Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
caili

Why is some of the data that is coming in to Splunk via UDP getting dropped?

Every UDP packet is like this below: <headinfo product="wf" hash="D95F-7C1A-0F4D-A311" msgtype="3840" sip="0"/> <ws...
by caili Path Finder in Getting Data In 05-19-2016
0 3
0
3
acharlieh

What is CLONE_SOURCETYPE used for in transforms.conf? Are there examples?

It gets dangerous when I start looking at docs and start seeing features that I hadn't noticed before. So I was looki...
by acharlieh Influencer in Getting Data In 05-19-2016
3 2
3
2
Lucas_K

How to duplicate data to another index without resending back to tcpout?

I have a situation where I'd like to duplicate some or all events going to one index into another. The only point at...
by Lucas_K Motivator in Getting Data In 05-19-2016
0 4
0
4
xiangtaner

How to overwrite a sourcetype created by "collect" in a summary index?

Hi, I had a sourcetype created by "collect" command in a summary index. Now I modified my queries and want to replac...
by xiangtaner Path Finder in Getting Data In 05-19-2016
0 4
0
4
DanielFordWA

How to re-index data to one indexer when a forwarder is configured to send to two indexers?

I have the following configuration on my forwarder. [tcpout] defaultGroup=indexer1,indexer2,indexer3 [tcpout:indexe...
by DanielFordWA Contributor in Getting Data In 05-19-2016
0 4
0
4
puffycow

App deploys from the Deployment Server, but why is the deployment client not sending any data?

So I am experiencing an oddity with Splunk and I am hoping it is just something I am overlooking. I have an indexer ...
by puffycow Explorer in Getting Data In 05-19-2016
1 4
1
4
gharpe2

How to filter out certain log events before sending the data to a 3rd party system?

I am using Splunk to send log source data to QRadar and need to find a way to filter out certain unwanted log events....
by gharpe2 Explorer in Getting Data In 05-19-2016
0 1
0
1
caili

How can I forward old data to 3rd party systems?

I referred to the document as shown in http://docs.splunk.com/Documentation/Splunk/6.4.1/Forwarding/Forwarddatatothi...
by caili Path Finder in Getting Data In 05-19-2016
0 1
0
1
guruwells

How to convert date time format from my log parser to Splunk?

Hi, I am converting all statements from my log parser tool to Splunk. I didn't get the exact conversion for date and...
by guruwells Explorer in Getting Data In 05-19-2016
0 6
0
6
johnraftery

Logging delay causes a line to get split in two. How to configure line breaking in Splunk to prevent this?

Hi, I'm trying to log Full GC events which look like this in the GC log: 109897.407: [Full GC 109897.407: [CMS: 88...
by johnraftery Communicator in Getting Data In 05-19-2016
0 3
0
3
bravon

How to automatically extract fields from XML data (not using the xmlkv command with the 10000 limit)?

Hi, I collect "WinEventLog:Microsoft-Windows-AppLocker/EXE and DLL" using renderxml=true. I can extract fields from...
by bravon Communicator in Getting Data In 05-19-2016
0 0
0
0
remnant_8

outputcsv: How to include the current Splunk user ID and date in the CSV file name? (ex: splunkuserid_date.csv)

I want output csv like this "splunkuserid_data.csv" automatically. For example: admin_17_05_16_09_07_58.csv I tried ...
by remnant_8 Explorer in Getting Data In 05-18-2016
1 1
1
1
kkancherla

Can there ever be a coldPath and homePath without the index name in the path?

Is it possible to create an index without having the index name in the cold path and home path? Example: [index1] h...
by kkancherla New Member in Getting Data In 05-18-2016
0 2
0
2
NatWong

Can my Splunk 6.2.0 indexer work with a 6.2.9 light forwarder?

I tried reading past posts, but cannot find a definitive answer. Question: Currently, both my indexer and light forw...
by NatWong Explorer in Getting Data In 05-18-2016
0 3
0
3
deltamph

UDP/514 Port not receiving Data from All Sources

I have a UDP/514 Port setup in data inputs. i have a number of machines sending syslog data to this port however onl...
by deltamph Explorer in Getting Data In 05-18-2016
1 7
1
7
satishsdange

How to forward indexed data to another syslog server?

Hi Gang - I know this question has been asked and answered several times, but I could not fix my problem. Could some...
by satishsdange Builder in Getting Data In 05-18-2016
0 5
0
5
srunyon

After upgrade to Splunk 6.4.0 from 6.3.1, why is UDP:514 data being indexed in main and not the syslog index?

I just updated to 6.4.0 from 6.3.1. Data is being received on UDP:514 from my firewalls. This data was indexed as s...
by srunyon New Member in Getting Data In 05-18-2016
0 4
0
4
brdr

Why does this Splunk forwarder instance thinks its a deployment server/client?

Hi, I have defined a forwarder. This forwarder was configured to send its logs to an indexer for testing purposes. D...
by brdr Contributor in Getting Data In 05-18-2016
0 3
0
3
saibhaskar

How to configure a Splunk Universal forwarder on a remote system?

I've already installed the Splunk Universal Forwarder in my remote PC. I gave the Indexer the IP to receive the data ...
by saibhaskar Engager in Getting Data In 05-18-2016
0 1
0
1
Abilan1

Why is old data not being deleted every day after configuring a 3 day retention period for an index?

Hi, I am testing the retention related settings in my test index. I have set up the frozenTimePeriodInSecs = 259200....
by Abilan1 Path Finder in Getting Data In 05-18-2016
0 3
0
3
khagan

Universal forwarder using 40-50% CPU and reports "(process) took longer than seems reasonable...Might indicate hardware or splunk limitations."

A Splunk Universal Forwarder has been using an unusual amount of CPU (between 40% and 50%), specifically by splunk-wi...
by khagan Path Finder in Getting Data In 05-17-2016
0 1
0
1
mtime24

How to edit my data retention policy configuration to delete all data older than two or three weeks?

Hello, I'm currently running Splunk Enterprise on version 6.3 in a non clustered environment and I'm having some iss...
by mtime24 Path Finder in Getting Data In 05-17-2016
0 7
0
7
jdanij

No dashboard graphs or entity info in Splunk App for VMware

Hi splunkers, Last week I've installed Splunk and Splunk App for VMware, everything looks to work fine but to detai...
by jdanij Path Finder in Getting Data In 05-17-2016
0 6
0
6
thomas_forbes

How to force local indexing in each site of a multisite indexer cluster?

I have three geographically separated sites where I am implementing a multisite Splunk Indexer Cluster. The master s...
by thomas_forbes Communicator in Getting Data In 05-17-2016
0 12
0
12
dcroteau

Is there a way to add an index via CLI that includes hot/warm and cold paths without restarting?

Is there a way to add an index via CLI that includes hot/warm and cold paths without restarting?
by dcroteau Splunk Employee Splunk Employee in Getting Data In 05-17-2016
0 1
0
1
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...