoring folder, I have multiple folders. can the forwa...

by Explorer in

How to modify my configuration of Splunk SSO with SAML and ADFS as the Identity Provider?

I'm attempting to configure SSO for Splunk with ADFS as the IdP. I have mapped an Active Directory group to the admin...

by Engager in

Forwardeing and Indexing on an Heavy Forwarder

Hi at all, I have a Splunk instance indexing some logs. I'd like to continue to use the server for its old job but, a...

by SplunkTrust in

how do i get splunk to recognise timestamp of my log

I have a time stamp logged into my my SNMP log like the below [6844 0502 083830508 SNMP] BAXSnmpSTTWorker::HandleS...

by Path Finder in

Use script to format file while uploading

Hi, I have a python script which formats the json file and create a new file in another location. My splunk instance ...

by Builder in

Why am I unable to use token authentication on a universal forwarder

Hello the Splunk community I'm trying to use the token authentication between an indexer and a universal forwarder...

by Engager in

Why am I unable to index contents of a text file being monitored by universal forwarder?

Hi, We are trying to get DNS logs into Splunk. Logs are generated in a .txt file and the goal is to use Splunk For...

by Builder in

How to configure srchFilter for a role to limit the results by indexer?

I have a Splunk Enterprise setup, with a handful of main indexers and their own search head clusters, and a bunch of ...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is it possible to prevent indexing part of a line in a log file?

A very singular use case (I think) in indexing XML files.

How to configure logs capture in Splunk

easiest way to detect if splunk forwarder is running on 150 servers

How to index the correct timestamp from a log that has two dates?

How to configure props.conf to set the universal forwarder's server time as the event timestamp?

Why are some forwarded Windows events getting dropped and I get error "Failed to get the (record id, publisher name, level id) from event..."?

How to blackhole unwanted server logs by configuring props.conf and transforms.conf?

I have source data and i have inputlookup data, now i need to match them with column, but column name in source is Student and Column name in Inputlookup is Roll_Number. How can i match them?

How do I monitor Forwarded Events logs on Windows?

Why is Powershell generated CSV data that is monitored only getting indexed once and is not indexed again until a Splunk restart?

Extracting multi-level host name

Timestamp format

After fixing props.conf, how to re-index the same files using the new settings?

How to enable and disable scheduled searches using Splunk REST API in Powershell?

Can you configure the Universal Forwarder on NIX (syslog) to send some logs to the indexer and others to a Heavy Forwarder?

Multiple index join with different formatted data JSON and RAW is not working

Can forwarder be configured to monitor more than one folder on Windows servers?

How to modify my configuration of Splunk SSO with SAML and ADFS as the Identity Provider?

Forwardeing and Indexing on an Heavy Forwarder

how do i get splunk to recognise timestamp of my log

Use script to format file while uploading

Why am I unable to use token authentication on a universal forwarder

Why am I unable to index contents of a text file being monitored by universal forwarder?

How to configure srchFilter for a role to limit the results by indexer?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

UF after Sleep/Hibernate

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...