Getting Data In

Discussions

Thread Info

How do we configure continuous collection and indexing of IIS logs from UNC?

I have an issue with IIS logs, being monitored by a Windows heavy forwarder through UNC path. When the forwarder serv...

by Contributor in

field value substitution props.conf

I would like to transform some date fields in my file when indexing: basically my file is a csv one and one line even...

by Path Finder in

How to configure Splunk to distinguish different types of logs from syslog and save them in different indexes on a Splunk Indexer?

I have just installed a Splunk App where the logs are from some appliances, so obviously they are sending syslog to o...

by New Member in

How to troubleshoot why our command to install a Splunk Forwarder via CLI for Windows Firewall is no longer working?

We have been running msiexec.exe /i "c:\SFTPRoot\splunkforwarder-x.x.x-xxxx-x64-release.msi" AGREETOLICENSE=Yes /quie...

by Communicator in

Quickest way to ensure data is coming in for a sourcetype across dozens of servers...

Hi, I have an app that creates lots of files (roll over at 50mb, about every 2-3 min during business hours), and h...

by Champion in

How to configure Splunk to use a field/column from a flat CSV file as the event timestamp?

Hello, We have a CSV file which is flat file. It has a column named 'RUNDATE' where the date is in '2016-04-20' fo...

by Communicator in

How to search for sources with a timestamp pattern

Hi, I want to search for a set of files that end in YYYYMMDD_HHMMSS_PID.log format and I want to search on files t...

by Champion in

Can Splunk index json from url on a schedule

I have a JSON feed that I would like to get into Splunk. It is not in a file, however. It is on a web server. Is it p...

by Builder in

Is it possible to route data to idle indexers ?

Hello, Recently, we've been experiencing full typing queues (blocked queues) in our Splunk deployment. As a result...

by Path Finder in

JSON timestamps not parsed via HTTP Event Collector

Here are some of the values I am using for my JSON source type: MAX_TIMESTAMP_LOOKAHEAD = 1000 (as we have long JS...

by Engager in

After configuring a limit on the forwarder's rate of thruput, why is the maxKBps setting still being exceeded?

I set up the limits.conf file as the following and save in the path /opt/splunkforwarder/etc/system/local/limits.conf...

by Explorer in

Distributed Management Console Setup: Do I still need to forward _internal data to search peers, or do I just add each instance as a search peer to the DMC?

Hi all, I am not sure if I understood how to set up the Distributed Management Console correctly. So I have t...

by Path Finder in

How to configure transforms to monitor only (2) EventCodes and filter out specific group service accounts from Windows security logs?

Using Splunk 6.4.1 I am trying to monitor the WinEventLog://Security; however, I only need to monitor two EventCodes ...

by Communicator in

Löschen von Events eines Jahres

Hallo ich möchte alle Events (zum Beispiel) des Jahres 2014 löschen. Verbunden mit einer Reduzierung des Platten...

by New Member in

How do I get data from my Cisco switch into Splunk?

I am new to Splunk. I have set it up on my server, set up an indexer, and set up the logging in my switch, but I have...

by New Member in

How to retrieve logs from Azure Active Directory?

Hi! I want to connect with Azure Active Directory and get its logs into Splunk. What is the procedure of doing th...

by Explorer in

How do I parse this XML output into splunk?

How do I parse this XML output into Splunk? <configResolveClass cookie="1465464629/12a64fe8-34d5-14d5-8038-86f9029...

by New Member in

Is there an easy way to disable indexing for a source instead of filtering to nullQueue?

There are some situations in which we know that a certain source is going to be creating a lot of garbage data since ...

by New Member in

Can we configure Splunk to not look inside archive files?

Hello, By default: Splunk Enterprise decompresses archive files before it indexes them. It can handle these common...

by Engager in

How to blacklist a single host for a single event?

I'm currently collecting Powershell event 4104 across all devices on the network and one sysadmin host has been found...

by Engager in

Splunk DB Connect 1: How to parse a dbquery search string to convert Unix timestamps to a readable format and create a timechart?

I have a string like this; | dbquery MYDATABASE "Select trunc(ph.x_rqst_date) bp_date,count(ph.objid) bpcount,ph.x...

by Engager in

How to Filter some row Input Data?

문의드립니다. 아래 샘플데이터 중에 2015-11-27 00:02:44.277013 INFO MM_01@06472 LINEDEV = 0 , EventDEV = 223 , EVENT = TDX_PLAY (0...

by Explorer in

Why is our 6.4.1 Windows universal forwarder not appearing in the list of hosts?

Good afternoon, I'm testing out Splunk. I have installed Splunk Light on a VM, and installed a few forwarders. The...

by Engager in

How to filter out messages to nullQueue that contain stringA, but keep messages that contain both stringB and stringA?

Hi, We are filtering messages from our Cisco ASA logs that contain Teardown and Buildup, but we recently wanted to...

by Path Finder in

How to change the time format before or while logs are being parsed?

I have a database log that comes in with a time stamp which is used by Splunk as the time stamp. However, I noticed t...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do we configure continuous collection and indexing of IIS logs from UNC?

field value substitution props.conf

How to configure Splunk to distinguish different types of logs from syslog and save them in different indexes on a Splunk Indexer?

How to troubleshoot why our command to install a Splunk Forwarder via CLI for Windows Firewall is no longer working?

Quickest way to ensure data is coming in for a sourcetype across dozens of servers...

How to configure Splunk to use a field/column from a flat CSV file as the event timestamp?

How to search for sources with a timestamp pattern

Can Splunk index json from url on a schedule

Is it possible to route data to idle indexers ?

JSON timestamps not parsed via HTTP Event Collector

After configuring a limit on the forwarder's rate of thruput, why is the maxKBps setting still being exceeded?

Distributed Management Console Setup: Do I still need to forward _internal data to search peers, or do I just add each instance as a search peer to the DMC?

How to configure transforms to monitor only (2) EventCodes and filter out specific group service accounts from Windows security logs?

Löschen von Events eines Jahres

How do I get data from my Cisco switch into Splunk?

How to retrieve logs from Azure Active Directory?

How do I parse this XML output into splunk?

Is there an easy way to disable indexing for a source instead of filtering to nullQueue?

Can we configure Splunk to not look inside archive files?

How to blacklist a single host for a single event?

Splunk DB Connect 1: How to parse a dbquery search string to convert Unix timestamps to a readable format and create a timechart?

How to Filter some row Input Data?

Why is our 6.4.1 Windows universal forwarder not appearing in the list of hosts?

How to filter out messages to nullQueue that contain stringA, but keep messages that contain both stringB and stringA?

How to change the time format before or while logs are being parsed?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Edge Processor Destination not showing up in Pipel...

Palo alto Strata logging service logs

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...