Getting Data In

Community Activity

Microsoft-Windows-PrintService/Operational Logs I want to monitor who is printing to which printer on my remote print server. Eventually I only want to see event ID ... by corommendoza Explorer in Getting Data In 04-29-2016 1 14	1	14
What configuration file contains app version numbers so I can propagate version numbers from GitHub to Splunk? Hi, firstly my apologies if this isn't the correct forum, but I wonder whether you may be able to help me please. I... by IRHM73 Motivator in Getting Data In 04-29-2016 0 2	0	2
We would like to use a Linux search head with a Windows indexer cluster. Is there documentation on cross OS platforms compatibility? https://answers.splunk.com/answers/24099/indexers-on-windows-and-linux-for-same-environment.html http://docs.splunk.c... by gavsdavs_GR Path Finder in Getting Data In 04-28-2016 1 15	1	15
Windows Universal Forwarder default scripted inputs do not respect "disabled=" parameter. I have been trying to disable the disable the default scripted inputs from a Windows Universal Forward (version 6.2.1... by jimodonald Contributor in Getting Data In 04-28-2016 1 6	1	6
Split event into multiple events I am indexing syslog traps stored to a file. I am building a transaction based on that where if the value of a partic... by evan_roggenkamp Path Finder in Getting Data In 04-28-2016 0 1	0	1
Why is _time different between apps for the same data in Splunk Cloud? Hi, For whatever reason, I have data in Splunk Cloud which has a different _time value depending on which app you v... by hhGA Communicator in Getting Data In 04-28-2016 0 6	0	6
Running Splunk in Azure (or any cloud environment) Wondering if there are any best practices (or reference architectures) for running Splunk against an Azure (or anothe... by davefellows Engager in Getting Data In 04-27-2016 3 5	3	5
How can I access the logs which are available in a MySQL database on a remote server? How can I access the logs which are available in My SQL database in my remote server? Hi i am having two servers i.e... by Monica7 New Member in Getting Data In 04-27-2016 0 4	0	4
What configuration file do I need to edit on a Windows universal forwarder to exclude performance monitoring? Brand new to Splunk. Installed the universal forwarder on a Windows Server and see the logs populating on my Splunk ... by bharrell Path Finder in Getting Data In 04-27-2016 0 2	0	2
How to handle SSL certificate verification for REST API calls from a Splunk app/add-on? I'm developing a Splunk Add-on, and use the REST API in a couple of places to do stuff like look up config values and... by snargleplax Explorer in Getting Data In 04-27-2016 0 5	0	5
Splunk Universal Forwarder and TCP Data: What exactly is Splunk looking for to determine EOF? According to the doc here: http://docs.splunk.com/Documentation/Splunk/6.3.3/Forwarding/Setuploadbalancingd Importa... by tsunamii Path Finder in Getting Data In 04-27-2016 3 4	3	4
Can anyone provide guidance on my plan to configure cold storage in indexes.conf? So, I got the 150TB cold, but they are mounted into /mnt/splunk1/cold and /mnt/splunk2/cold. I figured that may caus... by ccsfdave Builder in Getting Data In 04-26-2016 0 2	0	2
How to configure inputs.conf on a Splunk forwarder to only read a file once? Hello, Is there a way to tell the Splunk forwarder not to keep monitoring a file after it's been indexed once? We ar... by echalex Builder in Getting Data In 04-26-2016 1 5	1	5
Why does monitoring for a log file keep stopping and getting error "BatchReader - Removed from queue..."? Hello I have a monitor on a log file that is continuously written to. It seems that the monitor keeps stopping and t... by tkwaller Builder in Getting Data In 04-26-2016 0 5	0	5
How to configure file monitoring to make the full content of a file as one event? I have Login files in a folder that are overwritten each time a person logs in. I would like to read in the entire f... by hartfoml Motivator in Getting Data In 04-26-2016 0 12	0	12
How to configure transforms.conf on a heavy forwarder to combine sourcetype and host into one host key? I'm exporting events from a Heavy Forwarder to syslog without indexing (throwing to nullQueue after syslog output). ... by ehudb Contributor in Getting Data In 04-26-2016 0 2	0	2
Why were logs indexed at a time when Splunk was not running on the host? Splunk was running on the time period 00:00 07:00. and stopped at 07:00, but few logs were captured at the time 08:15... by Madhan45 Path Finder in Getting Data In 04-26-2016 0 1	0	1
Should we install universal forwarders at each of our branch locations to forward data directly to Splunk Cloud? We are looking at leveraging Splunk Cloud and we have branch locations all over the country in which we will need to ... by roacha New Member in Getting Data In 04-25-2016 0 2	0	2
How do we calculate the RAM usage by applications on different servers? I am trying to figure out how much RAM an app on a Windows server is consuming for a given index. by PreetiKa Engager in Getting Data In 04-25-2016 0 2	0	2
How to configure Splunk to only index data from a database from the last 30 days? I have a database that stores proxy info which I want to index. The problem is that there is way too much data and I ... by singhh4 Path Finder in Getting Data In 04-25-2016 0 1	0	1
Why does splunk think it can't parse my timestamp I am seeing some odd behavior. My setup is this: Splunk 6.3.1 Enterprise, 1 search head, 4 indexers, 1 forwarder Pl... by lyndac Contributor in Getting Data In 04-25-2016 0 5	0	5
How to search duration using two timestamps? Hi, We need to find duration between timestamps and the format looks like below. max_time=1461593558.000 min _time... by splunker9999 Path Finder in Getting Data In 04-25-2016 0 5	0	5
Why can't Splunk index my entire log file? I am trying to index a somewhat long log file (about 38805 bytes according to the tailing processor). This log file c... by chustar Path Finder in Getting Data In 04-25-2016 0 7	0	7
Monitoring directory loaded with LFTP Mirror causes reindexing. How should I solve this? I'm using Splunk 6.3.2 with a simple monitor stanza in inputs.conf that watches all the *.txt files in a particular d... by polfer Explorer in Getting Data In 04-25-2016 0 5	0	5
How to configure a heavy forwarder to filter out the ending string from Windows security event logs? Hello guys I'm trying to drop the end of all Security events: This event is generated when a logon session is creat... by kalianov Path Finder in Getting Data In 04-25-2016 0 5	0	5

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Getting Data In

Microsoft-Windows-PrintService/Operational Logs

What configuration file contains app version numbers so I can propagate version numbers from GitHub to Splunk?

We would like to use a Linux search head with a Windows indexer cluster. Is there documentation on cross OS platforms compatibility?

Windows Universal Forwarder default scripted inputs do not respect "disabled=" parameter.

Split event into multiple events

Why is _time different between apps for the same data in Splunk Cloud?

Running Splunk in Azure (or any cloud environment)

How can I access the logs which are available in a MySQL database on a remote server?

What configuration file do I need to edit on a Windows universal forwarder to exclude performance monitoring?

How to handle SSL certificate verification for REST API calls from a Splunk app/add-on?

Splunk Universal Forwarder and TCP Data: What exactly is Splunk looking for to determine EOF?

Can anyone provide guidance on my plan to configure cold storage in indexes.conf?

How to configure inputs.conf on a Splunk forwarder to only read a file once?

Why does monitoring for a log file keep stopping and getting error "BatchReader - Removed from queue..."?

How to configure file monitoring to make the full content of a file as one event?

How to configure transforms.conf on a heavy forwarder to combine sourcetype and host into one host key?

Why were logs indexed at a time when Splunk was not running on the host?

Should we install universal forwarders at each of our branch locations to forward data directly to Splunk Cloud?

How do we calculate the RAM usage by applications on different servers?

How to configure Splunk to only index data from a database from the last 30 days?

Why does splunk think it can't parse my timestamp

How to search duration using two timestamps?

Why can't Splunk index my entire log file?

Monitoring directory loaded with LFTP Mirror causes reindexing. How should I solve this?

How to configure a heavy forwarder to filter out the ending string from Windows security event logs?

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation