Getting Data In

Community Activity

What is the size (in bytes) of various common IT data event sourcetypes I was wondering if anyone had a link to some web page that lists the sizes (in bytes) for various common IT data even... by maverick Splunk Employee in Getting Data In 10-03-2016 2 6	2	6
heterogenous sourcetype in log file I have a log file that has multiple sourcetypes or entries defined by a different format. Each entry in the log has ... by riotto Path Finder in Getting Data In 10-03-2016 0 7	0	7
What kind of log is this (from Proxy access logs) Hi all, I'm trying to identify what this is in my access logs: POST http://123.123.123.123/open/1 Followed by tho... by aaronnicoli Path Finder in Getting Data In 10-03-2016 0 2	0	2
universal forwarder delay - 8 minutes Any ideas why I am seeing an 8 minute delay in the UF -> Index data? The UF is monitoring a logfile that is consiste... by rewritex Contributor in Getting Data In 10-03-2016 0 2	0	2
How do I extract two different variations of a timestamp from the same sourcetype? For one of our syslog devices, some events that come through only contain the syslog datetime format, while there are... by dpanych Communicator in Getting Data In 10-03-2016 0 2	0	2
Parse IIS logs (structured data) on Universal Forwarder We are trying to parse or drop a number of fields on IIS Logs from our Exchange environment. I have done as much digg... by montgomeryam Path Finder in Getting Data In 10-03-2016 0 15	0	15
Why am I unable to start Splunk Universal Forwarder after installing on Isilon/Linux? Got the universal forwarder installed on my Isilon. (/opt/Splunk/splunkforwarder/) Trying to follow the directions to... by jasondillard74 New Member in Getting Data In 10-03-2016 0 4	0	4
REST API to push data into Splunk We are trying to push the application real time data into Splunk as part of code base, Do we have any REST API to pus... by dhavamanis Builder in Getting Data In 10-03-2016 0 2	0	2
how can i configure my search head to get the data from a heavy forwarder? I am aware of getting the data from an universal forwarder?. Can anyone explain me the process of getting data from a... by pavanae Builder in Getting Data In 10-03-2016 1 2	1	2
Monitor windows file using environment variable in the path Hi All, Can we specify environment variables of windows in the monitor stanza. For example like below: [monitor://%... by bharathkumarnec Contributor in Getting Data In 10-03-2016 1 2	1	2
How to store or index data from multiple clients that have multiple servers? Hello. First time I'm posting a question, and a relative new to Splunk so I apologize up front if this has already ... by makincerdas Explorer in Getting Data In 10-03-2016 0 9	0	9
Is there any risk in load balancing universal forwarder to an intermediate forwarder using a dedicated load balancer? Hello! Our setup consists of Universal Forwarders sending logs through a load balancer to Intermediate Forwarders th... by AlexCUbisoft New Member in Getting Data In 10-03-2016 0 2	0	2
Splunk Reading a File we didn't tell it to per LSOF All, I am trying to understand why Splunk it opening a file here. When I run LSOF I see Splunk looking at a rolle... by daniel333 Builder in Getting Data In 10-01-2016 0 1	0	1
Does a multiple IPs hostname trigger Forwarder round robin? When writing outputs.conf, setting several receivers to "server=" causes the forwarder to round robin through those r... by uchoa Engager in Getting Data In 10-01-2016 0 1	0	1
unable to read field names with space using mulikv From log file , i have mixed data some wher i have student data as below bla bla... bla blaa.. list of the student a... by kanalasreekanth New Member in Getting Data In 10-01-2016 0 1	0	1
How can I route data to specific indexers using a heavy forwarder? I have a universal forwarder that sends 2 source types to heavy forwarder successfully. i need this heavy forwarder t... by MAShawky Explorer in Getting Data In 09-30-2016 2 2	2	2
Failed Logons To Splunk Is there a way to search by failed logons to Splunk? I'd like to create an alert if a user attempts to logon but is ... by peasead Path Finder in Getting Data In 09-30-2016 0 3	0	3
Filter Client IP from IIS 7.5 Logs Hello, all. I would like to filter out a specific client IP address from my IIS logs. What would be the best appro... by rmsit Communicator in Getting Data In 09-30-2016 0 5	0	5
Is there a version of Splunk Universal Forwarder that is compatible with NT4? Hi folks, You'll have to excuse my memory lapse here - Splunk forwarder on NT4, installation of - I recall getting a... by sentiaglobal New Member in Getting Data In 09-30-2016 0 6	0	6
Getting too many destination ip addresses. Need to filter it down to 5 Trying to filter down to 5 search results for the dest section. index=threat_activity threat_match_field=src thre... by ecabrera81 New Member in Getting Data In 09-30-2016 0 4	0	4
Windows custom events logs not showing up in Splunk Hi , Below is custom event logs which I am configuring on windows forwarder but they are not showing up in Splunk. We... by yanivdutt Explorer in Getting Data In 09-30-2016 0 5	0	5
How Data cloning can be done through a heavy forwarder? I have a test environment(search head) in which there aren't any events. Now I want to do some data cloning and get s... by pavanae Builder in Getting Data In 09-29-2016 0 5	0	5
Timestamp Parsing in JSON Hi, Can anyone help me with best configurations for timestamp parsing (where "DateTime" is the actual time) for fol... by RichaSingh Path Finder in Getting Data In 09-29-2016 1 2	1	2
What is the best way to adjust the time value for incoming syslog events from a specific host I have a one host that has a time offset of +5 hours and would rewrite the timestamp to represent the local time zone... by ntaylorsplunk Explorer in Getting Data In 09-29-2016 0 3	0	3
Where is data input configuration information entered from Splunk Web stored? When I create a new data input (TCP port), where are these settings stored? I would have assumed it would be inputs.... by insidious New Member in Getting Data In 09-29-2016 0 2	0	2