Getting Data In

Ask a Question

Discussions

Thread Info

How to add parallelIngestionPipelines to server.conf in an indexer cluster?

Hi All, We have an indexer cluster and cluster master. we need to add the parameter below in the indexer cluster s...

by Contributor in

How to remove inner double quotes from json data??

Hello i am trying to remove inner double quotes from json data here is my sample data: {"msg": "the message...

by Path Finder in

Whats the best way to blacklist a Windows event code?

I have over 300 Universal forwarders and I'm getting several eventcode=5156 events errors. Is there a way to blacklis...

by Path Finder in

Splunk offline command and bucket replication

Reading through the "offline" documentation & "maintenance" mode documentation, I'm slighly confused, if we need to d...

by Super Champion in

Why is the Distributed Management Console unable to find forwarders?

I configured Forwarder Monitoring Setup of DMC function for monitoring status of forwarders, but the Distributed Mana...

by Explorer in

How to edit props.conf to line break a single line event into multiple lines?

I have a single line event as shown. I have to break it to multiple lines starting at {IBP_LKL . May I know what sett...

by Contributor in

Windows Server 2008R2 Splunk server not receiving Windows Event Logs from a Windows 7 PC with Universal Forwarder installed

I initially tested the Splunk Server on a Windows 7 machine and installed the Universal Forwarder on another WIndows ...

by Engager in

Can a custom app send data to the indexer via memory?

I wonder what would be an efficient way for a custom app to communicate with an indexer? Can the custom app write to ...

by Ultra Champion in

Accidentally uploaded the same license on indexers and master node. How to resolve a "Duplicated license situation"?

Hi Experts, I got a situation. By mistake, I uploaded the same license that I used for Indexers and Master node. N...

by Builder in

Considerations for adjusting autoLBFrequency in outputs.conf

When using automatic load balancing of outputs from universal forwarders (UF), the default number of seconds a forwar...

by Builder in

Why are my nearly identically-named log files not being indexed by Splunk?

For our "ATA42_NETWORK" application we have indexed *.NCD files These files are located in an “input directory” monit...

by New Member in

Whats the best way to migrate /db from one drive to another?

I'm migrating a standalone indexer from Windows to Linux. I mounted the snapshot onto the Linux box and currently mov...

by SplunkTrust in

What is the user-seed.conf file?

I'm a bit confused about the user-seed.conf. Based on the documentation provided by Splunk, it seems this is to set u...

by Explorer in

How can I improve the performance of Splunk monitoring hundreds of active files?

When Splunk monitors hundreds/thousands of files, there seems to be a long lag between the time the event is generate...

by Splunk Employee in

Forwarded events not indexed

Hello! I am preparing for the architect exam and I have set the following lab: 10.37.129.10 spl-search-head 10.37....

by Communicator in

Reading vehicle network data ..

Hi i want to read vehicle data in Splunk.. Data is seen on vehice network like below: ID data length data-in-h...

by Explorer in

How should I implement a Splunk architecture on a 2 virtual machine, development environment?

Hi, we have to implement a Splunk architecture (for a development/test environment). We have 2 virtual devices, and w...

by New Member in

Deployment client is not indexing data to the Deployment server? (50 credit will be rewarder for the person who found the solution)

Hi the following were the splunkd.log messages in the deployment client. I don't know why it isn't showing any warnin...

by Builder in

How do I configure the Deployment Server to have a Universal Forwarder send logs to a specific index?

Hello everyone, I have in theory a very simple question. Hopefully this is as simple as I think it is. I have a de...

by Explorer in

An index was not prepared to ingest data, so I cannot see events from previous days. How do I fix this?

Hello, I forgot to have an index ready when I started to ingest data (log file with data from last week to present...

by Communicator in

In props.conf, why is BREAK_ONLY_BEFORE_DATE not properly line breaking my events?

My props.conf is like: BREAK_ONLY_BEFORE_DATE = true TIME_PREFIX = GMT TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3N MAX_DAY...

by New Member in

What do Splunk Ninjas think are the top three daily Splunk tasks in a large distributed environment?

Hello all, I am trying to build a workflow for our new Splunk product and want to know what top three regular dail...

by Path Finder in

How to edit my universal forwarder monitor stanza to index Active Directory server logs?

I am trying to monitor the Active Directory Server for logs. I have a universal forwarder installed on a Windows AD S...

by Explorer in

How to add modular data inputs using Splunk command line?

I am trying to install a TA from Splunk command line. Referring to http://docs.splunk.com/Documentation/Splunk/6.5.0/...

by Communicator in

How to alert when the last event in an index is older than 1 hour, and if any forwarder has not phoned home in the last hour?

Hello Splunkers. I'm working on 2 scenarios, and I'm sure you guys can help me. Scenario 1: We have about 15 in...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to add parallelIngestionPipelines to server.conf in an indexer cluster?

How to remove inner double quotes from json data??

Whats the best way to blacklist a Windows event code?

Splunk offline command and bucket replication

Why is the Distributed Management Console unable to find forwarders?

How to edit props.conf to line break a single line event into multiple lines?

Windows Server 2008R2 Splunk server not receiving Windows Event Logs from a Windows 7 PC with Universal Forwarder installed

Can a custom app send data to the indexer via memory?

Accidentally uploaded the same license on indexers and master node. How to resolve a "Duplicated license situation"?

Considerations for adjusting autoLBFrequency in outputs.conf

Why are my nearly identically-named log files not being indexed by Splunk?

Whats the best way to migrate /db from one drive to another?

What is the user-seed.conf file?

How can I improve the performance of Splunk monitoring hundreds of active files?

Forwarded events not indexed

Reading vehicle network data ..

How should I implement a Splunk architecture on a 2 virtual machine, development environment?

Deployment client is not indexing data to the Deployment server? (50 credit will be rewarder for the person who found the solution)

How do I configure the Deployment Server to have a Universal Forwarder send logs to a specific index?

An index was not prepared to ingest data, so I cannot see events from previous days. How do I fix this?

In props.conf, why is BREAK_ONLY_BEFORE_DATE not properly line breaking my events?

What do Splunk Ninjas think are the top three daily Splunk tasks in a large distributed environment?

How to edit my universal forwarder monitor stanza to index Active Directory server logs?

How to add modular data inputs using Splunk command line?

How to alert when the last event in an index is older than 1 hour, and if any forwarder has not phoned home in the last hour?

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Parsing Multimetric Logs

SC4S Syslog server update fails during download wi...

SplunkForwarder flooding splunkd.log with reconnec...

Event break multiline PowerShell Transcript Log

uberAgent

Getting Data In

Are you a member of the Splunk Community?

Discussions