Getting Data In

Community Activity

How to troubleshoot why a universal forwarder is forwarding duplicate events for monitored CSV files? We are processing CSV files to index in Splunk, but the Splunk forwarder is always forwarding files twice. Can you pl... by dhavamanis Builder in Getting Data In 04-12-2016 0 2	0	2
Why am I getting "Login failed" trying to add a Splunk universal forwarder? I am using Splunk Enterprise (Amazon Market Place AMI) I have added Forwarding receiving port 9997 Installed universa... by sureshsala Explorer in Getting Data In 04-12-2016 0 1	0	1
Where Is Timezone Offset Information on Universal Forwarder? Trying to determine why some of my forwarders sending in data from Windows virtual desktop instances are having their... by stevepraz Path Finder in Getting Data In 04-12-2016 0 3	0	3
Scripted Input and not working well with linux "Find" Command Hi Guys, Am i not sure if anyone has a solution for this. But I am not able to get any output when i run the linux fi... by samaikins New Member in Getting Data In 04-12-2016 0 2	0	2
Why am I unable to disable a Deployment Client using a "splunk" user account? Hello Guys, I have installed a Splunk Universal Forwarder in my environment and set the deployment server. I also ha... by splunk_kk Path Finder in Getting Data In 04-11-2016 0 2	0	2
about Splunk Backend? Hello, I have several questions about splunk's backend to which I was unable to find a clear answer : 1) What is Sp... by 4Name Explorer in Getting Data In 04-11-2016 1 3	1	3
How to use a Splunk forwarder directory name (segment) as an event tag? Hello! I was wondering how to use a directory name (segment) as an event tag. For example: C:\bin\code\python\test_... by lsparrow New Member in Getting Data In 04-11-2016 0 1	0	1
TcpOutputProc - Cooked connection to ip=timed out Im getting below error on my heavy forwarder logs, 6 indexers are connect that HF , 4 indexers are working fine. Only... by brod_geico Path Finder in Getting Data In 04-11-2016 0 3	0	3
Why is my sourcetype configuration in props.conf not being used for the sourcetype defined by transforms.conf? Hey there, We have a distributed Splunk environment... so, we have universal forwarders sending data to a heavy for... by michael_sleep Communicator in Getting Data In 04-11-2016 0 1	0	1
How to use strptime for a time field in the format hhmm? In my new data set, the time comes in the format 1652 as it relates to 4:52pm. However, when it is before 1AM it come... by svercelli Path Finder in Getting Data In 04-11-2016 0 1	0	1
Is there a process I can use with Splunk Light to pull audit logs on how, who, when, and where directories are being created on our file share servers? Is there a process I can use with Splunk to pull audit logs on how, who, when, and where directories are being create... by pnv2254 New Member in Getting Data In 04-11-2016 0 2	0	2
Do we need to install Splunk Light in both Windows and Linux to forward data from remote hosts? Hi, I have installed Splunk light in Windows and in Linux server also. I have installed a universal forwarder in the... by Monica7 New Member in Getting Data In 04-11-2016 0 1	0	1
How to configure Splunk Light for receiving data from a Universal Forwarder? I have Splunk Light on Windows and the Universal Forwarder on Raspberry. According to docs, I need to create a server... by andig2 Engager in Getting Data In 04-11-2016 0 2	0	2
How to collect Windows event logs without installing a universal forwarder? Hi All, I need to collect the logs from a Windows machine into Splunk without installing any agent (universal forwar... by kpavan Path Finder in Getting Data In 04-11-2016 0 5	0	5
Getting configuration for forwarder “I am working with a customer who is a licensed and valid support contract holder with Splunk. They are currently run... by trflesher Explorer in Getting Data In 04-11-2016 0 13	0	13
How to configure Splunk Windows Event logs through command line? Is it even possible to configure Windows Event Logs through command line? PS C:\Program Files\SplunkUniversalForwar... by dlogvinenko Engager in Getting Data In 04-11-2016 0 1	0	1
How to filter events from a file BEFORE it gets to Splunk index Hi I would like to find out how I can "strip out" events from a input file before they reach the splunk indexer. I... by itsomana Path Finder in Getting Data In 04-09-2016 3 6	3	6
How to modify CSV raw event data before fields extraction stage of INDEXED_EXTRACTIONS=CSV Hello, I am using FIELD_DELIMITER=; and am working on data that use commas instead of decimals. I want to use a SED ... by Maite35 Explorer in Getting Data In 04-09-2016 1 11	1	11
Universal Forwarder has not removed itself from the DMC I have had a host go down in aws that was not recoverable a few weeks ago and the universal forwarder is still showin... by Brolly75 New Member in Getting Data In 04-09-2016 0 1	0	1
Why is my universal forwarder on Windows server 2012 R2 not collecting log files with my attempted configurations? I have a monitor that that isn't working. I turned debug on in log.cfg, and the Universal Forwarder reports no match ... by lisaac Path Finder in Getting Data In 04-08-2016 0 1	0	1
After importing a CSV file in Splunk Light, why is event data displaying in the format "\x002\x00/\x001\x003\..."? Hey, I am a total Splunk Noob. I am trying out Splunk Light. I can successfully import a file, but I cannot get sp... by belljar1 New Member in Getting Data In 04-08-2016 0 4	0	4
Theres is a limit by source on index? I have an index "main" and several sources associated with this index. The size limit of the index has been reach (15... by henrym22 New Member in Getting Data In 04-08-2016 0 4	0	4
Multiple time zones in props.conf Hi, If I have multiple matching TZ references in my props.conf on my indexer which one does it use? Is it just the o... by JeremyHagan Communicator in Getting Data In 04-07-2016 0 2	0	2
How to monitor files, subdirectory, and file size, but not the file content itself on Windows? Hi, Splunk FSchange is deprecated. Is there another way to replicate information of what fschange does? I wan to sh... by steadph New Member in Getting Data In 04-07-2016 0 2	0	2
Splunk reindexing files when using remote shared filesystem Hi, I've mounted some NFS and nfs locally to Splunk some files I want to monitor remotely. Problem is files are con... by abonuccelli_spl Splunk Employee in Getting Data In 04-07-2016 0 2	0	2

