Getting Data In

Community Activity

How to use a Splunk forwarder directory name (segment) as an event tag? Hello! I was wondering how to use a directory name (segment) as an event tag. For example: C:\bin\code\python\test_... by lsparrow New Member in Getting Data In 04-11-2016 0 1	0	1
TcpOutputProc - Cooked connection to ip=timed out Im getting below error on my heavy forwarder logs, 6 indexers are connect that HF , 4 indexers are working fine. Only... by brod_geico Path Finder in Getting Data In 04-11-2016 0 3	0	3
Why is my sourcetype configuration in props.conf not being used for the sourcetype defined by transforms.conf? Hey there, We have a distributed Splunk environment... so, we have universal forwarders sending data to a heavy for... by michael_sleep Communicator in Getting Data In 04-11-2016 0 1	0	1
How to use strptime for a time field in the format hhmm? In my new data set, the time comes in the format 1652 as it relates to 4:52pm. However, when it is before 1AM it come... by svercelli Path Finder in Getting Data In 04-11-2016 0 1	0	1
Is there a process I can use with Splunk Light to pull audit logs on how, who, when, and where directories are being created on our file share servers? Is there a process I can use with Splunk to pull audit logs on how, who, when, and where directories are being create... by pnv2254 New Member in Getting Data In 04-11-2016 0 2	0	2
Do we need to install Splunk Light in both Windows and Linux to forward data from remote hosts? Hi, I have installed Splunk light in Windows and in Linux server also. I have installed a universal forwarder in the... by Monica7 New Member in Getting Data In 04-11-2016 0 1	0	1
How to configure Splunk Light for receiving data from a Universal Forwarder? I have Splunk Light on Windows and the Universal Forwarder on Raspberry. According to docs, I need to create a server... by andig2 Engager in Getting Data In 04-11-2016 0 2	0	2
How to collect Windows event logs without installing a universal forwarder? Hi All, I need to collect the logs from a Windows machine into Splunk without installing any agent (universal forwar... by kpavan Path Finder in Getting Data In 04-11-2016 0 5	0	5
Getting configuration for forwarder “I am working with a customer who is a licensed and valid support contract holder with Splunk. They are currently run... by trflesher Explorer in Getting Data In 04-11-2016 0 13	0	13
How to configure Splunk Windows Event logs through command line? Is it even possible to configure Windows Event Logs through command line? PS C:\Program Files\SplunkUniversalForwar... by dlogvinenko Engager in Getting Data In 04-11-2016 0 1	0	1
How to filter events from a file BEFORE it gets to Splunk index Hi I would like to find out how I can "strip out" events from a input file before they reach the splunk indexer. I... by itsomana Path Finder in Getting Data In 04-09-2016 3 6	3	6
How to modify CSV raw event data before fields extraction stage of INDEXED_EXTRACTIONS=CSV Hello, I am using FIELD_DELIMITER=; and am working on data that use commas instead of decimals. I want to use a SED ... by Maite35 Explorer in Getting Data In 04-09-2016 1 11	1	11
Universal Forwarder has not removed itself from the DMC I have had a host go down in aws that was not recoverable a few weeks ago and the universal forwarder is still showin... by Brolly75 New Member in Getting Data In 04-09-2016 0 1	0	1
Why is my universal forwarder on Windows server 2012 R2 not collecting log files with my attempted configurations? I have a monitor that that isn't working. I turned debug on in log.cfg, and the Universal Forwarder reports no match ... by lisaac Path Finder in Getting Data In 04-08-2016 0 1	0	1
After importing a CSV file in Splunk Light, why is event data displaying in the format "\x002\x00/\x001\x003\..."? Hey, I am a total Splunk Noob. I am trying out Splunk Light. I can successfully import a file, but I cannot get sp... by belljar1 New Member in Getting Data In 04-08-2016 0 4	0	4
Theres is a limit by source on index? I have an index "main" and several sources associated with this index. The size limit of the index has been reach (15... by henrym22 New Member in Getting Data In 04-08-2016 0 4	0	4
Multiple time zones in props.conf Hi, If I have multiple matching TZ references in my props.conf on my indexer which one does it use? Is it just the o... by JeremyHagan Communicator in Getting Data In 04-07-2016 0 2	0	2
How to monitor files, subdirectory, and file size, but not the file content itself on Windows? Hi, Splunk FSchange is deprecated. Is there another way to replicate information of what fschange does? I wan to sh... by steadph New Member in Getting Data In 04-07-2016 0 2	0	2
Splunk reindexing files when using remote shared filesystem Hi, I've mounted some NFS and nfs locally to Splunk some files I want to monitor remotely. Problem is files are con... by abonuccelli_spl Splunk Employee in Getting Data In 04-07-2016 0 2	0	2
Getting a "TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf." error. Here is my outputs.conf : [tcpout] server=myserver.com:9997 Not sure, why we are receiving this error when we have... by a548506 Path Finder in Getting Data In 04-07-2016 0 3	0	3
After installing a universal forwarder on Ubuntu 14.04 LTS, why am I getting an error trying to accept the license? I have installed the forwarder in /opt/splunkforwarder and run the splunk start command. I get the license to read/... by DaveyMeth Engager in Getting Data In 04-07-2016 1 4	1	4
How to configure Splunk to monitor all Cisco switches, routers, and firewalls in our network? I'm new to the Splunk tool. I heard very good feedback about Splunk and I want to implement in our company. I want to... by splunkfly New Member in Getting Data In 04-07-2016 0 2	0	2
How to upgrade 15 Solaris hosts from Splunk 4.1.3 to 6.4.0 universal forwarders? As unix support staff drafted to be an inexperienced Splunk support staffer, I hope I can appeal to someone who knows... by sysadm43 New Member in Getting Data In 04-07-2016 0 3	0	3
How to disable a search peer via the CLI or REST API call? Hi Splunkers, Is there a way to disable a search peer via the CLI or an API call? Specifically, I would like to s... by tsunamii Path Finder in Getting Data In 04-07-2016 0 1	0	1
Should Splunk be barking back at this type of time stamp string? 2016/04/07T10:04:02.113[+0000] ? I can't tell if it meets the ISO standard. Hello Splunkers, I have a timestamp below that does not seem to want to get recognized / converted properly by Splun... by dmacgillivray Communicator in Getting Data In 04-07-2016 0 2	0	2

Get Updates on the Splunk Community!

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS) We Want Your Feedback on Admin Config Service ...

Getting Data In

How to use a Splunk forwarder directory name (segment) as an event tag?

TcpOutputProc - Cooked connection to ip=timed out

Why is my sourcetype configuration in props.conf not being used for the sourcetype defined by transforms.conf?

How to use strptime for a time field in the format hhmm?

Is there a process I can use with Splunk Light to pull audit logs on how, who, when, and where directories are being created on our file share servers?

Do we need to install Splunk Light in both Windows and Linux to forward data from remote hosts?

How to configure Splunk Light for receiving data from a Universal Forwarder?

How to collect Windows event logs without installing a universal forwarder?

Getting configuration for forwarder

How to configure Splunk Windows Event logs through command line?

How to filter events from a file BEFORE it gets to Splunk index

How to modify CSV raw event data before fields extraction stage of INDEXED_EXTRACTIONS=CSV

Universal Forwarder has not removed itself from the DMC

Why is my universal forwarder on Windows server 2012 R2 not collecting log files with my attempted configurations?

After importing a CSV file in Splunk Light, why is event data displaying in the format "\x002\x00/\x001\x003\..."?

Theres is a limit by source on index?

Multiple time zones in props.conf

How to monitor files, subdirectory, and file size, but not the file content itself on Windows?

Splunk reindexing files when using remote shared filesystem

Getting a "TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf." error.

After installing a universal forwarder on Ubuntu 14.04 LTS, why am I getting an error trying to accept the license?

How to configure Splunk to monitor all Cisco switches, routers, and firewalls in our network?

How to upgrade 15 Solaris hosts from Splunk 4.1.3 to 6.4.0 universal forwarders?

How to disable a search peer via the CLI or REST API call?

Should Splunk be barking back at this type of time stamp string? 2016/04/07T10:04:02.113[+0000] ? I can't tell if it meets the ISO standard.

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation