Getting Data In

Discussions

Thread Info

REST rebalance_primaries

We're hitting max capacity in one of our (smaller file system) indexers and attempted a bucket rebalance with no luck...

by Builder in

How configure SED props.conf on a Heavy Forwarder to make a field CIM compliant?

All, My first time messing with data manipulation at the heavy forwarder tier. Specifically looking to CIM a fiel...

by Builder in

Why is must_break_after configuration not working?

I have a large (10's of thousands of lines) data stream that runs every 10 minutes and I want it to break after this ...

by Contributor in

Why is the deployment server reporting missing forwarders after moving an indexer to physical hardware from virtual?

Hey gang. This is somewhat urgent. Moved the indexer to a physical box from a virtual. In our situation we use an ...

by Explorer in

How to set up a heavy forwarder/deployment server on one server?

After building a deployment and a heavy forwarder on one server we seem to be having issues when we point the univers...

by Contributor in

Moving to a least privileged model for service accounts, what permissions are needed for WMI collections, the universal forwarder, and folder monitoring and database connections?

We are moving to a least privileged model for service accounts and I have to ask the question of what permissions Spl...

by Contributor in

What are the indexer hardware requirements for a small amount of input, but a very long retention time?

We are intending to input about 35GB/day into Splunk enterprise. That can easily be handled by a single "reference" h...

by New Member in

Can someone help me understand how protocols, permissions, and communication are configured for universal forwarders?

Protocols, I am assuming that everything is running on TCP, but perhaps UDP is required as wellPermission, there is n...

by Explorer in

Why does my Splunk 6.3.2 Distributed Management Console display incomplete and odd information?

Last week I setup a dedicated 6.3.2 DMC per the magic documentation, but it doesn't seem to be working correctly. ...

by Motivator in

Why is a silent installation of a universal forwarder failing with "CopyCerts: Error 0x80004005: Cannot copy certificates."?

Hello I'm trying to prepare script for silent install of UniversalForwarder to automate installing it on many hosts. ...

by Explorer in

What port(s) will a Cluster Master function on when talking to indexers?

What port(s) will a Cluster Master function over when talking to the indexers?

by Contributor in

Why is splunk/_internaldb/db suddenly indexing high volumes of internal logs in our environment (8-10GB per day)?

Hello Team, splunk/_internaldb/db is indexing high volumes of internal logs in our environment (8-10GB per day). ...

by Path Finder in

Convert Epoch using Props.conf

I have events that are coming in with no timestamp except for a field "event_sec" which gives me the time in epoch fo...

by Path Finder in

serverclass.conf blacklist not working

I'm transitioning my hosts from one set of indexers in Seattle to another set in Atlanta, in between, a heavy forward...

by Communicator in

Is this the correct stanza and location to monitor specific files on a *nix server with a universal forwarder?

I am trying to have my universal forwarder monitor a specific file or sets of files on a *nix server: Would this be t...

by Path Finder in

Trying to set up a distributed management console on the master node of my indexer cluster, why am I getting "duplicate instance name"?

Hi Splunkers! I'm about to set up a Distributed Management Console on my Master node of my indexer cluster. Unfor...

by Motivator in

How to set up Splunk to monitor logs and configure distributed search across 4 different development environments (Dev > Tst > Stg > Prod) in AWS

We have four AWS accounts to host different development environments: Dev -> Tst -> Stg -> Prod Requirements: We w...

by New Member in

How to create a Non Administrative User Account to run universal forwarders to forward Windows security logs?

Hi All, I need to install a Universal forwarder in our environment, but due to strict policies, we cannot give the...

by Path Finder in

Inputs.conf Settings for IAS Logs Takes 100% CPU

I've been pulling my hair out on this one for weeks and I'm finally to the point where I need a sanity check. I'm ...

by Explorer in

Validate third party ssl splunk2splunk communication

Hi splunkers I've configured 3rd party ssl between indexer and h.f. indexer 9997 open for tcp, 9996 for ssl. I've ...

by Motivator in

Matching Windows path in props.conf

I'm trying to set up the Splunk for A10 Networks app. It expects syslog data on UDP port 514. My data is coll...

by Explorer in

Is it possible to monitor a file in a directory with a wildcard in the path?

Hello fellow splunkers! I'm about to set up an universal forwarder monitoring a specific path on a server. On this...

by Motivator in

Is it possible to create a batch data input via the REST API?

I maintain an app with a data input wizard, under the hood of which is a custom controller that can list and create n...

by SplunkTrust in

Universal Forwarder folder path monitor

What stanza do i set in the Universal Forwarder to send data to the indexers from a folder path? I want to send outp...

by Contributor in

line_breaker help

I'm struggling getting my data to break to events. A REST call gives me a csv in a long straight line, without any ch...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

REST rebalance_primaries

How configure SED props.conf on a Heavy Forwarder to make a field CIM compliant?

Why is must_break_after configuration not working?

Why is the deployment server reporting missing forwarders after moving an indexer to physical hardware from virtual?

How to set up a heavy forwarder/deployment server on one server?

Moving to a least privileged model for service accounts, what permissions are needed for WMI collections, the universal forwarder, and folder monitoring and database connections?

What are the indexer hardware requirements for a small amount of input, but a very long retention time?

Can someone help me understand how protocols, permissions, and communication are configured for universal forwarders?

Why does my Splunk 6.3.2 Distributed Management Console display incomplete and odd information?

Why is a silent installation of a universal forwarder failing with "CopyCerts: Error 0x80004005: Cannot copy certificates."?

What port(s) will a Cluster Master function on when talking to indexers?

Why is splunk/_internaldb/db suddenly indexing high volumes of internal logs in our environment (8-10GB per day)?

Convert Epoch using Props.conf

serverclass.conf blacklist not working

Is this the correct stanza and location to monitor specific files on a *nix server with a universal forwarder?

Trying to set up a distributed management console on the master node of my indexer cluster, why am I getting "duplicate instance name"?

How to set up Splunk to monitor logs and configure distributed search across 4 different development environments (Dev > Tst > Stg > Prod) in AWS

How to create a Non Administrative User Account to run universal forwarders to forward Windows security logs?

Inputs.conf Settings for IAS Logs Takes 100% CPU

Validate third party ssl splunk2splunk communication

Matching Windows path in props.conf

Is it possible to monitor a file in a directory with a wildcard in the path?

Is it possible to create a batch data input via the REST API?

Universal Forwarder folder path monitor

line_breaker help

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

DB Connect SQL Procedures