Getting Data In

Community Activity

Why am I unable to use token authentication on a universal forwarder Hello the Splunk community I'm trying to use the token authentication between an indexer and a universal forwarder. ... by mvidal31 Engager in Getting Data In 09-21-2016 0 3	0	3
Why am I unable to index contents of a text file being monitored by universal forwarder? Hi, We are trying to get DNS logs into Splunk. Logs are generated in a .txt file and the goal is to use Splunk Forwa... by att35 Builder in Getting Data In 09-21-2016 0 9	0	9
How to configure srchFilter for a role to limit the results by indexer? I have a Splunk Enterprise setup, with a handful of main indexers and their own search head clusters, and a bunch of ... by brynsmith Explorer in Getting Data In 09-21-2016 0 6	0	6
Would additional pipelines or better SAN help resolve high IO bandwidth on my indexers? Hi, I noticed that my io bandwidth is approaching 100% on my servers (though, my overall resources (cpu, mem) are fi... by a212830 Champion in Getting Data In 09-21-2016 0 8	0	8
Can I use a Splunk forwarder to forward logs from one universal forwarder to particular folder of another universal forwarder? Hi, I have a use case to forward Application logs from one universal forwarder server to particular folder of anothe... by sravankaripe Communicator in Getting Data In 09-21-2016 0 4	0	4
What is the best way to handle json data with nested arrays? I am having some trouble working with JSON events. I use Splunk Enterprise 6.4.1. I'm using KV_MODE=json in my pr... by lyndac Contributor in Getting Data In 09-21-2016 0 1	0	1
Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers) In my use case, I need to forward logs from application servers to intermediate forwarders, then from the intermedia... by sravankaripe Communicator in Getting Data In 09-21-2016 0 1	0	1
Why is Splunk 6.2.2 unable to search logs from my Linux server with the universal forwarder installed? Hello, I am having an issue with logs coming into my instance of Splunk Enterprise (version 6.2.2) through a Linux s... by Ealderiso Explorer in Getting Data In 09-21-2016 0 20	0	20
How do I use syslogNG to replace Splunk TCP or UDP inputs? This is a question I have the answer to, I'm posting this answer because I spent a number of hours attempting to unde... by gjanders SplunkTrust in Getting Data In 09-20-2016 0 6	0	6
How to log Watchguard into Splunk? Dear All, Could you share me some best practices how to send Watchguard firewall logs into Splunk and how to monitor... by calebra05 New Member in Getting Data In 09-20-2016 0 1	0	1
How to edit my props.conf for proper line breaking of a large event by the ∑ character? I am having trouble with being able to properly line break an event like the following: Here are the props I am us... by LiquidTension Path Finder in Getting Data In 09-20-2016 0 2	0	2
Importing Year/Month field I'm trying to import a csv format using splunk. The timestamp of log is in the format YYYY/MM. By default, splunk f... by bitfhacker New Member in Getting Data In 09-20-2016 0 3	0	3
When trying to forward IIS logs from one indexer to another indexer, why is props.conf transform not working for the IIS stanza? From indexerA I am trying to forward Windows Event Logs and IIS Logs to indexerB. The Windows Event Logs are being fo... by jstacey_intuit Explorer in Getting Data In 09-20-2016 0 3	0	3
Use of double qoutes in rex command arguments fails alerts in windows environment. Set up an alert with the search command: source="C:\test\data\log1.txt" \| rex v="(?.*)" \| head 10 the alert has never... by xli_splunk Splunk Employee in Getting Data In 09-20-2016 0 3	0	3
Using Windows Powershell, how do I modify inputs.conf to only capture specific EventIDs? Hello, I am trying to only capture EventIDs 400 and 800 inside the Windows PowerShell log (not the PowerShell Opera... by adayton20 Contributor in Getting Data In 09-20-2016 0 4	0	4
Indexing problem I tried to create a summary index for a search string. I scheduled the search, and enabled the index in the manager v... by xiaoyuew Path Finder in Getting Data In 09-20-2016 0 2	0	2
How to attach a group read access to the Windows Eventlog when installing Splunk Universal Forwarder? We are trying to collect data from certain secure Windows Systems and the team have requested to install "Splunk Univ... by koshyk Super Champion in Getting Data In 09-19-2016 0 3	0	3
How to send month old logs to Splunk via oneshot and maintain their correct timestamp if I currently have DATETIME_CONFIG=CURRENT in props.conf? Hello all, I've been indexing Infoblox DHCP and DNS queries for a couple of months now. Because of the amount of log... by janderson19 Path Finder in Getting Data In 09-19-2016 0 1	0	1
Can I disable Splunk from indexing data for a specific time frame? I'm one overage away from violating my licenses due to an AV scan on my QA environments and would like to temporarily... by skoelpin SplunkTrust in Getting Data In 09-19-2016 0 6	0	6
Why are files in a folder not getting deleted on the universal forwarder with move_policy=sinkhole in the inputs.conf batch stanza? I setup my universal forwarder to monitor a folder and send the contents to one of my indexers. That works great. ... by joeyblasko New Member in Getting Data In 09-19-2016 0 7	0	7
new to splunk - need help with input.conf i am new to splunk that is already setup on our servers, my manager asked if i can edit the input.conf file so we can... by rsingh Explorer in Getting Data In 09-19-2016 0 4	0	4
Heavy Forwarder Configuration I am having some issues getting my heavy forwarder to forward events. The configuration I'm trying to achieve is as f... by conor_splunk Path Finder in Getting Data In 09-16-2016 1 4	1	4
How to set date & time stamps across two lines in xml where time was already picked up Hi Team Trying to ingest an xml file in the following raw format(extracted portion for sample but each event consist... by david_rea Explorer in Getting Data In 09-16-2016 0 13	0	13
Index data and then forward to another indexer Hi, we have and indexer that receive data from some Univ. Forwarder. Data are stored on different index (IndexA, Inde... by danielez68 Explorer in Getting Data In 09-16-2016 1 8	1	8
Splunk alert unable to trigger .bat file My Splunk alert unable to trigger any executable file. For instance, I have placed reader.bat file in Splunk scripts ... by ibob0304 Communicator in Getting Data In 09-16-2016 0 7	0	7

