Getting Data In

Ask a Question

Discussions

Thread Info

Why am I seeing duplicate events in Splunk with my current configuration?

Hi All, I am facing a problem with duplicate events in splunk, below is my configuration: props.conf: [sourc...

by Contributor in

Why am I unable to send events to a syslog server with my current heavy forwarder configuration?

Background I tried to configure sending events to a syslog server. Here is my configurations outputs.conf [sysl...

by Path Finder in

YYYYMM timestamp - can Splunk extract time using strptime?

My data format can be seen below (CSV). The date field ("PERIOD") is in %Y%m format. ...,PERIOD ...,201512 Al...

by Contributor in

How do I correct my configurations for proper Splunk timestamp recognition?

Hi, I have a problem with the Splunk timestamp. I know that when you have a problem with timestamp, you can mod...

by Explorer in

Does Splunk have a mechanism to read logs from Cloud Object Storage?

Hello, We have been using a cloud provider to host some of our instances and the logs are being stored in containe...

by Explorer in

How to forward events from one indexer to another?

Hi, I have two Splunk instances and events are being indexed in one instance (indexer) with index name ABC. I want...

by Explorer in

How to monitor a database table that is continually growing?

Are there ways (or using Splunk app? ) to monitor database table that is continually growing? I suppose one way is to...

by Path Finder in

How to upsert to the KV Store via REST API?

http://dev.splunk.com/view/SP-CAAAEY7 states that the KV store allows "upserts", but doesn't elaborate on how to perf...

by Path Finder in

How to configure a universal forwarder to receive syslog messages, and then forward to Splunk Enterprise on another server?

Trying to figure out how to receive syslog messages sent to port 6514 over TLS on a Splunk universal forwarder, and t...

by Contributor in

How to configure a forwarder so it does not forward any data that appeared while the forwarder was stopped?

Sometimes due to a space issue, we have to stop the forwarder from sending data to Splunk. However, when we start the...

by Path Finder in

Why am I getting forwarder error "TailReader - File will not be read, seekptr checksum did not match" and how can I fix this?

■ErrorMessages 01-20-2016 16:35:21.999 +0900 ERROR TailReader - File will not be read, seekptr checksum did not match...

by Explorer in

SPlunk SNMP Traps

We integrated Splunk with CA Spectrum, but how do we send SNMP traps from Splunk? Please share the process or script ...

by New Member in

How to monitor Windows SMTP relay data to find rejections?

My team and I are integrating our monitoring tools into our ticketing system. To open a ticket I need to email a spec...

by Builder in

How to parse json from syslog messages coming in on udp:514?

Hi I want to send the same json-encoded structures on HTTP Event collector/REST API as well as syslog udp/tcp. One...

by Path Finder in

Could you provide "OPSEC LEA for Check Point" for Windows platform ???

Dear Sir Our customer's Splunk Server OS is Windows. They need to enable "OPSEC LEA for Check Point" Apps on th...

by Path Finder in

Can we run a scripted input on demand?

We have a Splunk dashboard - one of the panels (search) uses splunk dbmon:dump to fetch the details from an Oracle DB...

by New Member in

How do I edit configurations to correct the timezone for UTC proxy logs?

Something is wrong with the BlueCoat proxy logs in Splunk. I am pulling them from the FTP server, and this server has...

by Contributor in

How can I use Splunk to determine Phishing email?

How can I use Splunk to determine Phishing emails, text, or voice?

by New Member in

Why is Splunk combining lines in a small percentage of random events? JSON logs in particular.

I populate a log file that has one JSON event per line. Each event is about 1,500 bytes. The majority of the events a...

by Builder in

What is the correct sourcetype to configure data input in Splunk as XML instead of raw?

I'm looking for a data sourcetype to use with monitoring an endpoint using XML parser. What would be the correct data...

by New Member in

Splunk not breaking events on line break properly

Ok, I'm at my wits' end here. I have an application log which produces events of the format: DEBUG | 2012-02-16 1...

by Engager in

Using Splunk to collect Syslog and forward to remote syslog

So Splunk can collect syslog by configure data input at TCP/UDP port 514. Can I know: Splunk does not manipulate t...

by Path Finder in

Splunk is indexing some of my json objects together in one event

I've seen related questions on this subject, but I'm a total newb to splunk so I can't figure out if the problem they...

by Explorer in

I have a question about raw data and index data in indexer. Please help me to understand.

Hi friend, I've a server and already install splunk. This server has many log file (tar.gz) that import from anoth...

by Explorer in

Question regarding .tsidx and journal.gz file

Hi, I have Splunk installed on Linux and my /data directory is going to full very soon and on further findings wha...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why am I seeing duplicate events in Splunk with my current configuration?

Why am I unable to send events to a syslog server with my current heavy forwarder configuration?

YYYYMM timestamp - can Splunk extract time using strptime?

How do I correct my configurations for proper Splunk timestamp recognition?

Does Splunk have a mechanism to read logs from Cloud Object Storage?

How to forward events from one indexer to another?

How to monitor a database table that is continually growing?

How to upsert to the KV Store via REST API?

How to configure a universal forwarder to receive syslog messages, and then forward to Splunk Enterprise on another server?

How to configure a forwarder so it does not forward any data that appeared while the forwarder was stopped?

Why am I getting forwarder error "TailReader - File will not be read, seekptr checksum did not match" and how can I fix this?

SPlunk SNMP Traps

How to monitor Windows SMTP relay data to find rejections?

How to parse json from syslog messages coming in on udp:514?

Could you provide "OPSEC LEA for Check Point" for Windows platform ???

Can we run a scripted input on demand?

How do I edit configurations to correct the timezone for UTC proxy logs?

How can I use Splunk to determine Phishing email?

Why is Splunk combining lines in a small percentage of random events? JSON logs in particular.

What is the correct sourcetype to configure data input in Splunk as XML instead of raw?

Splunk not breaking events on line break properly

Using Splunk to collect Syslog and forward to remote syslog

Splunk is indexing some of my json objects together in one event

I have a question about raw data and index data in indexer. Please help me to understand.

Question regarding .tsidx and journal.gz file

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

DB Connect SQL Procedures

Possible lineabreaker issue with lastlog in Splunk...

Splunk HF Stops Receiving Fortigate WAF Logs via S...

_TCP_ROUTING with clustered indexers system logs

JSON Data extraction issues with Comma