Getting Data In

Discussions

Thread Info

Change WinHostMon sourcetype

I'm checking out http://docs.splunk.com/Documentation/Splunk/6.0.2/Data/MonitorWindowshostinformation features instea...

by Ultra Champion in

Splunk forwarder, how can I forward data to some port with some index name and different sourcetypes for different files?

Splunk forwarder, how can I forward data to same port at different server with same index name and different sourcety...

by Communicator in

How can I add a UI element in a dashboard to select the source?

I have created some dashboard that I use to expedite debugging of certain issues with one of our applications. The is...

by Explorer in

Daily indexing volume limit exceeded today. See License Manager for details

Hi I'm getting this message "Daily indexing volume limit exceeded today. See License Manager for details" I'm ...

by Contributor in

wrong event timestamp

After the data is forwarded to indexer, the date format for event seems to be incorrect for some events (whereby the ...

by Communicator in

props.conf and splitting events

Hi , I am trying to break a event using props.conf but failing issues any help is appreciated: My event stream ...

by Path Finder in

Splunk and Different Timezones

Hi All, I have a scenario where I am indexing event logs from Windows servers across 5 different time zones: ...

by Path Finder in

When import TSV file, a field end with '\' will be combined with the following field wrongly

I'm importing tab-delimited files formatted as the following. The space is tab. "field1 field2 field3 fi...

by Explorer in

Substituting _time with an extracted time field changing behavior unexpectedly

Details: The data is coming in from syslog and the time that I want to base my searches off of is in fact the...

by Motivator in

Determine Universal Forwarder vs Other Forwarder from Logs

I know that you can run splunk version to get an output telling you whether a Splunk install has the UF binaries or t...

by Splunk Employee in

[syslog] TCP stops normal [tcpout]

I have [tcpout] configured as below and is working fine. However i now have a requirement to syslog one sourcetype to...

by Path Finder in

Setting up Cisco IPS Sensors

I recently downloaded and setting up splunk for a POC and we would like to include our Cisco IPS Sensors which use SD...

by Path Finder in

Universal Forwarder app not going to correct index or sourcetype

I'm trying to do what has always been a routine task for me: I'm indexing data as specified in inputs.conf on a Unive...

by Builder in

Redact syslog using Splunk?

What we are trying to do is pipe DLP incident data to Splunk using syslog. However the challenge is that we need to r...

by Explorer in

Wrong originating host when forwarding syslog from indexer to third party?

Hi, i have a weird problem with forwarding logs from my apache servers to both spunk and a 3rd party syslog server...

by New Member in

Reset frozenTimePeriodInSecs

How often does Splunk check for aged data and reclaim disk space? I reset the frozenTimePeriodInSecs on an indexer fr...

by Builder in

Indexer Configuration

We have 3 new HP Red Hat Servers we need to install with 13 already running. All of them have 8 drives and the new on...

by Builder in

Windows Failed Login Top Ten count

I am trying to get the top 10 Failed Login count by User. The problem is that Windows 2008 uses "AccountName" and Win...

by Explorer in

Is it possible to check sed performance in props.conf?

Is there a way to test the performance of sed scripts running in props.conf? I'm not an expert in regular expressions...

by Builder in

which format is efficient for splunk indexing : XML or JSON

Hi Which is best format to index for the splunk indexer XML or JSON... what is recommendation from SPlunk like whi...

by Explorer in

Getting Data In

Discussions

Change WinHostMon sourcetype

Splunk forwarder, how can I forward data to some port with some index name and different sourcetypes for different files?

How can I add a UI element in a dashboard to select the source?

Daily indexing volume limit exceeded today. See License Manager for details

wrong event timestamp

props.conf and splitting events

Splunk and Different Timezones

When import TSV file, a field end with '\' will be combined with the following field wrongly

Substituting _time with an extracted time field changing behavior unexpectedly

Determine Universal Forwarder vs Other Forwarder from Logs

[syslog] TCP stops normal [tcpout]

Setting up Cisco IPS Sensors

Universal Forwarder app not going to correct index or sourcetype

Redact syslog using Splunk?

Wrong originating host when forwarding syslog from indexer to third party?

Reset frozenTimePeriodInSecs

Indexer Configuration

Windows Failed Login Top Ten count

Is it possible to check sed performance in props.conf?

which format is efficient for splunk indexing : XML or JSON

Sourcefile name changes at index time - intermitte...

Troubleshoot the Splunk Add-on for Microsoft Cloud...

Salesforce Add-on - Lost my server and trying to r...

Configure Azure Storage Blob Modular Input for Spl...

syslog