Getting Data In

Community Activity

How to change the the truncating limit in the props.conf file for a scripted input? I have in the input.conf as an example a scripted input on the server where the Splunk Universal Forwarder is install... by rfc360 New Member in Getting Data In 11-02-2016 0 7	0	7
How to resolve an "Invalid key in stanza [WMI:Patching]" error that occurs after defining a WMI input on universal forwarder? I have a WMI Input defined on a universal forwarder and I get the following error while starting Splunk, and of cours... by FritzWittwer_ol Contributor in Getting Data In 11-02-2016 0 3	0	3
Is there a reason to set max index size if you have appropriately sized retention periods? I've always been very careful in setting my indexes sizes to be something along the lines of 1.1* <peak indexed volu... by j4adam Communicator in Getting Data In 11-02-2016 0 1	0	1
Reindex entire file when file is updated. I have already read this older thread on the subject -> : http://splunk-base.splunk.com/answers/5426/entire-file-cont... by Lucas_K Motivator in Getting Data In 11-01-2016 3 9	3	9
Modular Input Scripts Don't Die during Splunk restart I have written two Modular Inputs for Splunk. Both exhibit the same behavior. Steps to reproduce: Issue "splunk re... by alacercogitatus SplunkTrust in Getting Data In 11-01-2016 0 10	0	10
Why does AWS CloudWatch stop receiving events with the error "400 Bad Request {u'message': u'Rate exceeded', u'__type': u'ThrottlingException'}"? We have configured large number of CloudWatch log groups as a separate input in our heavy forwarder. We have noticed ... by sylim_splunk Splunk Employee in Getting Data In 11-01-2016 1 2	1	2
How do I configure line breaking in props.conf for my sample log file? Would like the events to be split after ) --[End]--------------------$ (0x03000000:NameValue)urn:hl7-org:v2xml:Rem... by myorkows Explorer in Getting Data In 11-01-2016 0 7	0	7
Thread count of splunk keeps on changing in linux? Hi, I am trying to find the subthread_count of logfiles of splunk on linux by command ps -eLo user=\|sort\|uniq -c > s... by Deepali529 Explorer in Getting Data In 11-01-2016 0 1	0	1
If syslogs are sent to multiple forwarders, would the syslogs be duplicated in an indexer cluster? I have multiple forwarders and an indexer cluster. If the syslogs source devices were to send syslogs to both forward... by JohnTelus New Member in Getting Data In 11-01-2016 0 3	0	3
What is the best way to display a payload with line breaks for better readability in Splunk Web? I want to display the payload with line breaks for better readability on Splunk Web. Splunk receives the payload a... by ram_85 Explorer in Getting Data In 11-01-2016 0 4	0	4
How to get a Windows user prompt to appear on a client machine using Powershell from a Deployment Server app? I have a deployment server app that makes changes on the target client. Part of the process requires closing another ... by rjthibod Champion in Getting Data In 11-01-2016 0 17	0	17
How to configure Splunk to properly parse logs that contain one or more values with double quotes? Hello Splunk community, Currently I am doing research as an intern at a government agency if their Windows services ... by msboers Engager in Getting Data In 11-01-2016 0 6	0	6
Why do I get this error when configuring the universal forwarder: SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed? Hi, I am installing the universal forwarder (6.2) on redhat. I am running into several issues with the SSL setup. I ... by wouterr Explorer in Getting Data In 11-01-2016 1 5	1	5
Why are my sourcetypes constantly changing, and how do I prevent this? I have a small LAN with a couple dozen servers all running Solaris. They are sending into a single instance of Splunk... by Michael Contributor in Getting Data In 10-31-2016 0 4	0	4
Deployment Server flooded with SSL handshake errors from forwarders. How to configure forwarders to use TLS 1.2 We've recently locked down everything to use TLS 1.2 and I think i've fixed just about everything, however, my deploy... by johnpof Path Finder in Getting Data In 10-30-2016 0 3	0	3
What is the best way to index old data with fixed dates? Hi all. I have a set of logs without a timestamp field, so, this value is taken from "Current time" on each sourcety... by changux Builder in Getting Data In 10-30-2016 0 14	0	14
Why are we not seeing expected behavior for maxTotalDataSizeMB in indexes.conf? I'm seeing a sudden spike in data coming from our firewalls (edge and internal). On average an increase of 202% daily... by Admiral_Marith Explorer in Getting Data In 10-29-2016 0 3	0	3
Why is copy-truncate a low-quality log-rotation strategy? I've been told that the copy-truncate pattern is a poor choice for log rotation, and that it should only be used when... by jrodman Splunk Employee in Getting Data In 10-29-2016 6 5	6	5
Log rotation best practices We have a couple of files, that are rotated by copying and then truncating the original file (so no new inode is crea... by chris Motivator in Getting Data In 10-29-2016 4 8	4	8
How can we improve universal forwarder performance? Hi, We have a proxy server where multiple log files get uploaded. The average is about 15 million events per day. C... by dbcase Motivator in Getting Data In 10-28-2016 0 4	0	4
How can I define props.conf with respective source types? i have text file with some data below. how can i define my props.conf file with respective sourcetypes? file 1 of so... by sravankaripe Communicator in Getting Data In 10-28-2016 0 2	0	2
How to edit my inputs.conf to whitelist selected events from Windows Security logs? Hello I have to get only the selected events from Windows Security logs, so I have added the whitelist in inputs.con... by kiran331 Builder in Getting Data In 10-28-2016 1 2	1	2
How to edit my monitor stanza with wildcards to monitor a file with subfolders? I need help with setting these wild cards, it seems like Splunk is not picking up the file in the sub folders. Logs a... by sbattista09 Contributor in Getting Data In 10-28-2016 0 3	0	3
Why is c# logging to HTTP Event Collector not working? I am trying to send events from my Windows server .NET app to Splunk index via HTTP Event Collector. I was able to s... by rvencu Path Finder in Getting Data In 10-28-2016 1 4	1	4
How to split a log into multiple sourcetypes on a heavy forwarder? Hi, I seem to be struggling in splitting log data from the heavy forwarder into several sourcetypes in an index. I h... by cdstealer Contributor in Getting Data In 10-28-2016 0 8	0	8

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Getting Data In

How to change the the truncating limit in the props.conf file for a scripted input?

How to resolve an "Invalid key in stanza [WMI:Patching]" error that occurs after defining a WMI input on universal forwarder?

Is there a reason to set max index size if you have appropriately sized retention periods?

Reindex entire file when file is updated.

Modular Input Scripts Don't Die during Splunk restart

Why does AWS CloudWatch stop receiving events with the error "400 Bad Request {u'message': u'Rate exceeded', u'__type': u'ThrottlingException'}"?

How do I configure line breaking in props.conf for my sample log file?

Thread count of splunk keeps on changing in linux?

If syslogs are sent to multiple forwarders, would the syslogs be duplicated in an indexer cluster?

What is the best way to display a payload with line breaks for better readability in Splunk Web?

How to get a Windows user prompt to appear on a client machine using Powershell from a Deployment Server app?

How to configure Splunk to properly parse logs that contain one or more values with double quotes?

Why do I get this error when configuring the universal forwarder: SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed?

Why are my sourcetypes constantly changing, and how do I prevent this?

Deployment Server flooded with SSL handshake errors from forwarders. How to configure forwarders to use TLS 1.2

What is the best way to index old data with fixed dates?

Why are we not seeing expected behavior for maxTotalDataSizeMB in indexes.conf?

Why is copy-truncate a low-quality log-rotation strategy?

Log rotation best practices

How can we improve universal forwarder performance?

How can I define props.conf with respective source types?

How to edit my inputs.conf to whitelist selected events from Windows Security logs?

How to edit my monitor stanza with wildcards to monitor a file with subfolders?

Why is c# logging to HTTP Event Collector not working?

How to split a log into multiple sourcetypes on a heavy forwarder?

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation