Getting Data In

Discussions

Thread Info

How do you get ServiceNow CI data indexed in Splunk?

The plugin pushes Splunk data into ServiceNow, but what I'm looking to do is push CI data from ServiceNow into Splunk...

by Engager in

After using outputcsv in a Splunk search, where is this CSV file located?

Hey Splunkers I'm new to Splunk and I'm having issues attempting to export a search results to a CSV file. <M...

by Path Finder in

Updating Splunk ServerClass Whitelist

Hey Everyone, Pretty sure this is a relatively easy problem to solve.. and it just has to do with my lack of REST ...

by Engager in

How to filter out audit id field from Brightmail logs in Splunk?

Hi Splunkers: I have an issue filtering out a field called Audit ID. Each email is assigned this number as it pass...

by Explorer in

Splunk Light Trial Cloud Service: Unable to get universal forwarder credentials file. "No information of this type is associated with this XML file."

Hello, I tested Splunk Light Trial version and this trial version is on Cloud service. So I don't have a choice,...

by New Member in

Multiple Fields with Same Name

I am importing AD data which can contain multiple Organizational Units (OU). Splunk only creates a field for the firs...

by Path Finder in

splunk changes not reflecting

I configured my server logs in splunk. When I saw the logs in splunk I realized I set up some wrong properties in pro...

by Path Finder in

Lost data after indexers had to rebuild in an indexer cluster. Is there a way to recover this?

I had to rebuild my two slave indexers, but the master is still intact. However, I lost all data prior to the rebuild...

by Communicator in

How to troubleshoot why I am not receiving data for two sources I created on a universal forwarder?

I have one forwarder that is working for 6+ sources. I created two sources today and no data is showing up. If I d...

by Explorer in

Generate SNMP trap from Splunk

I have a requirement to generate an SNMP trap and forward it to a monitoring tool whenever a particular log message i...

by Engager in

Splunk as a syslog server

Can Splunk be used as a syslog server receiving syslog messages directly from a firewall or is a separate syslog serv...

by Explorer in

How to assign a Splunk status result to a variable in a script?

hello I am working on a script for running Splunk. I want to check status of Splunk and assign the result of t...

by Path Finder in

Error encountered for connection from src=10.100.100.137:48221. Local side shutting down

I'm seeing this error in a heavy forwarder, but I couldn't find any information as to what it could mean. 07-26-20...

by Explorer in

Is there any negative impact deleting the .bundle files and files under /opt/splunk/var/run/searchpeers?

Hi all , Recently we had an issue with /opt as it is consuming 100% memory. We have gone through and checked .bund...

by Explorer in

What settings do we have to change to improve Splunk forwarder memory usage?

Hello , We have problem with Splunk forwarder usage. Will limiting the maxkbps=0 increase the speed of CPU usage ...

by Explorer in

Generating props.conf and transforms.conf from Splunk web

Hi all Since I'm quite new at this, I was wondering is it possible (on Windows) to generate props.conf and transfo...

by New Member in

Splunk Enterprise: index-time parsing configuration creating/ editing of "props.conf"

Hello, Based on Splunk recommendation the best path for this file"props.conf" is: $SPLUNK_HOME/etc/system/local If...

by New Member in

problems with time stamp extraction

I have been given a log file to ingest into Splunk as part of a Lab exercise, but Splunk it not extracting the time a...

by Splunk Employee in

Best way to get Symantec AV data - (reworking an old instance of Splunk)

Hello, I am new to Splunk and was recently given our organization's old Splunk project. Long story, but basically ...

by Explorer in

Collecting Windows eventlogs with whitelist based on word

Hi I need to collect all Windows security logs from my infrastructure with Splunk UF installed which include speci...

by Path Finder in

Taking over an old Splunk deployment, how should I get data forwarded to our Splunk indexer?

Hello, As I've said in a previous post, I am new to Splunk so please excuse the newb questions. I have been tas...

by Explorer in

Windows Forwarder - Unable to rotate/delete log file. Handle open by splunkd.exe?

Has anyone run into this before? I'm unable to rotate logs due to files being opened by the forwarder. The files have...

by Communicator in

Why are we missing data in Splunk after rsyslog?

Hello, I am missing data in my current setup (about 20 to 30%). Instance A is sending data to Instance B on por...

by Explorer in

Feroda logs

Hello. Does anyone have experience with what is reflected in the subject question (Journalctl logs)? I must copy...

by Communicator in

Restarting a universal forwarder on AIX, why do I get error "ulimit - Splunk may not work due to small data segment/resident memory limit"?

Hi, I get the following error when I restart our universal forwarder for AIX, 05-24-2016 18:06:26.872 +0800 I...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do you get ServiceNow CI data indexed in Splunk?

After using outputcsv in a Splunk search, where is this CSV file located?

Updating Splunk ServerClass Whitelist

How to filter out audit id field from Brightmail logs in Splunk?

Splunk Light Trial Cloud Service: Unable to get universal forwarder credentials file. "No information of this type is associated with this XML file."

Multiple Fields with Same Name

splunk changes not reflecting

Lost data after indexers had to rebuild in an indexer cluster. Is there a way to recover this?

How to troubleshoot why I am not receiving data for two sources I created on a universal forwarder?

Generate SNMP trap from Splunk

Splunk as a syslog server

How to assign a Splunk status result to a variable in a script?

Error encountered for connection from src=10.100.100.137:48221. Local side shutting down

Is there any negative impact deleting the .bundle files and files under /opt/splunk/var/run/searchpeers?

What settings do we have to change to improve Splunk forwarder memory usage?

Generating props.conf and transforms.conf from Splunk web

Splunk Enterprise: index-time parsing configuration creating/ editing of "props.conf"

problems with time stamp extraction

Best way to get Symantec AV data - (reworking an old instance of Splunk)

Collecting Windows eventlogs with whitelist based on word

Taking over an old Splunk deployment, how should I get data forwarded to our Splunk indexer?

Windows Forwarder - Unable to rotate/delete log file. Handle open by splunkd.exe?

Why are we missing data in Splunk after rsyslog?

Feroda logs

Restarting a universal forwarder on AIX, why do I get error "ulimit - Splunk may not work due to small data segment/resident memory limit"?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!

DB Connect SQL Procedures

Possible lineabreaker issue with lastlog in Splunk...

Splunk HF Stops Receiving Fortigate WAF Logs via S...

_TCP_ROUTING with clustered indexers system logs

JSON Data extraction issues with Comma