Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to edit my props.conf to linebreak a Simple XML log into multiple events?

Hi, I have been trying to implement a stanza to break a long line of XML into multiple events, but it is not funct...

by Path Finder in

How to parse and index a log file that contains multiple character set codes?

Hello, I want to index a log file that contains multiple character set codes and recognize the correct character s...

by Path Finder in

Splunk on RPI

Hi there, I have been looking into using the RaspberryPI (RPI) and splunk coupled with a SPAM port to monitor net...

by New Member in

How can I enable both Splunk server and Splunk Universal Forwarder at boot time?

Hi, I'm setting up a server with both splunk-server and splunk-universal-forwarder. When I try to enable the splun...

by New Member in

What should the sourcetype setting be for my sample log in order for Splunk to parse the timestamp?

<?xml version="1.0"?><Transmission xmlns="http://xxx.oracle.com/apps/xxx"><TransmissionHeader><Version>6.3.7</Version...

by Explorer in

How to map existing sourcetypes to CIM data models?

I have an environment with a large number of sourcetypes and would like to map those to the appropriate CIM data mode...

by Motivator in

How to configure Splunk on my Windows 2008 server?

i installed Splunk on my Windows 2008 server. i added the DNS name and IP to my DNS server but when i enter the DNS n...

by Explorer in

delete events that have a certain field empty?

here is the scenario: http://tinypic.com/r/1ax08/6 how can i delete the events for which the field is empty? th...

by New Member in

How to edit my configuration to add SSL on forwarders with self signed certificates?

I am working on adding SSL on forwarders with self signed certificates. Here is the /etc/system/local/outputs.conf...

by Path Finder in

How to edit my indexes.conf to configure an index to only retain data for 90 days?

Hi Team, I have created an index called "mysummary" for my Splunk app, and I want this index to store 90 days wort...

by Motivator in

How to limit mgmt port access to localhost only on Universal Forwarder or Heavy Forwarder

For security reasons we would like to disable the management port but unfortunately very neat debugging commands such...

by Path Finder in

How to edit my monitor stanza in inputs.conf on the deployment server to collect logs from our forwarders?

Hi All, I have a Splunk environment with deployment server and forwarders of nearly 200. In one of the deployment ...

by New Member in

Can I manualy create "_telemetry" index on older version indexer

My indexers are 6.2.3 I upgraded one of my searchheads to 6.5.1 to test my apps and it is trying to put data in the _...

by Motivator in

How can I exclude XML file headers from being indexed?

Hey Splunkers! I have some XML log files that I'm monitoring on a Windows 2003 server. I got my line/event breakin...

by Path Finder in

Can a Universal Forwarder be used to forward indexed data on a search head to an indexer?

Hello. I'm fairly new to Splunk and am working on configuring a Splunk infrastructure. If I have one search head serv...

by Engager in

Is it possible to have a custom REST endpoint that executes scripts on a universal forwarder?

Hi, Is it possible to have a custom REST endpoint that executes scripts on a universal forwarder?

by Champion in

How to monitor two files with different names in the same directory, and index all duplicate events on my receiver?

I have two different file names in the same directory on a forwarder. The problem is, the data for both files are the...

by New Member in

After deploying universal forwarders on Citrix hosts via master image, how to prevent all UF's from reporting the same hostname?

We have a master image controlling 10 Citrix XenApp hosts, We have deployed Splunk Universal Forwarders via master im...

by Explorer in

how to pass "fields" parameter in services/collector rest api?

Hello Experts, I am working on HEC rest api's /services/collector. Passing fields as given in the examples but gettin...

by New Member in

best practise: remote log servers

hi; we have 7 remote log servers which we are sending all of our logs from approximately 400 different servers(apa...

by Path Finder in

Getting Data In

Discussions

How to edit my props.conf to linebreak a Simple XML log into multiple events?

How to parse and index a log file that contains multiple character set codes?

Splunk on RPI

How can I enable both Splunk server and Splunk Universal Forwarder at boot time?

What should the sourcetype setting be for my sample log in order for Splunk to parse the timestamp?

How to map existing sourcetypes to CIM data models?

How to configure Splunk on my Windows 2008 server?

delete events that have a certain field empty?

How to edit my configuration to add SSL on forwarders with self signed certificates?

How to edit my indexes.conf to configure an index to only retain data for 90 days?

How to limit mgmt port access to localhost only on Universal Forwarder or Heavy Forwarder

How to edit my monitor stanza in inputs.conf on the deployment server to collect logs from our forwarders?

Can I manualy create "_telemetry" index on older version indexer

How can I exclude XML file headers from being indexed?

Can a Universal Forwarder be used to forward indexed data on a search head to an indexer?

Is it possible to have a custom REST endpoint that executes scripts on a universal forwarder?

How to monitor two files with different names in the same directory, and index all duplicate events on my receiver?

After deploying universal forwarders on Citrix hosts via master image, how to prevent all UF's from reporting the same hostname?

how to pass "fields" parameter in services/collector rest api?

best practise: remote log servers

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

How to monitor a CSV files which is placed in a N...

Should I remove /datamodel_summary on local drive ...

Archiving Best Practices for a Clustered Environme...

SignatureDoesNotMatch

Routing Metric events to null queue

Getting Data In

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>