Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to forward only specific Windows eventlogs via Splunk Universal forwarder

I need to monitor only logs with Event code = 5410,6913. How can i setup this in forwarder ? please suggest some help

by Contributor in

500 Internal Server Error

Hello all, Once a week it seems, I get the following error which requires a reboot, after which it works for a few...

by Path Finder in

Adjust timezone for epoch style timestamp

I have some log data that uses timestamps in an epoch-like format, but the issue is that they are logged as if it wer...

by Engager in

How can I index Netflow?

I want to be able to search netflow data to find suspicious conversations (i.e. someone opening a connection and clos...

by Splunk Employee in

TCP_ROUTING Sub-folders of monitors fails

Hi, Monitoring subfolders of other monitors while using TCP_ROUTING results in subfolders not being indexed. Do anyon...

by Engager in

Inputs.conf - separate monitors for sub-directories

Seeing if you could help me understand why these settings don’t work as I am expecting them to. I have the two monito...

by Builder in

How to add new logs to monitor on same index but different sourcetype

Hi, I have a forwarder installed on one of our hosts and is currently sending logs to the server, please see cont...

by Explorer in

CSV timestamp extraction issue

I am indexing a simple CSV file local on the spunk server. I am trying to extract the correct time stamp from the CSV...

by New Member in

Splunk csv Export and Scientific Notation

Here is my problem. I have a search that creates a table. The table contains a column called ProductID, a large numer...

by Builder in

Does a forwarder implement load balancing when sending data to non-Splunk destinations?

If a Splunk forwarder is sending information to a non Splunk indexer does the forwarder use the same load balancing l...

by Splunk Employee in

Is it possible to have Splunk kick off a script each time it receives a log from a particular log source?

I have some security devices that are sending logs to my Splunk server. I'd like to have a script on the Splunk serve...

by Engager in

Powershell script is throwing off error message, what does it mean?

I am getting the following error message: 04-21-2010 12:52:07.753 ERROR ExecProcessor - Couldn't start command ""C:\P...

by Splunk Employee in

stats query on JSON data

Hi, I've been struggling with spath attempts for this for a day or two, so reaching out for help! I have the follo...

by New Member in

Json files Fields counting

Hi, how to find the total number of fields in each event in json file in splunk thanks in advance !!

by Contributor in

Reverse-order a DNS at search time

Hi all, In certain search, Splunk returns DNS hostnames, for example: a.monetate.net.akadns.net evsecure-ocsp.veri...

by New Member in

time stamp including day of the week

Splunk is struggling with this log format. any advise on how to get splunk to read the time stamp with day of the wee...

by Path Finder in

date and time in app header

Hello Everyone, Please suggest how to show current date and time in a text box in app header or if we can show it ...

by Builder in

Windows platforms italian language

Hi, I'm beginner about this product and I ask for help. I installed the package "splunkforwarder-6.0.1-189883-x86-rel...

by Engager in

Updating based on column

Hi All, I have a configured a folder to read csv files. My csv files column will be in same format. Consider I hav...

by Path Finder in

On a syslog light fowarder, how to ignore certain junk folders

So I have a syslog fowarder with splunk light fowarder installed. I have a /var/syslog/* monitor statement, and also ...

by Path Finder in

Getting Data In

Discussions

How to forward only specific Windows eventlogs via Splunk Universal forwarder

500 Internal Server Error

Adjust timezone for epoch style timestamp

How can I index Netflow?

TCP_ROUTING Sub-folders of monitors fails

Inputs.conf - separate monitors for sub-directories

How to add new logs to monitor on same index but different sourcetype

CSV timestamp extraction issue

Splunk csv Export and Scientific Notation

Does a forwarder implement load balancing when sending data to non-Splunk destinations?

Is it possible to have Splunk kick off a script each time it receives a log from a particular log source?

Powershell script is throwing off error message, what does it mean?

stats query on JSON data

Json files Fields counting

Reverse-order a DNS at search time

time stamp including day of the week

date and time in app header

Windows platforms italian language

Updating based on column

On a syslog light fowarder, how to ignore certain junk folders

Sourcefile name changes at index time - intermitte...

Troubleshoot the Splunk Add-on for Microsoft Cloud...

Salesforce Add-on - Lost my server and trying to r...

Configure Azure Storage Blob Modular Input for Spl...

syslog