Getting Data In

Community Activity

ERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf. Team, In one of the Unix servers where SplunkForwarder is running, I have the below log in the splunkd.log file. Our... by suman_july07 New Member in Getting Data In 04-06-2016 0 2	0	2
How do I get hosts (universal forwarders) show on the Splunk Light home page? I have Splunk Light installed and set up on my server. I have the receiving port set. On the client I want Splunk Lig... by bmalone New Member in Getting Data In 04-06-2016 0 1	0	1
What is this 'Learned' file under apps? I was just poking around to find out why my data had this strange sourcetype history-y2016-m06-d-10, and when I went ... by nce054 Path Finder in Getting Data In 04-06-2016 0 3	0	3
Why am I getting "Invalid key in stanza _server_app_APPNAME_ABC_CDE" with udp listener? I have a similar, but not the same inconsistency issue with inputs.conf on distributed setup. I have udp listener on... by strangelaw Explorer in Getting Data In 04-05-2016 0 5	0	5
How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer? Hi guys! How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer? I need to coll... by jfeitosa Path Finder in Getting Data In 04-05-2016 0 2	0	2
Can I override two keys in one transforms stanza? My current situation is that a bunch of files are all being dumped into one directory for the forwarder to monitor a... by lyndac Contributor in Getting Data In 04-05-2016 0 4	0	4
Can I forward some logs from Splunk Light Free to a third party syslog server? Can Splunk Light Free forward some logs to a third party server? Ex. I have Splunk Light free monitoring some log fi... by DotTest37 Path Finder in Getting Data In 04-05-2016 0 2	0	2
tarAndChecksum error for deployed app inputs.conf Hi, I'm trying to send configuration through an app to one of my the universal forwarders. The app consists of an in... by andrewdidone Path Finder in Getting Data In 04-05-2016 2 5	2	5
Distributed Search Environment: Do accelerated data models reside on the indexer or search head? I have an app with an accelerated data model. The data model is defined in a JSON file while the acceleration is enab... by helge Builder in Getting Data In 04-05-2016 2 4	2	4
How can i change the permissions of dynamically created Tags through REST API ? Searched for answers, but couldn't figure it out. The closest answer was: how-to-change-sharing-and-permissions-for-a... by kartik13 Communicator in Getting Data In 04-05-2016 0 8	0	8
How to get a default value and assign all values to "All" in a drop-down from a CSV file input? Hi, I am getting 2 issues when I am creating a dashboard. I have 2 multiselect drop-downs. If I select a value fro... by Laya123 Communicator in Getting Data In 04-05-2016 0 6	0	6
How to configure outputs.conf on an OSSEC server to forward logs to a Splunk indexer? I am trying to get a forwarder using the outputs.conf file on an ossec server to forward the logs to a splunk server.... by kkingsland Engager in Getting Data In 04-05-2016 1 2	1	2
When I uploaded a document, I am getting the error "Parameter name: Path must be absolute". What could be the reason? by vijaymythili New Member in Getting Data In 04-05-2016 0 7	0	7
Indexer Tuning Best Practices: How to decide which apps or add-ons are not needed? I want to clean up the indexers and remove unnecessary Apps that could be using up unnecessary CPU and memory. I have... by hartfoml Motivator in Getting Data In 04-04-2016 0 1	0	1
I am using third party forwarding from Splunk to QRadar but the events are not being displayed correctly. How can I correct this? My Splunk setup is a UF sending to an indexer. That indexer is then forwarding everything to QRadar. When I look at t... by DerekB Splunk Employee in Getting Data In 04-04-2016 4 7	4	7
How to link fields with different names across sources? I have two types of transactions, one coming from a mobile app when a push notification is sent, looks approx like th... by bnash_splunk Splunk Employee in Getting Data In 04-04-2016 1 7	1	7
Best possible way to to create sourcetypes - Server role, place and config file? Forgive me if this has been answered before but my googling has failed me - I have a forwarder that batches log file... by thisissplunk Builder in Getting Data In 04-04-2016 0 4	0	4
Why is LINE_BREAKER not always separating? I have a log that starts each event by a new line starting with a timestamp followed by a space and pipe, like the fo... by meburbo New Member in Getting Data In 04-04-2016 0 3	0	3
Splunk Add-on for Microsoft Azure We are looking at using the new splunk add-on for Microsoft azure, but am not sure if can cover all our requirements.... by peppco New Member in Getting Data In 04-04-2016 0 1	0	1
I created a new index, but why am I not able to access it via REST API to post data to the new index? I created a new index called perftestresults and I am able to see it when I search using the below Splunk command, bu... by sh0stat_25 Engager in Getting Data In 04-04-2016 0 10	0	10
How to control how much data is sent from a forwarder to be indexed? We have allowed specific type of data, but someone changed the debug level and allowed events to increase from 50 to ... by anantadeshpande New Member in Getting Data In 04-04-2016 0 1	0	1
sourcetype isn't parsing DHCP data correctlyon indexer but does when I manually add on search head I am attempting to parse windows DHCP data, for those who aren't familiar with the format, the logs have a descriptio... by rusty009 Path Finder in Getting Data In 04-04-2016 0 2	0	2
How did logs from a heavy forwarder get indexed when Splunk was not running? Splunk was running on a heavy forwarder during the time period 00:00 to 00:20. Related logs also have been found in s... by Madhan45 Path Finder in Getting Data In 04-04-2016 0 3	0	3
Is it the forwarder or indexer that unzips monitored zip files? I understand that Splunk first uncompresses the monitored zip files and only then indexes them. Where does the uncomp... by reggie_123 Explorer in Getting Data In 04-03-2016 0 2	0	2
How to append in a csv file only records which are unique from a certain point of time? Hi, I need to append in a csv file only records which are unique from a certain date/time. The aim is to have only ... by skender27 Contributor in Getting Data In 04-02-2016 0 2	0	2

