Getting Data In

Community Activity

How do I do both filtering and grouping on a timechart? My Splunk server is being forwarded events from a remote Windows machine. Those events correspond to device connectio... by np75014 Explorer in Getting Data In 10-05-2016 1 4	1	4
How to set Source equal to filename in input.conf? There are a lot of documentation on how to set Host equal to filename or directory name, however i couldn't find anyt... by moaf13 Path Finder in Getting Data In 10-05-2016 0 4	0	4
Problem: Unable to send cooked data to two different Indexer ports Hello Experts, I have an issue where I am unable to send cooked data to two different Indexer ports. My flow of tra... by splunk_kk Path Finder in Getting Data In 10-04-2016 0 4	0	4
learn splunk rest interface I have tried multiple time to get my hands around this API. I have read through the tutorials multiple times and ... by cevyn Explorer in Getting Data In 10-04-2016 0 3	0	3
where can i see in the splunk internal logs when a forwarder successfully started forwarding the data? Is there any specific search that i can pull out the connection established time and date? by pavanae Builder in Getting Data In 10-04-2016 0 1	0	1
getting errors from my splunk logs on monitor PC Error 1 - ERROR TcpOutputFd - Read error. An established connection was aborted by the software in your host machine.... by rsingh Explorer in Getting Data In 10-04-2016 0 10	0	10
Extract Hostname using inputs.conf Hi, I have the below event and I'd like to extract the hostname (ccivirpxa0720) using inputs.conf (never have done t... by dbcase Motivator in Getting Data In 10-04-2016 0 2	0	2
Splunk Universal Forwarder for "WindowsStorageServer2012R2" Can Splunk Universal Forwarder be installed on WindowsStorageServer2012R2 ? Is Installer for WindowsStorageServer dif... by yamashitaysy New Member in Getting Data In 10-04-2016 0 1	0	1
How to Edit saved search using Splunk REST ? I want to edit the search of a Saved Search Report using REST in Python without any other change. But when i am using... by sagrl Explorer in Getting Data In 10-04-2016 0 1	0	1
how to collect log I install splunk in my windows server 2008, collecting log from windows working fine. I need some help to collect log... by priyohw Explorer in Getting Data In 10-04-2016 0 5	0	5
Splunk shows duplicate events in search results when there are no duplicates in the source file. When I run a search in Splunk, the results show some duplicate events. I have checked the source file and the events... by wpreston Motivator in Getting Data In 10-03-2016 1 5	1	5
What is the size (in bytes) of various common IT data event sourcetypes I was wondering if anyone had a link to some web page that lists the sizes (in bytes) for various common IT data even... by maverick Splunk Employee in Getting Data In 10-03-2016 2 6	2	6
heterogenous sourcetype in log file I have a log file that has multiple sourcetypes or entries defined by a different format. Each entry in the log has ... by riotto Path Finder in Getting Data In 10-03-2016 0 7	0	7
What kind of log is this (from Proxy access logs) Hi all, I'm trying to identify what this is in my access logs: POST http://123.123.123.123/open/1 Followed by tho... by aaronnicoli Path Finder in Getting Data In 10-03-2016 0 2	0	2
universal forwarder delay - 8 minutes Any ideas why I am seeing an 8 minute delay in the UF -> Index data? The UF is monitoring a logfile that is consiste... by rewritex Contributor in Getting Data In 10-03-2016 0 2	0	2
How do I extract two different variations of a timestamp from the same sourcetype? For one of our syslog devices, some events that come through only contain the syslog datetime format, while there are... by dpanych Communicator in Getting Data In 10-03-2016 0 2	0	2
Parse IIS logs (structured data) on Universal Forwarder We are trying to parse or drop a number of fields on IIS Logs from our Exchange environment. I have done as much digg... by montgomeryam Path Finder in Getting Data In 10-03-2016 0 15	0	15
Why am I unable to start Splunk Universal Forwarder after installing on Isilon/Linux? Got the universal forwarder installed on my Isilon. (/opt/Splunk/splunkforwarder/) Trying to follow the directions to... by jasondillard74 New Member in Getting Data In 10-03-2016 0 4	0	4
REST API to push data into Splunk We are trying to push the application real time data into Splunk as part of code base, Do we have any REST API to pus... by dhavamanis Builder in Getting Data In 10-03-2016 0 2	0	2
how can i configure my search head to get the data from a heavy forwarder? I am aware of getting the data from an universal forwarder?. Can anyone explain me the process of getting data from a... by pavanae Builder in Getting Data In 10-03-2016 1 2	1	2
Monitor windows file using environment variable in the path Hi All, Can we specify environment variables of windows in the monitor stanza. For example like below: [monitor://%... by bharathkumarnec Contributor in Getting Data In 10-03-2016 1 2	1	2
How to store or index data from multiple clients that have multiple servers? Hello. First time I'm posting a question, and a relative new to Splunk so I apologize up front if this has already ... by makincerdas Explorer in Getting Data In 10-03-2016 0 9	0	9
Is there any risk in load balancing universal forwarder to an intermediate forwarder using a dedicated load balancer? Hello! Our setup consists of Universal Forwarders sending logs through a load balancer to Intermediate Forwarders th... by AlexCUbisoft New Member in Getting Data In 10-03-2016 0 2	0	2
Splunk Reading a File we didn't tell it to per LSOF All, I am trying to understand why Splunk it opening a file here. When I run LSOF I see Splunk looking at a rolle... by daniel333 Builder in Getting Data In 10-01-2016 0 1	0	1
Does a multiple IPs hostname trigger Forwarder round robin? When writing outputs.conf, setting several receivers to "server=" causes the forwarder to round robin through those r... by uchoa Engager in Getting Data In 10-01-2016 0 1	0	1