Getting Data In

Ask a Question

Discussions

Thread Info

Is there a version of Splunk Universal Forwarder that is compatible with NT4?

Hi folks, You'll have to excuse my memory lapse here - Splunk forwarder on NT4, installation of - I recall getting...

by New Member in

Getting too many destination ip addresses. Need to filter it down to 5

Trying to filter down to 5 search results for the dest section. index=threat_activity threat_match_field=src thre...

by New Member in

Windows custom events logs not showing up in Splunk

Hi , Below is custom event logs which I am configuring on windows forwarder but they are not showing up in Splunk. We...

by Explorer in

How Data cloning can be done through a heavy forwarder?

I have a test environment(search head) in which there aren't any events. Now I want to do some data cloning and get s...

by Builder in

Timestamp Parsing in JSON

Hi, Can anyone help me with best configurations for timestamp parsing (where "DateTime" is the actual time) for fo...

by Path Finder in

What is the best way to adjust the time value for incoming syslog events from a specific host

I have a one host that has a time offset of +5 hours and would rewrite the timestamp to represent the local time zone...

by Explorer in

Where is data input configuration information entered from Splunk Web stored?

When I create a new data input (TCP port), where are these settings stored? I would have assumed it would be inputs.c...

by New Member in

universal forwarder trying to parse the data

I have a UF monitoring a couple of files on a AIX box. The UF is forwarding the data to a HF, I verified this in outp...

by Explorer in

After pushing updates to inputs.conf and outputs.conf to the UF, it is not forwarding data to the indexers. How can I fix?

I pushed updates to inputs.conf and outputs.conf to the universal forwarder. But it is not forwarding data to the ind...

by Contributor in

Why tcpdump says Syslog traffic from Cisco ASA is reaching the interface, but nothing shows up when searching the index?

I have a Cisco ASA sending syslog data to my Splunk server. When I search for the ip address of the ASA in the Search...

by New Member in

Why was the Splunk systemd service not created?

Using Centos 7.2. I just installed this on another host with same OS and it created a service in /etc/init.d This hos...

by Engager in

Consolidate similarly named log files into a single source

Our Splunk environment takes input from log files dropped off by an IronPort web security appliance. The files are na...

by Explorer in

How to forward data to a remote app from a Splunk instance that is currently both a search head and indexer?

We have a well established Splunk app on an instance which is serving as a Search Head and an Indexer. However, there...

by Builder in

How do i query splunk for latest and earliest time based on epoch time rather than human readable time?

I have a field called as "impact_time" which has human readable dates in it. Now i want to query splunk for a range o...

by Explorer in

Migrate from Heavy forwarder to Universal forwarder

Hi guys, OS is Linux RH 32 bit I had HF version 5.0.5, now I installed UF 6.4.3. i386. Done migration with old_splun...

by Explorer in

Forwarding only parts of license_usage.log

I'm struggling to forward only parts of Splunk's license_usage.log. Please consider the following config and tell me ...

by New Member in

What is the best way to find computer usage statistics from Active Directory and CSV data sources?

Sorry for the question, I can't think of a sane & sensible way to get the data out of Splunk in a computationally eff...

by Path Finder in

How to remove an invalid line breaker from syslog before indexing?

Hi everyone, I've got an application sending data to splunk, which are split over multiple lines instead to keep e...

by Explorer in

Why is my regular expression in inputs.conf not working to monitor rotating log files?

HI , I have below log files in the /repo/logs directory. http_access_management_console_2016-04-25.log http_acc...

by New Member in

Splunk Cloud & HTTP Event Collector: Docker log-driver error "Failed to initialize logging driver: remote error: handshake failure."

I am using Splunk Cloud with the free trial period right now. I need to verify that we are able to use Splunk Cloud w...

by Explorer in

How to edit my regular expression to retrieve the first 7-8 characters of variable length strings that end with abcd.com?

I am trying to extract router names from syslog messages. Need the regular expression to get the first 7 or 8 cha...

by Communicator in

Indexers running out of space despite config in indexes.conf

Hi all, On one of my environments, I ran out of space on the weekend. As it's not my primary production environmen...

by Communicator in

Need help for monitoring files

I am monitoring couple of files by specifying same source type. Inputs.conf:- [monitor://D:**\Installations*\Lo...

by Explorer in

How to build a form that does a drilldown to events around the selected event timestamp

How to build a form that does a drilldown to events around the selected event timestamp 1 - show a list of results...

by Splunk Employee in

Is it possible to include log contents from one sourcetype in an email alert triggered by a search on another sourcetype?

I've found a few different answers that approximate, but nothing yet that I can synthesize into a new solution for my...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is there a version of Splunk Universal Forwarder that is compatible with NT4?

Getting too many destination ip addresses. Need to filter it down to 5

Windows custom events logs not showing up in Splunk

How Data cloning can be done through a heavy forwarder?

Timestamp Parsing in JSON

What is the best way to adjust the time value for incoming syslog events from a specific host

Where is data input configuration information entered from Splunk Web stored?

universal forwarder trying to parse the data

After pushing updates to inputs.conf and outputs.conf to the UF, it is not forwarding data to the indexers. How can I fix?

Why tcpdump says Syslog traffic from Cisco ASA is reaching the interface, but nothing shows up when searching the index?

Why was the Splunk systemd service not created?

Consolidate similarly named log files into a single source

How to forward data to a remote app from a Splunk instance that is currently both a search head and indexer?

How do i query splunk for latest and earliest time based on epoch time rather than human readable time?

Migrate from Heavy forwarder to Universal forwarder

Forwarding only parts of license_usage.log

What is the best way to find computer usage statistics from Active Directory and CSV data sources?

How to remove an invalid line breaker from syslog before indexing?

Why is my regular expression in inputs.conf not working to monitor rotating log files?

Splunk Cloud & HTTP Event Collector: Docker log-driver error "Failed to initialize logging driver: remote error: handshake failure."

How to edit my regular expression to retrieve the first 7-8 characters of variable length strings that end with abcd.com?

Indexers running out of space despite config in indexes.conf

Need help for monitoring files

How to build a form that does a drilldown to events around the selected event timestamp

Is it possible to include log contents from one sourcetype in an email alert triggered by a search on another sourcetype?

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR