Getting Data In

Discussions

Thread Info

sourcetype is not listing

i have taken a backup of my app and uploaded in another splunk instance(free license). when i am ttrying to add datai...

by Builder in

What are recommendations for our current file monitoring setup?

My setup looks like this: syslog collector with UF -> HF -> Index cluster File input in a directory on the syslog ...

by Path Finder in

Filter a syslog to only a couple fields, make into a report

Pardon my brand-newness to Splunk, please. I just installed it.  We have a Sourcefire unit that we would like to ...

by New Member in

How do I setup TCP ROUTING when using an intermediate forwarder

I have some sourcetypes that I'd like to go to two indexing destinations. Universal Forwarder: (inputs.conf) [m...

by Contributor in

How to configure a universal forwarder to forward 2 syslogs from 1 IP address to 2 different indexes?

Hi, I have a Linux server and the syslog is functional. Here is UF config (inputs.conf) : [udp://xx.xx.xx.140:514]...

by Path Finder in

How to update only the inputs.conf blacklist stanza on a universal forwarder with a deployment server?

Have a myriad of webservers in a webfarm where I need to blacklist certain eventIDs/Types (from time to time) to pres...

by Explorer in

Is it possible to configure cloning AND autoLB simultaneously?

I have a light forwarder sending data to my indexer. I'm bringing two new Splunk indexers online and want to use auto...

by Champion in

How to re-index the deleted data in splunk.

I indexed some data into splunk by .csv file, but there is some problem with it. So I removed them by "|delete" comma...

by Engager in

How to blacklist or whitelist logs monitored in a Windows directory?

Hi I have to monitor a specific folder in a certain directory For example my path is G:\opdata\my_data\motherfolde...

by Contributor in

What do you look for, and how, to ensure initial log data quality (including field extractions) and ensure it is ongoing?

Hello, So I am pulling together a checklist of things to ensure initial and ongoing log data quality. This is obvi...

by Path Finder in

Can a Search Head be an Indexer as well in a distributed search environment?

I have 2 Splunk Test Servers. I had one as an indexer and one as the search Head. But, we are needing to restore a si...

by Explorer in

Can Windows Events and pcap files can be loaded into Splunk

Does anyone know if Splunk can import Microsoft Event files or cap, pacp, pcapng files from programs like Wireshark, ...

by Explorer in

Deployed Inputs.conf Doesn't Work but system/local does?

Looking for a little help after fooling around with this for awhile. I have several forwarders on Windows and a Windo...

by Path Finder in

Why are report table columns not rendered properly when exporting to PDF or CSV?

Hello, I have a report in table format that I have created and saved. This has the columns that I find useful with...

by Explorer in

Source Type IIS not identifying fields

I am using Splunk Universal Forwarder to monitor IIS logfiles and send to Splunk Server. All of the fields are gettin...

by Engager in

Cannot find bundles for search peer

Hi, I'm deployed a single-site cluster with Master Node, Search Head and two Indexer. The architecture works fine,...

by Explorer in

preserve host name when using a kiwi server to collect logs

We have non-windows devices sending their syslog information to a Kiwi server that is hosted on a windows box. The ki...

by Communicator in

Why am I unable to add a currently running standalone indexer to an indexer cluster using the cluster master?

Having a problem joining an indexer already in use to my cluster. This indexer is currently running as a standalone i...

by Splunk Employee in

how Join two search in one table?

I need to make a search that can list the different IP (On occasions the ip will not be in the previous month but in ...

by Explorer in

Is there anyway to enable a deployment server on an existing Splunk instance without having to reinstall indexers and forwarders?

We already have Splunk deployed, (indexer, w/ light forwarders)... The reason for this question is that we've had ...

by Explorer in

Getting Data In

Discussions

sourcetype is not listing

What are recommendations for our current file monitoring setup?

Filter a syslog to only a couple fields, make into a report

How do I setup TCP ROUTING when using an intermediate forwarder

How to configure a universal forwarder to forward 2 syslogs from 1 IP address to 2 different indexes?

How to update only the inputs.conf blacklist stanza on a universal forwarder with a deployment server?

Is it possible to configure cloning AND autoLB simultaneously?

How to re-index the deleted data in splunk.

How to blacklist or whitelist logs monitored in a Windows directory?

What do you look for, and how, to ensure initial log data quality (including field extractions) and ensure it is ongoing?

Can a Search Head be an Indexer as well in a distributed search environment?

Can Windows Events and pcap files can be loaded into Splunk

Deployed Inputs.conf Doesn't Work but system/local does?

Why are report table columns not rendered properly when exporting to PDF or CSV?

Source Type IIS not identifying fields

Cannot find bundles for search peer

preserve host name when using a kiwi server to collect logs

Why am I unable to add a currently running standalone indexer to an indexer cluster using the cluster master?

how Join two search in one table?

Is there anyway to enable a deployment server on an existing Splunk instance without having to reinstall indexers and forwarders?

Has anyone had any success merging their Azure Bil...

Issues with HTTP Event Collector endpoint URL.

Disabling script entry using CLI

Get all data (historical) from qradar to Splunk

Can I fix timestamping while routing to new source...