Getting Data In

Community Activity

Windows Event Logs stop forwarding - why? I have Splunk forwarder installed on many Windows 2008 systems, and recently, the Windows Event logs stopped showing ... by cpenkert Path Finder in Getting Data In 08-30-2016 0 5	0	5
How to configure Splunk to break my sample log data into separate events, not one combined event? Hi, I have the below log data: 16:37:56.875 [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-... by dbcase Motivator in Getting Data In 08-30-2016 0 4	0	4
Search for users who have triggered multiple Windows Event Codes I am looking for a way to show users who have matched three separate Windows Security Event Codes IE user X has (Eve... by trevorQmulos New Member in Getting Data In 08-30-2016 0 2	0	2
What are best practices with creating indexes and sourcetypes for two distinct sources of unstructured data from the same application? Hi all, I couldn't find any definitive answers, so I'm hoping that the forum members' real life experiences may poin... by markwymer Path Finder in Getting Data In 08-30-2016 0 2	0	2
How to filter out the first 2 lines of an event? I have a VB script to get Local users from Admin group. The event data from this script by default adds the below 2 l... by shan_santosh Explorer in Getting Data In 08-30-2016 0 2	0	2
Why are my Catalina logs not line breaking as expected when I set up a directory monitor in inputs.conf? Hello, I'm trying to get some Tomcat Catalina logs to import correctly. Manually importing the files works fine, b... by user12345a_2 Explorer in Getting Data In 08-30-2016 0 4	0	4
I have events that I need to split out according to an suffixed number on the end of the field names and then summarized with other events for the same Flow Name. All of the fields ending in _1 need to be reported together, then all those ending in _2, etc. The number of suffixe... by pxs0514 Explorer in Getting Data In 08-30-2016 0 1	0	1
Trying to get SNMP data into Splunk, why am I getting error "A possible timestamp match is outside of the acceptable time window"? I have followed the following links for getting SNMP Data into Splunk: http://blogs.splunk.com/2013/11/06/adventures... by jgcsco Path Finder in Getting Data In 08-29-2016 0 2	0	2
Is it normal to have both sourcetype UDP:514 and sourcetype syslog? Hello, My colleague configured 1 heavy forwarder and I configured the other 2. In my Splunk, I see both sourcetype U... by jgorman_THG Explorer in Getting Data In 08-29-2016 0 1	0	1
Why do I get "Invalid key in stanza [tcp-ssl://:1470] ... connection_host=dns your indexes and inputs are not internally consistent"? Hello, Our /opt/splunk/etc/apps/search/local/inputs.conf file on our forwarder contains: [tcp-ssl://:1470] connecti... by msantich Path Finder in Getting Data In 08-29-2016 0 6	0	6
inputcsv returning no results All, I am trying to read a csv file using the inputcsv command. I can't seem to figure out why, but the command isn... by bruceclarke Contributor in Getting Data In 08-29-2016 1 6	1	6
In props.conf what does each term means?? INDEXED_EXTRACTIONS = csv NO_BINARY_CHECK = true category = Custom pulldown_type = 1 config = props by vivek_manoj Explorer in Getting Data In 08-29-2016 0 3	0	3
precedence in outputs.conf on heavy forwarders I have 2 heavy forwarders that forward to 2 peer indexers their config is identical like so : [tcpout] defaultGroup=... by Esky73 Builder in Getting Data In 08-28-2016 0 1	0	1
Splunk learned app should stop learning / too_small / dispatch.evaluate I defined a new input folder that receives gzipped server logs from a scp copy job on our servers. inputs.conf [mo... by FRoth Contributor in Getting Data In 08-28-2016 1 2	1	2
How can we identify forwarders which are not connected to certain indexers? The DMC shows us the following - It shows the connected forwarders to the four indexers, the yellow line is actua... by ddrillic Ultra Champion in Getting Data In 08-28-2016 0 2	0	2
Splunk forwarder throughput to indexer doesn't improve even after giving unlimited bandwidth maxKbps=0 Splunk heavy forwarder throughput to indexer doesn't improve even after giving unlimited bandwidth maxKbps=0 , it's o... by rajakannan Engager in Getting Data In 08-28-2016 0 2	0	2
How come some data returns after doing pipe delete and a restart of indexers? We're having issues when we delete some data (with \|delete) and after an indexer restarts in the clustered environmen... by dpanych Communicator in Getting Data In 08-26-2016 1 8	1	8
All indexed data from earlier than yesterday disappeared. I was hoping someone could help me here. We had been ingesting data to an index just fine for weeks, Then all of the... by Cuyose Builder in Getting Data In 08-26-2016 0 1	0	1
How to purge old syslog events in Splunk? I can't for the life of me figure out how to purge old syslog entries in Splunk. Tech details: My 1st time using Spl... by benbeard New Member in Getting Data In 08-26-2016 0 1	0	1
How to get DHCP scope information in DHCP logs into Splunk? Hi How can I get the DHCP scope information in DHCP logs, or is there way to get that information into Splunk and co... by kiran331 Builder in Getting Data In 08-26-2016 1 3	1	3
Send logs to multiple splunk servers using splunk forwarder 6.2.2.25 Hello All, I need to send logs to a new separate splunk server, I read about data cloning and followed the document ... by suhailpuri Engager in Getting Data In 08-26-2016 1 1	1	1
[RESOLVED] Is there a way to modify input script arguments through a setup screen (setup.xml)? Hello all, I read some docs about how to set up a screen to allow my user to customize the inputs.conf of the applic... by Estrellia Explorer in Getting Data In 08-26-2016 0 4	0	4
_time or time not being populated correctly from a CSV file Having issues getting time right. My time is currently being populated by file creation time & not the 2nd column of... by clintla Contributor in Getting Data In 08-25-2016 1 1	1	1
How to uninstall Splunk Universal Forwarder from Linux I have installed the universal forwarder on a linux machine. How can I uninstall it? I install the forwarder just by... by bento_prod Explorer in Getting Data In 08-25-2016 0 2	0	2
What is the impact if a Splunk forwarder loses communication with the indexer? Hello, Can you please elaborate about the Forwarder/Indexer communication? As I understand the communication is real... by iurie_tuluc Engager in Getting Data In 08-25-2016 1 2	1	2

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Getting Data In

Windows Event Logs stop forwarding - why?

How to configure Splunk to break my sample log data into separate events, not one combined event?

Search for users who have triggered multiple Windows Event Codes

What are best practices with creating indexes and sourcetypes for two distinct sources of unstructured data from the same application?

How to filter out the first 2 lines of an event?

Why are my Catalina logs not line breaking as expected when I set up a directory monitor in inputs.conf?

I have events that I need to split out according to an suffixed number on the end of the field names and then summarized with other events for the same Flow Name.

Trying to get SNMP data into Splunk, why am I getting error "A possible timestamp match is outside of the acceptable time window"?

Is it normal to have both sourcetype UDP:514 and sourcetype syslog?

Why do I get "Invalid key in stanza [tcp-ssl://:1470] ... connection_host=dns your indexes and inputs are not internally consistent"?

inputcsv returning no results

In props.conf what does each term means??

precedence in outputs.conf on heavy forwarders

Splunk learned app should stop learning / too_small / dispatch.evaluate

How can we identify forwarders which are not connected to certain indexers?

Splunk forwarder throughput to indexer doesn't improve even after giving unlimited bandwidth maxKbps=0

How come some data returns after doing pipe delete and a restart of indexers?

All indexed data from earlier than yesterday disappeared.

How to purge old syslog events in Splunk?

How to get DHCP scope information in DHCP logs into Splunk?

Send logs to multiple splunk servers using splunk forwarder 6.2.2.25

[RESOLVED] Is there a way to modify input script arguments through a setup screen (setup.xml)?

_time or time not being populated correctly from a CSV file

How to uninstall Splunk Universal Forwarder from Linux

What is the impact if a Splunk forwarder loses communication with the indexer?

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation