Getting Data In

Community Activity

What is the best practice for indexing real-time data from IBM Toshiba 4690 POS system data into Splunk? What is the best practice for capturing real-time data from IBM Toshiba 4690 POS systems in Splunk? by GentleBen187 New Member in Getting Data In 03-02-2016 0 1	0	1
upload data directly from a http stream of feeds Hi there, I would like to know if there is an option to upload data directly from a http stream of feeds. Example: ... by okcerto New Member in Getting Data In 03-02-2016 0 5	0	5
If I have multiple applications sending logs to Splunk, what is the best practice for splitting data by application? If I'm running multiple applications, say we have a mobile application, a web application, and some back end services... by davidsaadeh New Member in Getting Data In 03-02-2016 0 1	0	1
Are there any native APIs to retrieve [domain info] in Splunk? I have tried creating a workflow to query domain information using Whois.net (as described in the documentation), how... by packet_hunter Contributor in Getting Data In 03-02-2016 0 2	0	2
what format should timestamp be in for starttime? Regarding starttime from the docs starttime starttime=<timestamp> Search from the specified date and time to the p... by HattrickNZ Motivator in Getting Data In 03-02-2016 0 3	0	3
How to map a sourcetype based on the values in the event? Hi, I have some nicely defined logfiles, with all key-value pair entries. We'd like to create dynamic sourcetypes, ... by a212830 Champion in Getting Data In 03-02-2016 0 2	0	2
Why is Indexer Discovery on a Splunk 6.3.3 universal forwarder failing with http_response=Unauthorized? We followed the documentation as specified, but when we configure the universal forwarders as specified we get the er... by joshuabiggley Path Finder in Getting Data In 03-02-2016 0 1	0	1
What is the proper way to remove forwarders and all data associated with their index in an indexer clustering environment? We're wondering what is the proper way to remove a list of forwarders from a cluster and all the data associated with... by ddrillic Ultra Champion in Getting Data In 03-02-2016 0 2	0	2
Monitoring Windows Updates from Splunk Hello, Is there a way to monitor windows updates from Splunk? I have a VBScript that queries a remote machine for u... by kholleran Communicator in Getting Data In 03-02-2016 1 6	1	6
How to troubleshoot why inputs.conf from a deployed app is not properly applied to a Universal Forwarder (Win7)? Hi, At the moment I am testing Splunk at work. So far, I only have a single Splunk Enterprise instance (acting as de... by jacortijo Explorer in Getting Data In 03-01-2016 1 1	1	1
How to configure a universal forwarder to add multiple fields to events being forwarded via _meta? We're trying to find a way to have the universal forwarder send data to the indexer essentially pre-marked with a sma... by vinceskahan Path Finder in Getting Data In 03-01-2016 2 4	2	4
How to implement tagging on a universal forwarder to categorize data so we can filter our searches? I'm totally lost trying to decipher the impossibly dense abstract documentation here. I need to do something that I... by vinceskahan Path Finder in Getting Data In 03-01-2016 0 5	0	5
How will Splunk respond if a cold database path is not present when data is going to be rolled from warm to cold? hi folks, We have an issue with our cold database filesystem and the estimate to bring it back is around 10 days. S... by koshyk Super Champion in Getting Data In 03-01-2016 0 3	0	3
How to enable deployment server functionality on a universal forwarder? Hi, Could anyone please tell me that what is needed on the universal forwarder side to enable deployment server func... by sunnyparmar Communicator in Getting Data In 03-01-2016 0 1	0	1
Why am I getting indexer error "EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX-\x00\x00j\x00fre"? I have the following error message appearing every ~3 seconds. My searches have not yielded anyone who has this issue... by LewisWheeler Communicator in Getting Data In 03-01-2016 1 5	1	5
Hostname in file monitoring of syslog Hi, I have Splunk monitoring a Kiwi log files of syslog data. The problem I am having is the the source of the data... by nlspears01 Engager in Getting Data In 02-29-2016 1 10	1	10
How to install Splunk forwarders on AWS EC2 instances? I have Splunk Enterprise on an AWS EC2 Server, and need to install forwarders on two other EC2 Instances. Can someon... by hcipartners Engager in Getting Data In 02-29-2016 1 2	1	2
Can Splunk do filtering based on the index name rather than source or sourcetype? We have a condition where we need to filter out data based on the byte count in the log. We have collapsed the source... by babcolee Path Finder in Getting Data In 02-29-2016 0 4	0	4
How to deploy a Splunk environment to monitor switches, routers, and database servers within our local area network? Hi, I would like to know the environment to install in case I use Splunk Enterprise (Trial version). I just want to ... by Nesrinepfe Path Finder in Getting Data In 02-29-2016 0 2	0	2
What is a good way to compare all the VMs in a VMware vSphere with all of the universal forwarders I have installed? First off, let me say that we do not have plans to purchase the VMware app. I would like to be able to identify any ... by lycollicott Motivator in Getting Data In 02-29-2016 0 1	0	1
When blacklisting by index name in outputs.conf, what is the variable 'n' in "forwardedindex.n.blacklist = IndexName"? I see a lot of documentation for black listing by index name in outputs.conf, but I am a bit confused as to the varia... by sbattista09 Contributor in Getting Data In 02-29-2016 0 5	0	5
How to set earliest and latest for the time range in a dashboard from the earliest and latest event timestamps? I've read through a number of answers, but none quite gives what I want. I have daily tests that run and my dashboa... by bowesmana SplunkTrust in Getting Data In 02-29-2016 0 4	0	4
Is it expected behavior for Hunk to delete files as they age from the dispatch directory used for MapReduce? We are using Hunk with MapR. There is a dispatch directory that Hunk uses for the reduce of the map reduce. /mapr/tmp... by splunkIT Splunk Employee in Getting Data In 02-26-2016 0 3	0	3
Does an intermediate forwarder need to be a heavy forwarder, or can a universal forwarder be used? I am interested in forwarding syslog and Windows events from a DMZ to Indexers which reside inside our network. We a... by adamblock2 Path Finder in Getting Data In 02-26-2016 0 4	0	4
How do you group field values based upon user, and then filter users that have only one type of value? Each user can have two values of type: movement and check-in. There are some users that only have movement and never... by kellihall New Member in Getting Data In 02-26-2016 0 1	0	1

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

Getting Data In

What is the best practice for indexing real-time data from IBM Toshiba 4690 POS system data into Splunk?

upload data directly from a http stream of feeds

If I have multiple applications sending logs to Splunk, what is the best practice for splitting data by application?

Are there any native APIs to retrieve [domain info] in Splunk?

what format should timestamp be in for starttime?

How to map a sourcetype based on the values in the event?

Why is Indexer Discovery on a Splunk 6.3.3 universal forwarder failing with http_response=Unauthorized?

What is the proper way to remove forwarders and all data associated with their index in an indexer clustering environment?

Monitoring Windows Updates from Splunk

How to troubleshoot why inputs.conf from a deployed app is not properly applied to a Universal Forwarder (Win7)?

How to configure a universal forwarder to add multiple fields to events being forwarded via _meta?

How to implement tagging on a universal forwarder to categorize data so we can filter our searches?

How will Splunk respond if a cold database path is not present when data is going to be rolled from warm to cold?

How to enable deployment server functionality on a universal forwarder?

Why am I getting indexer error "EAIOutParameters - invalid entry title in toAtom(): INDEXER_MISSING_INDEX-\x00\x00j\x00fre"?

Hostname in file monitoring of syslog

How to install Splunk forwarders on AWS EC2 instances?

Can Splunk do filtering based on the index name rather than source or sourcetype?

How to deploy a Splunk environment to monitor switches, routers, and database servers within our local area network?

What is a good way to compare all the VMs in a VMware vSphere with all of the universal forwarders I have installed?

When blacklisting by index name in outputs.conf, what is the variable 'n' in "forwardedindex.n.blacklist = IndexName"?

How to set earliest and latest for the time range in a dashboard from the earliest and latest event timestamps?

Is it expected behavior for Hunk to delete files as they age from the dispatch directory used for MapReduce?

Does an intermediate forwarder need to be a heavy forwarder, or can a universal forwarder be used?

How do you group field values based upon user, and then filter users that have only one type of value?

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation