Getting Data In

Discussions

Thread Info

new to splunk - need help with input.conf

i am new to splunk that is already setup on our servers, my manager asked if i can edit the input.conf file so we can...

by Explorer in

Heavy Forwarder Configuration

I am having some issues getting my heavy forwarder to forward events. The configuration I'm trying to achieve is as f...

by Path Finder in

How to set date & time stamps across two lines in xml where time was already picked up

Hi Team Trying to ingest an xml file in the following raw format(extracted portion for sample but each event consi...

by Explorer in

Index data and then forward to another indexer

Hi, we have and indexer that receive data from some Univ. Forwarder. Data are stored on different index (IndexA, Inde...

by Explorer in

Splunk alert unable to trigger .bat file

My Splunk alert unable to trigger any executable file. For instance, I have placed reader.bat file in Splunk scripts ...

by Communicator in

Any way to tell a saved search to run under a certain timezone?

We are running into an issue where we have multiple users across the country; specifically MST. Data resideds on a se...

by Engager in

props.conf and line breaking

I have been experimenting with indexing Nessus plugins. On my laptop where I have a test Splunk instance and scanner,...

by Path Finder in

Can I get Splunk to collect logs from vCenter's ESXi Dump Collector?

My vCenter guys are looking to install the ESXi Dump Collector so that they can store months worth of ESX log and met...

by New Member in

How do I CIM tag DB2 audit logs that are dumped on the filesystem as a text file (not using DB Connect)?

This is actually a question I already the answer for, I just want to use the question/answer style to ensure it compl...

by SplunkTrust in

What is the default value for maxConcurrentOptimizes?

If the parameter maxConcurrentOptimizes is not defined for an index in indexes.conf, will Splunk assign a value for i...

by Explorer in

Is there a way to disable a sourcetype in props.conf to no longer index these events?

Hello, I would like to disable a sourcetype defined in props.conf. I do not want anymore events related to this so...

by Explorer in

How do I configure the ulimit for an indexer?

How to configure the ulimit for an indexer? I want to increase the ulimit of the server.

by Path Finder in

Different values for each minute

Hi, i'm new to splunk and in need for a little help. we can only access an index that was made for our departme...

by Path Finder in

max even forwarding speed when maxKBps is unlimited and useACK is enabled

Out of curiosity, could folks give an estimate as to the maximum sustained throughput they have observed by a forward...

by Path Finder in

Is it possible to use SSH to connect Splunk to a MySQL database?

Hello, I am trying to connect Splunk to a MySQL database, however MYSQL is only listening on localhost. To normall...

by Engager in

How can I configure Splunk to properly index my file in production?

I have a file in production that appears to not be indexed as running a search for index=<name> returns no results. T...

by Path Finder in

What function or command can I use for Splunk to map the latitude and longitude into corresponding timezones?

Hi, Currently in my data, I have latitude and longitude info for all locations around the world. Is there a way or...

by Path Finder in

How to configure Splunk to break events that start with a certain pattern followed by a timestamp?

I have the logs like below pattern. I want to break the events that starts with <94>1and then timestamp <94>1 2016...

by New Member in

How to configure props and transforms.conf to rename a dynamic set of field names at search-time?

Hello! I'm struggling to understand how I can use the transforms.conf stanza's to rename dynamic set of field name...

by Contributor in

How do I fix my host_regex in order to extract the hostname from my log file?

Hello all I am extremely terrible with regex and frankly I am stumped. I am trying to get hostname from the log fi...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

new to splunk - need help with input.conf

Heavy Forwarder Configuration

How to set date & time stamps across two lines in xml where time was already picked up

Index data and then forward to another indexer

Splunk alert unable to trigger .bat file

Any way to tell a saved search to run under a certain timezone?

props.conf and line breaking

Can I get Splunk to collect logs from vCenter's ESXi Dump Collector?

How do I CIM tag DB2 audit logs that are dumped on the filesystem as a text file (not using DB Connect)?

What is the default value for maxConcurrentOptimizes?

Is there a way to disable a sourcetype in props.conf to no longer index these events?

How do I configure the ulimit for an indexer?

Different values for each minute

max even forwarding speed when maxKBps is unlimited and useACK is enabled

Is it possible to use SSH to connect Splunk to a MySQL database?

How can I configure Splunk to properly index my file in production?

What function or command can I use for Splunk to map the latitude and longitude into corresponding timezones?

How to configure Splunk to break events that start with a certain pattern followed by a timestamp?

How to configure props and transforms.conf to rename a dynamic set of field names at search-time?

How do I fix my host_regex in order to extract the hostname from my log file?

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

.conf23 Registration is Now Open!

transforms.conf has some issues

Linebreak help

Can't uninstall Splunk 9.x on Windows 2022

Splunk Add on for Microsoft Azure Secure Score

Receiving error that “could not load lookup xxx” w...