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

Getting Data In

How to troubleshoot why a universal forwarder is forwarding duplicate events for monitored CSV files?

Why am I getting "Login failed" trying to add a Splunk universal forwarder?

Where Is Timezone Offset Information on Universal Forwarder?

Scripted Input and not working well with linux "Find" Command

Why am I unable to disable a Deployment Client using a "splunk" user account?

about Splunk Backend?

How to use a Splunk forwarder directory name (segment) as an event tag?

TcpOutputProc - Cooked connection to ip=timed out

Why is my sourcetype configuration in props.conf not being used for the sourcetype defined by transforms.conf?

How to use strptime for a time field in the format hhmm?

Is there a process I can use with Splunk Light to pull audit logs on how, who, when, and where directories are being created on our file share servers?

Do we need to install Splunk Light in both Windows and Linux to forward data from remote hosts?

How to configure Splunk Light for receiving data from a Universal Forwarder?

How to collect Windows event logs without installing a universal forwarder?

Getting configuration for forwarder

How to configure Splunk Windows Event logs through command line?

How to filter events from a file BEFORE it gets to Splunk index

How to modify CSV raw event data before fields extraction stage of INDEXED_EXTRACTIONS=CSV

Universal Forwarder has not removed itself from the DMC

Why is my universal forwarder on Windows server 2012 R2 not collecting log files with my attempted configurations?

After importing a CSV file in Splunk Light, why is event data displaying in the format "\x002\x00/\x001\x003\..."?

Theres is a limit by source on index?

Multiple time zones in props.conf

How to monitor files, subdirectory, and file size, but not the file content itself on Windows?

Splunk reindexing files when using remote shared filesystem

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SC4S postfilter not dropping Fortigate east-west t...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation