Getting Data In

Community Activity

How do I redirect data to a different set of indexers via my heavy forwarder? All, I want to set aside a handful of indexers to store important data. I have a heavy forwarder setup. So should b... by daniel333 Builder in Getting Data In 07-26-2016 0 3	0	3
How do i make stored logs be parsed according to a diffrent sourcetype? I have a logs stored in splunk and they are of sourcetype=test, but I recently found this app that parses these type ... by mkudejim Explorer in Getting Data In 07-26-2016 1 8	1	8
understanding search time vs index time Despite having recently finished the Splunk Admin course, I'm still fuzzy on the terms "index-time" and "search-time"... by DaClyde Contributor in Getting Data In 07-26-2016 2 7	2	7
How to see if two different hosts have failure event records? I need to return a "yes" if (host=A has events > 0 and host=B has events > 0) else '"no" by riotto Path Finder in Getting Data In 07-26-2016 0 5	0	5
Splunk Universal Forwarder On AIX Fails To Start After Upgrade To Spunk 6.4.x After upgrading Splunk Universal Forwarder to version 6.4.0 or above, Splunk will no longer start and the following e... by dshakespeare_sp Splunk Employee in Getting Data In 07-26-2016 3 2	3	2
Is it possible to set up a Splunk deployment with just 1 indexer and 1 search head? Is it possible to set up Splunk with Just 1 Indexer, and 1 Search head? I began to attempt this through the Distribut... by Jarohnimo Builder in Getting Data In 07-25-2016 0 8	0	8
Trying to set up forwarder for Splunk Light - Download Universal Forwarder Credentials link returns 404 I am trying to set up a universal forwarder (Windows) to send data to our new Splunk Light trial account. I am follo... by lorenh Explorer in Getting Data In 07-25-2016 0 6	0	6
How to index data which is forwarded to DNS? Hello I am using DNS lists for load balancing. I am pointing my forwarders to send data to my DNS, but I was wonderi... by saifuddin9122 Path Finder in Getting Data In 07-25-2016 0 10	0	10
what if indexer is unavailable when using DNS list load balancing a universal forwarder will request to resolve XXXXXX (DNS) and it may get an IP address of the indexer that is no lon... by saifuddin9122 Path Finder in Getting Data In 07-25-2016 0 1	0	1
How filter by source name and keep only the last version We use splunk to generate reports and provide them to an external application (Tableau). The data source are csv file... by bvivi57 Observer in Getting Data In 07-25-2016 0 7	0	7
Do WinEventLog blacklists use AND or OR for a list of eventcodes? Hi, I am reading an Active Directory eventfeed, and it has an extensive blacklist (see below). Are these blacklists ... by a212830 Champion in Getting Data In 07-25-2016 0 5	0	5
Need help with props on multiline event We're bringing in syslog's from datapower units, and they have a rough log setup: Jul 22 09:00:20 10.214.8.104 [0x80... by banderson7 Communicator in Getting Data In 07-25-2016 0 8	0	8
Get dynamic json property names I have some structured json logs that indicate some validation errors, and depending on the error, a different proper... by tmortiboy New Member in Getting Data In 07-25-2016 0 1	0	1
What system logs are needed to deploy Splunk effectively and cover the SANS top 20? Need to determine where to deploy forwarders Hi I am deploying Splunk in an environment and would like to capture as many security aspects from the SANS top 20 ... by jardakanian New Member in Getting Data In 07-24-2016 0 1	0	1
Events breaking on dates instead of the must break only on param from btools prop list run on search head. The events still break on dates within the events rather than the "--------... by Cuyose Builder in Getting Data In 07-23-2016 0 9	0	9
How to set up a license for a Heavy Forwarder that is also a Deployment Server? Hi. I have an Indexer/SearchHead/Deploy server sitting on one zone, and a Heavy Forwarder/Deploy server sitting on a... by andrewdidone Path Finder in Getting Data In 07-23-2016 1 5	1	5
Do you use Local or Default directories for your data inputs? Always place your edits in local directors. (Removed the question because it was confusing) by Jarohnimo Builder in Getting Data In 07-23-2016 1 3	1	3
Can we export saved search results to outputs.csv? Hi, Is there a way we can upload all my saved search results to CSV file for scheduled search? Thanks by splunker9999 Path Finder in Getting Data In 07-23-2016 1 4	1	4
How would you manipulate the host name at index time based on serverclass? What would a props/transform look like on an indexer that would append to the hostname field at index time based on t... by Cuyose Builder in Getting Data In 07-23-2016 0 3	0	3
How to edit our forwarder inputs.conf for NetApp to forward data to our indexer? We have moved some of our jobs over to a NetApp configuration on a brand new server, but I cannot get the data forwar... by thompsonsgg New Member in Getting Data In 07-22-2016 0 3	0	3
New VMWare app I saw the new VMWare app ath .conf2011. When will it be available for download? by jphelps2011 New Member in Getting Data In 07-22-2016 0 4	0	4
How can I filter out HTTP 301 and 302 on a linux Heavy forwarder so that it doesn't forward those logs to the cloud indexer I am new to Splunk and can see previous post for filtering out Security logs. Please would anyone be able to help wit... by eosi New Member in Getting Data In 07-22-2016 0 3	0	3
Having some trouble with an infinite forwarding loop - Windows Event Logs Hello I'm having a problem with Windows Event logs coming into Splunk. Windows Events log every time that the Forwa... by janderson19 Path Finder in Getting Data In 07-22-2016 2 5	2	5
Intermediate forwarder connections timeout I have about 1300 hosts configured with uni forwarders sending data to a single heavy forwarder. The heavy forwarder ... by mlindsey Explorer in Getting Data In 07-22-2016 5 6	5	6
Universal Forwarder not sending data - timed out I've installed a universal forwarder on a linux box and configured it, but I'm getting the following errors. I'm run... by john_byun Path Finder in Getting Data In 07-22-2016 1 8	1	8