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

Getting Data In

Why am I unable to use token authentication on a universal forwarder

Why am I unable to index contents of a text file being monitored by universal forwarder?

How to configure srchFilter for a role to limit the results by indexer?

Would additional pipelines or better SAN help resolve high IO bandwidth on my indexers?

Can I use a Splunk forwarder to forward logs from one universal forwarder to particular folder of another universal forwarder?

What is the best way to handle json data with nested arrays?

Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers)

Why is Splunk 6.2.2 unable to search logs from my Linux server with the universal forwarder installed?

How do I use syslogNG to replace Splunk TCP or UDP inputs?

How to log Watchguard into Splunk?

How to edit my props.conf for proper line breaking of a large event by the ∑ character?

Importing Year/Month field

When trying to forward IIS logs from one indexer to another indexer, why is props.conf transform not working for the IIS stanza?

Use of double qoutes in rex command arguments fails alerts in windows environment.

Using Windows Powershell, how do I modify inputs.conf to only capture specific EventIDs?

Indexing problem

How to attach a group read access to the Windows Eventlog when installing Splunk Universal Forwarder?

How to send month old logs to Splunk via oneshot and maintain their correct timestamp if I currently have DATETIME_CONFIG=CURRENT in props.conf?

Can I disable Splunk from indexing data for a specific time frame?

Why are files in a folder not getting deleted on the universal forwarder with move_policy=sinkhole in the inputs.conf batch stanza?

new to splunk - need help with input.conf

Heavy Forwarder Configuration

How to set date & time stamps across two lines in xml where time was already picked up

Index data and then forward to another indexer

Splunk alert unable to trigger .bat file

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation