Getting Data In

Ask a Question

Discussions

Thread Info

Is there an easy way to get resource usage per Splunk process for a universal forwarder?

Hi, Is there an easy way to get resource usage for a universal forwarder? I don't see anything in the distributed ...

by Champion in

domaintools & Splunk ES Integration

Hello, I see in the ES Guide @ http://docs.splunk.com/Documentation/ES/latest/Install/AdvancedThreatdashboards ...

by Path Finder in

I installed a universal forwarder, but the system still indicates my forwarder is inactive. How do I activate it?

I'm trying to retrieve data from another server using a universal forwarder. I succeeded in installing the universal ...

by New Member in

How to configure inputs.conf to only index the log generated today from my sample data?

hi my friends, I have some logs like this: --localhost_access_log2016-06-24.txt --localhost_access_log2016-06-2...

by New Member in

Why is my Splunk indexer showing Latest "in 15hours"?

I am showing some of my indexers' Latest collection times as "a second ago." On others, it show "in 15 hours." What d...

by New Member in

How to export and dump saved search results from Splunk 5.0.4 in CSV format to some other server location?

Hi All, I am working on Splunk 5.0.4 in our environment. We have a requirement to export search results in CSV for...

by Explorer in

When adding an indexer to a distributed environment, is there a configuration that makes indexers exchange events to auto load balance them?

Is there a configuration that makes indexers exchange events in order to auto load balance them? Let's say I add an i...

by Explorer in

Why am I unable to route syslog data to an index other than main?

I almost hesitate to ask this because I know the answer must be simple. I have a small indexer clustering environm...

by Communicator in

Bad default system timezone recognition

I am indexig aix_audit data from my splunk instance (AIX) The servers timezone seems to be ok - Tue Oct 9 17:08:0...

by Communicator in

How do I convert the format of this timestamp in Splunk?

How do I convert 2016-06-17T14:16 to 2016-06-17 14:16:00 format in Splunk? Appreciate your help.

by New Member in

How to index zero byte files where the information is found in the name of the file?

How to index zero byte files? For some reason, a customer created a monitoring file that only contains information on...

by Communicator in

Splunk not matching files with wildcard in monitor path in inputs.conf

I'm running splunk forwarder 6.4.1 on Ubuntu 14.04. I'm attempting to use splunk to monitor Jenkins build logs, which...

by New Member in

Problems to collect data from Domain Controller (Active Directory)

Hi Guys, I have configured Splunk App for Windows Infraestructure on my Splunk Indexer. I also installed splunkfor...

by New Member in

How to monitor multiple data pipelines?

I'm planning to introduce index parallelization into our Splunk deployment given the additional resources we have on ...

by Path Finder in

Where in Splunk are my log files indexed?

I am using Splunk 6.0. I configured a log file to be automatically indexed in Splunk by editing inputs.conf. I am abl...

by New Member in

How to configure Splunk to parse uppercase field values and make them lowercase?

I have an index that has some data entering written in uppercase and other data in lowercase, but they are about the ...

by Path Finder in

How to view Security intelligence events from Sourcefire in Splunk?

I am logging events from my Defence centre to Splunk, however, while I do receive the Intrusion events, I am not rece...

by New Member in

How do I edit my inputs.conf monitor stanzas to route data to the correct indexes?

Hello I have some VMware hosts that I want to put data into a specific index for, but it currently is going to ano...

by Builder in

Using Splunk's REST API to build aggregate reports, how do we view results in CDT with the correct time format?

We are using Splunk REST API (search/jobs/export) to build aggregated reports. Splunk server is in EDT, but we wan...

by Engager in

How do I use requireHeader to override indexing settings for a TCP input?

The inputs.conf documentation describes a requireHeader setting for TCP inputs: requireHeader = bool Require ...

by Builder in

Why is a .gz file created by log rotation indexed again by Splunk ?

I have a log file called test_logs.log and once hits a specific size, it rotates to create test_logs.log.1.gz. I moni...

by Communicator in

How can I monitor IIS Application pool state?

How can I monitor IIS Application pool state? Is it possible through WMI query or performance monitor? Can anyo...

by Communicator in

How to edit my wildcard syntax to monitor logs from a file path that contains the current date?

I am trying to extract a log file using below configuration in inputs.conf C:/logs/28062016/*.log 28062016 is ...

by Communicator in

How do I configure line breaking in props.conf based on my sample logs?

Wanted to do custom line breaking for a sourcetype. Logs looks like below. Currently every line is identified as an e...

by Explorer in

Trying to add an indexer on AWS, how to resolve error "Master is down! Make sure pass4SymmKey is matching if master is running."?

I created a Splunk environment on AWS by using Splunk AMI. 1 master 2 search heads 3 indexers They are in the sa...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is there an easy way to get resource usage per Splunk process for a universal forwarder?

domaintools & Splunk ES Integration

I installed a universal forwarder, but the system still indicates my forwarder is inactive. How do I activate it?

How to configure inputs.conf to only index the log generated today from my sample data?

Why is my Splunk indexer showing Latest "in 15hours"?

How to export and dump saved search results from Splunk 5.0.4 in CSV format to some other server location?

When adding an indexer to a distributed environment, is there a configuration that makes indexers exchange events to auto load balance them?

Why am I unable to route syslog data to an index other than main?

Bad default system timezone recognition

How do I convert the format of this timestamp in Splunk?

How to index zero byte files where the information is found in the name of the file?

Splunk not matching files with wildcard in monitor path in inputs.conf

Problems to collect data from Domain Controller (Active Directory)

How to monitor multiple data pipelines?

Where in Splunk are my log files indexed?

How to configure Splunk to parse uppercase field values and make them lowercase?

How to view Security intelligence events from Sourcefire in Splunk?

How do I edit my inputs.conf monitor stanzas to route data to the correct indexes?

Using Splunk's REST API to build aggregate reports, how do we view results in CDT with the correct time format?

How do I use requireHeader to override indexing settings for a TCP input?

Why is a .gz file created by log rotation indexed again by Splunk ?

How can I monitor IIS Application pool state?

How to edit my wildcard syntax to monitor logs from a file path that contains the current date?

How do I configure line breaking in props.conf based on my sample logs?

Trying to add an indexer on AWS, how to resolve error "Master is down! Make sure pass4SymmKey is matching if master is running."?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!