Get Updates on the Splunk Community!

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Developer Spotlight with Mika Borner

From Hackathon Winner to Enterprise Leader Mika Borner, CEO and Founder of Datapunctum AG, has been ...

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...

Getting Data In

ERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf.

How do I get hosts (universal forwarders) show on the Splunk Light home page?

What is this 'Learned' file under apps?

Why am I getting "Invalid key in stanza _server_app_APPNAME_ABC_CDE" with udp listener?

How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer?

Can I override two keys in one transforms stanza?

Can I forward some logs from Splunk Light Free to a third party syslog server?

tarAndChecksum error for deployed app inputs.conf

Distributed Search Environment: Do accelerated data models reside on the indexer or search head?

How can i change the permissions of dynamically created Tags through REST API ?

How to get a default value and assign all values to "All" in a drop-down from a CSV file input?

How to configure outputs.conf on an OSSEC server to forward logs to a Splunk indexer?

When I uploaded a document, I am getting the error "Parameter name: Path must be absolute". What could be the reason?

Indexer Tuning Best Practices: How to decide which apps or add-ons are not needed?

I am using third party forwarding from Splunk to QRadar but the events are not being displayed correctly. How can I correct this?

How to link fields with different names across sources?

Best possible way to to create sourcetypes - Server role, place and config file?

Why is LINE_BREAKER not always separating?

Splunk Add-on for Microsoft Azure

I created a new index, but why am I not able to access it via REST API to post data to the new index?

How to control how much data is sent from a forwarder to be indexed?

sourcetype isn't parsing DHCP data correctlyon indexer but does when I manually add on search head

How did logs from a heavy forwarder get indexed when Splunk was not running?

Is it the forwarder or indexer that unzips monitored zip files?

How to append in a csv file only records which are unique from a certain point of time?

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Developer Spotlight with Mika Borner

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

CiscoSecurityCloud TA 3.6.7 -eStreamer ingestion f...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

Getting Data In

Join the Conversation