Getting Data In

Thread Info

Why is splunk/_internaldb/db suddenly indexing high volumes of internal logs in our environment (8-10GB per day)?

Hello Team, splunk/_internaldb/db is indexing high volumes of internal logs in our environment (8-10GB per day). ...

by Path Finder in

Convert Epoch using Props.conf

I have events that are coming in with no timestamp except for a field "event_sec" which gives me the time in epoch fo...

by Path Finder in

serverclass.conf blacklist not working

I'm transitioning my hosts from one set of indexers in Seattle to another set in Atlanta, in between, a heavy forward...

by Communicator in

Is this the correct stanza and location to monitor specific files on a *nix server with a universal forwarder?

I am trying to have my universal forwarder monitor a specific file or sets of files on a *nix server: Would this be t...

by Path Finder in

Trying to set up a distributed management console on the master node of my indexer cluster, why am I getting "duplicate instance name"?

Hi Splunkers! I'm about to set up a Distributed Management Console on my Master node of my indexer cluster. Unfor...

by Motivator in

How to set up Splunk to monitor logs and configure distributed search across 4 different development environments (Dev > Tst > Stg > Prod) in AWS

We have four AWS accounts to host different development environments: Dev -> Tst -> Stg -> Prod Requirements: We w...

by New Member in

How to create a Non Administrative User Account to run universal forwarders to forward Windows security logs?

Hi All, I need to install a Universal forwarder in our environment, but due to strict policies, we cannot give the...

by Path Finder in

Inputs.conf Settings for IAS Logs Takes 100% CPU

I've been pulling my hair out on this one for weeks and I'm finally to the point where I need a sanity check. I'm ...

by Explorer in

Validate third party ssl splunk2splunk communication

Hi splunkers I've configured 3rd party ssl between indexer and h.f. indexer 9997 open for tcp, 9996 for ssl. I've ...

by Motivator in

Matching Windows path in props.conf

I'm trying to set up the Splunk for A10 Networks app. It expects syslog data on UDP port 514. My data is coll...

by Explorer in

Is it possible to monitor a file in a directory with a wildcard in the path?

Hello fellow splunkers! I'm about to set up an universal forwarder monitoring a specific path on a server. On this...

by Motivator in

Is it possible to create a batch data input via the REST API?

I maintain an app with a data input wizard, under the hood of which is a custom controller that can list and create n...

by SplunkTrust in

Universal Forwarder folder path monitor

What stanza do i set in the Universal Forwarder to send data to the indexers from a folder path? I want to send outp...

by Contributor in

line_breaker help

I'm struggling getting my data to break to events. A REST call gives me a csv in a long straight line, without any ch...

by Communicator in

Huge disk space discrepancy on indexers in cluster

Some background: So we are having some problems in our environment, we have a cluster of indexers and some of the ...

by Explorer in

Why did setting "maxDataSize = auto_high_volume" for an index delete all events older than a year?

I originally had this in my indexes.conf file: [myindex] homePath = $SPLUNK_DB/myindex/db coldPath = $SPLUNK_DB/my...

by Communicator in

How to find the time difference between values in the same field

Hi all, I have a field that i am calling "code_load_date" and I am running a stats command that groups them by associ...

by Path Finder in

Monitor syslog Inputs

I currently have a syslog server forwarding data to our splunk instance. I wanted to know if there were any searches ...

by Path Finder in

What is the best way to fork events into a new sourcetype that will eventually become the only sourcetype?

Basically, I want to have ONE log file populating TWO sourcetypes at the same time. Identical events in both. Eventua...

by Builder in

How do I tell if a forwarder is down?

How can you differentiate between a forwarder being down and a forwarder not having any data to send ? i.e is there a...

by Path Finder in

sending WinEventLog://Application to different indexes

I have the following requirement: <ul> <li> send WinEventLog://Application , except for one specific EventCode to one...

by Path Finder in

Active Directory inputs missing SYNC event types after 6.2.1 upgrade?

As the question above states; Since the 6.2.1 update of Splunk, our active directory inputs are no longer gatherin...

by Communicator in

Can't seem to figure out wildcards when monitoring files (inputs.conf)

I've been messing about with this for a while now and I can't seem to figure out the rhyme or reason behind how wildc...

by Communicator in

ERROR ScriptRunner

Any idea as to what causes this error: 02-19-2014 17:17:01.577 -0500 ERROR ScriptRunner - extern write error: errn...

by Engager in

Can i tcpout to multiple servers with output.conf file?

Complete newbie to Splunk, have just setup a distributed search structure (1 deployment server, 1 search head, 2 inde...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why is splunk/_internaldb/db suddenly indexing high volumes of internal logs in our environment (8-10GB per day)?

Convert Epoch using Props.conf

serverclass.conf blacklist not working

Is this the correct stanza and location to monitor specific files on a *nix server with a universal forwarder?

Trying to set up a distributed management console on the master node of my indexer cluster, why am I getting "duplicate instance name"?

How to set up Splunk to monitor logs and configure distributed search across 4 different development environments (Dev > Tst > Stg > Prod) in AWS

How to create a Non Administrative User Account to run universal forwarders to forward Windows security logs?

Inputs.conf Settings for IAS Logs Takes 100% CPU

Validate third party ssl splunk2splunk communication

Matching Windows path in props.conf

Is it possible to monitor a file in a directory with a wildcard in the path?

Is it possible to create a batch data input via the REST API?

Universal Forwarder folder path monitor

line_breaker help

Huge disk space discrepancy on indexers in cluster

Why did setting "maxDataSize = auto_high_volume" for an index delete all events older than a year?

How to find the time difference between values in the same field

Monitor syslog Inputs

What is the best way to fork events into a new sourcetype that will eventually become the only sourcetype?

How do I tell if a forwarder is down?

sending WinEventLog://Application to different indexes

Active Directory inputs missing SYNC event types after 6.2.1 upgrade?

Can't seem to figure out wildcards when monitoring files (inputs.conf)

ERROR ScriptRunner

Can i tcpout to multiple servers with output.conf file?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions