Getting Data In

Community Activity

Why are events that are sent to splunktcp://9816 from one Universal Forwarder to another UF going into the main index? Events sent from one Universal Forwarder to another UF are going directly into the main index, even after I have spec... by srinathd Contributor in Getting Data In 04-14-2016 0 7	0	7
How to troubleshoot why a data input script inside an app is not running? Hi I have a script that I want to put inside the appName/bin dir inside a specific app. Previously, the script was... by joao_amorim Communicator in Getting Data In 04-14-2016 0 3	0	3
Splunk Forwarder Windows Installation Fails with Error Code 1625 === Verbose logging started: 4/4/2016 8:59:13 Build type: SHIP UNICODE 5.00.9600.00 Calling process: C:\Windows\sy... by akira_splunk Splunk Employee in Getting Data In 04-13-2016 0 1	0	1
Script to automate uploading diags to box.com I wrote a script that will create a diag and upload it to a folder on box.com. I have a copy of this script in my NFS... by jgarland_gap Engager in Getting Data In 04-13-2016 0 2	0	2
Is it possible to add HttpEventCollectorTraceListener in .NET config file? I am going off the question here: https://answers.splunk.com/answers/312914/httpeventcollectortracelistener-doesnt-fl... by mdufrasne Explorer in Getting Data In 04-13-2016 0 11	0	11
How to configure a forwarder to listen on tcp/udp for syslog for Splunk Light cloud service? Hey, I'm new to Splunk, so I may be missing something... However, I can't seem to configure a forwarder to listen ... by sperschall New Member in Getting Data In 04-13-2016 0 5	0	5
If compressing tsidx files in frozen archives, is it possible to ressurect frozen data without uncompressing? In the sample cold to frozen script $SPLUNK_HOME/bin/compressedExport.sh.example, Splunk's tsidx files are gzipped du... by hulahoop Splunk Employee in Getting Data In 04-13-2016 1 3	1	3
How do I configure a universal forwarder to send data to the Splunk Cloud free trial? Hi, I recently started using the Splunk Cloud free trial. I installed a universal forwarder locally and authorized i... by sakarunanitk Explorer in Getting Data In 04-13-2016 0 13	0	13
On a Splunk 6.4.x system -- Unable to see remote inputs from Settings / Data Inputs / .. get 404 NOT found I have run into this issue a couple of times, where an end user is unable to access the remote inputs on e.g. remote... by dgrubb_splunk Splunk Employee in Getting Data In 04-13-2016 0 1	0	1
I don't want to monitor or forward the Apache log files to Splunk server anymore. Is there any solution to stop it or delete it? sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/apache2 -index main -sourcetype Apache2 I don't want to m... by splunkfly New Member in Getting Data In 04-13-2016 0 2	0	2
Why is Splunk line breaking a single IDS Alert event into two events? Splunk is breaking ids single event into two events, such as: 4/11/16 2:42:46.152 PM 04/11-14:42:46.152985 00:05:00... by dmenon Explorer in Getting Data In 04-13-2016 0 7	0	7
How to configure Syslog-ng to receive Cisco switch log files into destination file /var/logs/cisco_switch.log I'm able to get the Cisco switch log files from switch IP address to my machine, but how do I use and configure Syslo... by splunkfly New Member in Getting Data In 04-13-2016 0 2	0	2
Upgrading a Splunk 5.0.5 Heavy Forwarder to a 6.x Universal Forwarder, how do we prevent reindexing of all events during migration? Migrating from a Splunk 5.0.5 Heavy Forwarder to 6.x Universal Forwarder, we want to take over current checkpoints to... by rbal_splunk Splunk Employee in Getting Data In 04-13-2016 0 1	0	1
How to configure outputs.conf on a forwarder to route logs to different sets of indexers? We have single server where we installed a Splunk forwarder and we want to configure outputs.conf such a way that cer... by ajayvvs New Member in Getting Data In 04-13-2016 0 1	0	1
Upgrading a univeral forwarder to a heavy weight forwarder I need to upgrade a forwarder from a universal to a heavy weight one. Now I could just blow away my instance and star... by TONYBYERS Path Finder in Getting Data In 04-13-2016 1 4	1	4
How to extract JSON data based on a specific value, and why Splunk reordering my JSON data generated from a script at index-time? Hello everybody, I have JSON data that I generate from a Python script. It looks like this: { "leaderboard": [ ... by Arismore Explorer in Getting Data In 04-13-2016 0 3	0	3
How do I figure out why custom conf files are not being imported? I am in the process of moving my indexer to a new server, and in the process, I thought it would be a good idea to co... by seanbarbour New Member in Getting Data In 04-12-2016 0 5	0	5
How to ingest more than 1000 events using the monitor setting from the WUI Hello all, My question is that I have a cvs file that is being updated every hour or so lets say its called test.csv... by raby1996 Path Finder in Getting Data In 04-12-2016 0 1	0	1
How to edit my configuration to collect Windows event logs with a universal forwarder to send to a syslog collector? Yes, this question has been asked a hundred times. I have looked at all of the examples, but my grasp of the differen... by oliverj Communicator in Getting Data In 04-12-2016 0 5	0	5
How to troubleshoot why a universal forwarder is forwarding duplicate events for monitored CSV files? We are processing CSV files to index in Splunk, but the Splunk forwarder is always forwarding files twice. Can you pl... by dhavamanis Builder in Getting Data In 04-12-2016 0 2	0	2
Why am I getting "Login failed" trying to add a Splunk universal forwarder? I am using Splunk Enterprise (Amazon Market Place AMI) I have added Forwarding receiving port 9997 Installed universa... by sureshsala Explorer in Getting Data In 04-12-2016 0 1	0	1
Where Is Timezone Offset Information on Universal Forwarder? Trying to determine why some of my forwarders sending in data from Windows virtual desktop instances are having their... by stevepraz Path Finder in Getting Data In 04-12-2016 0 3	0	3
Scripted Input and not working well with linux "Find" Command Hi Guys, Am i not sure if anyone has a solution for this. But I am not able to get any output when i run the linux fi... by samaikins New Member in Getting Data In 04-12-2016 0 2	0	2
Why am I unable to disable a Deployment Client using a "splunk" user account? Hello Guys, I have installed a Splunk Universal Forwarder in my environment and set the deployment server. I also ha... by splunk_kk Path Finder in Getting Data In 04-11-2016 0 2	0	2
about Splunk Backend? Hello, I have several questions about splunk's backend to which I was unable to find a clear answer : 1) What is Sp... by 4Name Explorer in Getting Data In 04-11-2016 1 3	1	3

Get Updates on the Splunk Community!

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS) We Want Your Feedback on Admin Config Service ...

Getting Data In

Why are events that are sent to splunktcp://9816 from one Universal Forwarder to another UF going into the main index?

How to troubleshoot why a data input script inside an app is not running?

Splunk Forwarder Windows Installation Fails with Error Code 1625

Script to automate uploading diags to box.com

Is it possible to add HttpEventCollectorTraceListener in .NET config file?

How to configure a forwarder to listen on tcp/udp for syslog for Splunk Light cloud service?

If compressing tsidx files in frozen archives, is it possible to ressurect frozen data without uncompressing?

How do I configure a universal forwarder to send data to the Splunk Cloud free trial?

On a Splunk 6.4.x system -- Unable to see remote inputs from Settings / Data Inputs / .. get 404 NOT found

I don't want to monitor or forward the Apache log files to Splunk server anymore. Is there any solution to stop it or delete it?

Why is Splunk line breaking a single IDS Alert event into two events?

How to configure Syslog-ng to receive Cisco switch log files into destination file /var/logs/cisco_switch.log

Upgrading a Splunk 5.0.5 Heavy Forwarder to a 6.x Universal Forwarder, how do we prevent reindexing of all events during migration?

How to configure outputs.conf on a forwarder to route logs to different sets of indexers?

Upgrading a univeral forwarder to a heavy weight forwarder

How to extract JSON data based on a specific value, and why Splunk reordering my JSON data generated from a script at index-time?

How do I figure out why custom conf files are not being imported?

How to ingest more than 1000 events using the monitor setting from the WUI

How to edit my configuration to collect Windows event logs with a universal forwarder to send to a syslog collector?

How to troubleshoot why a universal forwarder is forwarding duplicate events for monitored CSV files?

Why am I getting "Login failed" trying to add a Splunk universal forwarder?

Where Is Timezone Offset Information on Universal Forwarder?

Scripted Input and not working well with linux "Find" Command

Why am I unable to disable a Deployment Client using a "splunk" user account?

about Splunk Backend?

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation