Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Monitoring Windows Updates from Splunk

Hello, Is there a way to monitor windows updates from Splunk? I have a VBScript that queries a remote machine for ...

by Communicator in

How to troubleshoot why inputs.conf from a deployed app is not properly applied to a Universal Forwarder (Win7)?

Hi, At the moment I am testing Splunk at work. So far, I only have a single Splunk Enterprise instance (acting as ...

by Explorer in

How to configure a universal forwarder to add multiple fields to events being forwarded via _meta?

We're trying to find a way to have the universal forwarder send data to the indexer essentially pre-marked with a sma...

by Path Finder in

How to implement tagging on a universal forwarder to categorize data so we can filter our searches?

I'm totally lost trying to decipher the impossibly dense abstract documentation here. I need to do something that I'd...

by Path Finder in

How will Splunk respond if a cold database path is not present when data is going to be rolled from warm to cold?

hi folks, We have an issue with our cold database filesystem and the estimate to bring it back is around 10 days. ...

by Super Champion in

How to enable deployment server functionality on a universal forwarder?

Hi, Could anyone please tell me that what is needed on the universal forwarder side to enable deployment server fu...

by Communicator in

Why am I getting indexer error "EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX-\x00\x00j\x00fre"?

I have the following error message appearing every ~3 seconds. My searches have not yielded anyone who has this issue...

by Communicator in

Hostname in file monitoring of syslog

Hi, I have Splunk monitoring a Kiwi log files of syslog data. The problem I am having is the the source of the da...

by Engager in

How to install Splunk forwarders on AWS EC2 instances?

I have Splunk Enterprise on an AWS EC2 Server, and need to install forwarders on two other EC2 Instances. Can someone...

by Engager in

Can Splunk do filtering based on the index name rather than source or sourcetype?

We have a condition where we need to filter out data based on the byte count in the log. We have collapsed the source...

by Path Finder in

How to deploy a Splunk environment to monitor switches, routers, and database servers within our local area network?

Hi, I would like to know the environment to install in case I use Splunk Enterprise (Trial version). I just want t...

by Path Finder in

What is a good way to compare all the VMs in a VMware vSphere with all of the universal forwarders I have installed?

First off, let me say that we do not have plans to purchase the VMware app. I would like to be able to identify an...

by Motivator in

When blacklisting by index name in outputs.conf, what is the variable 'n' in "forwardedindex.n.blacklist = IndexName"?

I see a lot of documentation for black listing by index name in outputs.conf, but I am a bit confused as to the varia...

by Contributor in

How to set earliest and latest for the time range in a dashboard from the earliest and latest event timestamps?

I've read through a number of answers, but none quite gives what I want. I have daily tests that run and my dashb...

by Champion in

Is it expected behavior for Hunk to delete files as they age from the dispatch directory used for MapReduce?

We are using Hunk with MapR. There is a dispatch directory that Hunk uses for the reduce of the map reduce. /mapr/tmp...

by Splunk Employee in

Does an intermediate forwarder need to be a heavy forwarder, or can a universal forwarder be used?

I am interested in forwarding syslog and Windows events from a DMZ to Indexers which reside inside our network. We ar...

by Path Finder in

How do you group field values based upon user, and then filter users that have only one type of value?

Each user can have two values of type: movement and check-in. There are some users that only have movement and never ...

by New Member in

How to set up an environment with an indexer on one machine and a search head on another?

Dears, May I know please if it's possible to have a setup in which I will have only two machines: one of them will...

by Explorer in

How to route locally indexed events (from the perspective of an indexer) to another environment?

All -- I'm seeking any advice I can get at this point. A little background. I manage two different user communitie...

by Path Finder in

How to search a list of forwarders and what indexes they are sending data to?

How to search a list of forwarders sending data to a single index or multiple indexes? ie: forwarder (A) sending t...

by New Member in

Getting Data In

Discussions

Monitoring Windows Updates from Splunk

How to troubleshoot why inputs.conf from a deployed app is not properly applied to a Universal Forwarder (Win7)?

How to configure a universal forwarder to add multiple fields to events being forwarded via _meta?

How to implement tagging on a universal forwarder to categorize data so we can filter our searches?

How will Splunk respond if a cold database path is not present when data is going to be rolled from warm to cold?

How to enable deployment server functionality on a universal forwarder?

Why am I getting indexer error "EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX-\x00\x00j\x00fre"?

Hostname in file monitoring of syslog

How to install Splunk forwarders on AWS EC2 instances?

Can Splunk do filtering based on the index name rather than source or sourcetype?

How to deploy a Splunk environment to monitor switches, routers, and database servers within our local area network?

What is a good way to compare all the VMs in a VMware vSphere with all of the universal forwarders I have installed?

When blacklisting by index name in outputs.conf, what is the variable 'n' in "forwardedindex.n.blacklist = IndexName"?

How to set earliest and latest for the time range in a dashboard from the earliest and latest event timestamps?

Is it expected behavior for Hunk to delete files as they age from the dispatch directory used for MapReduce?

Does an intermediate forwarder need to be a heavy forwarder, or can a universal forwarder be used?

How do you group field values based upon user, and then filter users that have only one type of value?

How to set up an environment with an indexer on one machine and a search head on another?

How to route locally indexed events (from the perspective of an indexer) to another environment?

How to search a list of forwarders and what indexes they are sending data to?

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

Splunk Log4J2 Appender in Spring Boot with Maven

zScaler logs via Syslog causing problems with line...

customize log event to splunk hec

Salesforce AsyncApexJob only ingests once

How to monitor a script which never stop ?

Getting Data In

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >