Getting Data In

Community Activity

	Can forwarder be configured to monitor more than one folder on Windows servers? I installed and configured the forwarder on windows. in the monitoring folder, I have multiple folders. can the for... by btran Explorer in Getting Data In 09-22-2016 0 4	0	4
	How to modify my configuration of Splunk SSO with SAML and ADFS as the Identity Provider? I'm attempting to configure SSO for Splunk with ADFS as the IdP. I have mapped an Active Directory group to the admi... by justinb82 Engager in Getting Data In 09-22-2016 0 4	0	4
	Forwardeing and Indexing on an Heavy Forwarder Hi at all, I have a Splunk instance indexing some logs. I'd like to continue to use the server for its old job but, a... by gcusello SplunkTrust in Getting Data In 09-22-2016 0 12	0	12
	how do i get splunk to recognise timestamp of my log I have a time stamp logged into my my SNMP log like the below [6844 0502 083830508 SNMP] BAXSnmpSTTWorker::HandleSys... by deepthi5 Path Finder in Getting Data In 09-22-2016 0 4	0	4
	Use script to format file while uploading Hi, I have a python script which formats the json file and create a new file in another location. My splunk instance... by harshal_chakran Builder in Getting Data In 09-22-2016 0 2	0	2
	Why am I unable to use token authentication on a universal forwarder Hello the Splunk community I'm trying to use the token authentication between an indexer and a universal forwarder. ... by mvidal31 Engager in Getting Data In 09-21-2016 0 3	0	3
	Why am I unable to index contents of a text file being monitored by universal forwarder? Hi, We are trying to get DNS logs into Splunk. Logs are generated in a .txt file and the goal is to use Splunk Forwa... by att35 Builder in Getting Data In 09-21-2016 0 9	0	9
	How to configure srchFilter for a role to limit the results by indexer? I have a Splunk Enterprise setup, with a handful of main indexers and their own search head clusters, and a bunch of ... by brynsmith Explorer in Getting Data In 09-21-2016 0 6	0	6
	Would additional pipelines or better SAN help resolve high IO bandwidth on my indexers? Hi, I noticed that my io bandwidth is approaching 100% on my servers (though, my overall resources (cpu, mem) are fi... by a212830 Champion in Getting Data In 09-21-2016 0 8	0	8
	Can I use a Splunk forwarder to forward logs from one universal forwarder to particular folder of another universal forwarder? Hi, I have a use case to forward Application logs from one universal forwarder server to particular folder of anothe... by sravankaripe Communicator in Getting Data In 09-21-2016 0 4	0	4
	What is the best way to handle json data with nested arrays? I am having some trouble working with JSON events. I use Splunk Enterprise 6.4.1. I'm using KV_MODE=json in my pr... by lyndac Contributor in Getting Data In 09-21-2016 0 1	0	1
	Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers) In my use case, I need to forward logs from application servers to intermediate forwarders, then from the intermedia... by sravankaripe Communicator in Getting Data In 09-21-2016 0 1	0	1
	Why is Splunk 6.2.2 unable to search logs from my Linux server with the universal forwarder installed? Hello, I am having an issue with logs coming into my instance of Splunk Enterprise (version 6.2.2) through a Linux s... by Ealderiso Explorer in Getting Data In 09-21-2016 0 20	0	20
	How do I use syslogNG to replace Splunk TCP or UDP inputs? This is a question I have the answer to, I'm posting this answer because I spent a number of hours attempting to unde... by gjanders SplunkTrust in Getting Data In 09-20-2016 0 6	0	6
	How to log Watchguard into Splunk? Dear All, Could you share me some best practices how to send Watchguard firewall logs into Splunk and how to monitor... by calebra05 New Member in Getting Data In 09-20-2016 0 1	0	1
	How to edit my props.conf for proper line breaking of a large event by the ∑ character? I am having trouble with being able to properly line break an event like the following: Here are the props I am us... by LiquidTension Path Finder in Getting Data In 09-20-2016 0 2	0	2
	Importing Year/Month field I'm trying to import a csv format using splunk. The timestamp of log is in the format YYYY/MM. By default, splunk f... by bitfhacker New Member in Getting Data In 09-20-2016 0 3	0	3
	When trying to forward IIS logs from one indexer to another indexer, why is props.conf transform not working for the IIS stanza? From indexerA I am trying to forward Windows Event Logs and IIS Logs to indexerB. The Windows Event Logs are being fo... by jstacey_intuit Explorer in Getting Data In 09-20-2016 0 3	0	3
	Use of double qoutes in rex command arguments fails alerts in windows environment. Set up an alert with the search command: source="C:\test\data\log1.txt" \| rex v="(?.*)" \| head 10 the alert has never... by xli_splunk Splunk Employee in Getting Data In 09-20-2016 0 3	0	3
	Using Windows Powershell, how do I modify inputs.conf to only capture specific EventIDs? Hello, I am trying to only capture EventIDs 400 and 800 inside the Windows PowerShell log (not the PowerShell Opera... by adayton20 Contributor in Getting Data In 09-20-2016 0 4	0	4
	Indexing problem I tried to create a summary index for a search string. I scheduled the search, and enabled the index in the manager v... by xiaoyuew Path Finder in Getting Data In 09-20-2016 0 2	0	2
	How to attach a group read access to the Windows Eventlog when installing Splunk Universal Forwarder? We are trying to collect data from certain secure Windows Systems and the team have requested to install "Splunk Univ... by koshyk Super Champion in Getting Data In 09-19-2016 0 3	0	3
	How to send month old logs to Splunk via oneshot and maintain their correct timestamp if I currently have DATETIME_CONFIG=CURRENT in props.conf? Hello all, I've been indexing Infoblox DHCP and DNS queries for a couple of months now. Because of the amount of log... by janderson19 Path Finder in Getting Data In 09-19-2016 0 1	0	1
	Can I disable Splunk from indexing data for a specific time frame? I'm one overage away from violating my licenses due to an AV scan on my QA environments and would like to temporarily... by skoelpin SplunkTrust in Getting Data In 09-19-2016 0 6	0	6
	Why are files in a folder not getting deleted on the universal forwarder with move_policy=sinkhole in the inputs.conf batch stanza? I setup my universal forwarder to monitor a folder and send the contents to one of my indexers. That works great. ... by joeyblasko New Member in Getting Data In 09-19-2016 0 7	0	7

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Getting Data In

Can forwarder be configured to monitor more than one folder on Windows servers?

How to modify my configuration of Splunk SSO with SAML and ADFS as the Identity Provider?

Forwardeing and Indexing on an Heavy Forwarder

how do i get splunk to recognise timestamp of my log

Use script to format file while uploading

Why am I unable to use token authentication on a universal forwarder

Why am I unable to index contents of a text file being monitored by universal forwarder?

How to configure srchFilter for a role to limit the results by indexer?

Would additional pipelines or better SAN help resolve high IO bandwidth on my indexers?

Can I use a Splunk forwarder to forward logs from one universal forwarder to particular folder of another universal forwarder?

What is the best way to handle json data with nested arrays?

Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers)

Why is Splunk 6.2.2 unable to search logs from my Linux server with the universal forwarder installed?

How do I use syslogNG to replace Splunk TCP or UDP inputs?

How to log Watchguard into Splunk?

How to edit my props.conf for proper line breaking of a large event by the ∑ character?

Importing Year/Month field

When trying to forward IIS logs from one indexer to another indexer, why is props.conf transform not working for the IIS stanza?

Use of double qoutes in rex command arguments fails alerts in windows environment.

Using Windows Powershell, how do I modify inputs.conf to only capture specific EventIDs?

Indexing problem

How to attach a group read access to the Windows Eventlog when installing Splunk Universal Forwarder?

How to send month old logs to Splunk via oneshot and maintain their correct timestamp if I currently have DATETIME_CONFIG=CURRENT in props.conf?

Can I disable Splunk from indexing data for a specific time frame?

Why are files in a folder not getting deleted on the universal forwarder with move_policy=sinkhole in the inputs.conf batch stanza?

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation