Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
JKnightSplunk

What is the best practice for configuring a Splunk Forwarder 5.0.3 for custom fields to be appended to the source?

Hi all, I'm looking to add some custom fields to the Splunk Forwarder, but am struggling to find the a way of achiev...
by JKnightSplunk Engager in Getting Data In 02-25-2016
0 3
0
3
sbattista09

How to remove and prevent error "minimum free disk space (5000MB) reached for /var/run/splunk/dispatch" on my heavy forwarder?

I keep getting the "minimum free disk space (5000MB) reached for /var/run/splunk/dispatch" on one of my heavy forward...
by sbattista09 Contributor in Getting Data In 02-25-2016
0 2
0
2
Abilan1

Is there a way to delete data on an indexer from Splunk Web to free up disk space?

Hi , We are about to reach the maximum size of the disk on our Indexer server. Please suggest if there is any way to...
by Abilan1 Path Finder in Getting Data In 02-25-2016
0 7
0
7
mahesh_ravji1

How to route data to certain indexes based on host, sourcetype, and index?

Hi. I have a requirement to route events to index based on the fields host, sourcetype, and index. Field host form...
by mahesh_ravji1 Explorer in Getting Data In 02-25-2016
1 5
1
5
hastrike

How do I set up a Splunk forwarder to monitor and forward log files within a certain path?

We are wanting to modify our Splunk forwarders on workstations to look at other log files and I am curious how to go ...
by hastrike New Member in Getting Data In 02-25-2016
0 10
0
10
arbabnazar

Can I enable SSL for a universal forwarder (public IP), but not for a local universal forwarder (private IP)?

Hi, Can I enable the SSL for the universal forwarder that will access it through the public ip, but not the forwarde...
by arbabnazar New Member in Getting Data In 02-24-2016
0 1
0
1
mataharry

Why is the monit process sometimes restarting

I have Linux servers with Splunk, and the process monit to check my processed. But sometimes I see an issue where mo...
by mataharry Communicator in Getting Data In 02-24-2016
2 2
2
2
apro

Total number of indexed volume per day

Hi, Currently I have a splunk server receiving logs from few servers. I will like to do a search that is scheduled ...
by apro Path Finder in Getting Data In 02-24-2016
0 7
0
7
JdeFalconr

If an identical input is specified in inputs.conf for multiple apps on a universal forwarder, will this result in duplicate data?

If an input is specified identically in the inputs.conf file of multiple apps running on a Universal forwarder, will ...
by JdeFalconr Explorer in Getting Data In 02-24-2016
0 2
0
2
splunkn

How to filter Windows Security events by changing inputs conf

I have made the following changes in my inputs.conf. However no luck Could anyone help me with this? [WinEventLog:S...
by splunkn Communicator in Getting Data In 02-24-2016
0 5
0
5
Hung_Nguyen

How to use inputlookup to filter

Hi, I have multiple queries that I use to do daily report on errors in our production Splunk. I would like to filte...
by Hung_Nguyen Path Finder in Getting Data In 02-24-2016
0 7
0
7
dsmc_adv

Does Splunk process events before sending to nullqueue?

We have configured a default null queue to discard all events that we don't want to allow to be indexed without autho...
by dsmc_adv Path Finder in Getting Data In 02-24-2016
0 3
0
3
avisram

What are recommended specs for a virtual host for our multisite sandbox environment?

Hi there, I've been tasked with building a Splunk Enterprise 6.3 multisite virtual environment sandbox. The environ...
by avisram Path Finder in Getting Data In 02-24-2016
0 3
0
3
hettervik

Why am I missing metrics.log data from some of my forwarders/hosts?

Hi folks! I've made a search that returns all hosts that sends events of some kind to indexer, but does not send int...
by hettervik Builder in Getting Data In 02-24-2016
0 7
0
7
thezero

How to drop _internal logs received from universal forwarders on a heavy forwarder?

Hi Team, We need to drop _internal logs forwarded by universal forwarders as _internal logs are consuming most of th...
by thezero Path Finder in Getting Data In 02-24-2016
0 4
0
4
Hajime

What is the precedence for "SEDCMD" attribute?

I think the precedence for "SEDCMD" attribute within single stanza is ASCII order. For example props.conf: [foo] SE...
by Hajime Path Finder in Getting Data In 02-23-2016
0 4
0
4
dwin02

How do we monitor Disk I/O in Splunk?

Hi Splunk Support, When activating the Performance Monitoring in inputs.conf, I was able to send free disk space to ...
by dwin02 Explorer in Getting Data In 02-23-2016
0 3
0
3
earakam

Why is CPU on the universal forwarder not used most of the time and we see error "Could not send data to output queue (parsing queue), retrying...."?

Hi, I was monitoring Universal Forwarder's CPU usage with the environment below, and I put 13GB sized file on Unive...
by earakam Path Finder in Getting Data In 02-23-2016
0 4
0
4
k2skaterii

How to configure a heavy forwarder to filter events based on the hostname found in IIS logs?

I have not yet started ingesting IIS logs from my systems. The systems have roughly 2 years of logs stored on them, ...
by k2skaterii Path Finder in Getting Data In 02-23-2016
0 2
0
2
darknetone

How to find the path for an unknown data source that is sending data to Splunk?

How can I tell where data is coming from? I have inherited an old Splunk 5.0.1 Enterprise Infrastructure. I can see d...
by darknetone Explorer in Getting Data In 02-23-2016
0 1
0
1
ben_leung

Indexed data twice! Suggestions to remove data from being searched?

Lets say we have forwarded events that are exactly the same and show in Splunk as duplicates. Running a | dedup _raw ...
by ben_leung Builder in Getting Data In 02-23-2016
0 2
0
2
gauravmishra15

Is there a way to validate the URI for HTTP Event Collector?

I am trying to leverage Powershell to POST the event in form of JSON. The Invoke-WebRequest does not work well. Is th...
by gauravmishra15 Path Finder in Getting Data In 02-23-2016
0 2
0
2
isha_rastogi

Why do I see the default log files, but not the monitored log files being forwarded to indexers?

I am forwarding the data from forwarder to indexer. I am able to see the default log files that forwarder forwards to...
by isha_rastogi Path Finder in Getting Data In 02-23-2016
0 1
0
1
daniel_augustyn

Filter out logs using props.conf and transfors.conf

I am pulling logs from the firewalls via scripts on a heavy forwarder (via scrips from the app for Checkpoint). How t...
by daniel_augustyn Contributor in Getting Data In 02-22-2016
0 7
0
7
TonyLeeVT

Blacklist/ignore files by size

When monitoring a directory for files (using inputs.conf) is it possible to blacklist or ignore files over a certain ...
by TonyLeeVT Builder in Getting Data In 02-22-2016
0 3
0
3
Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

How Edge Processor's Durable Queue Works

Edge Processor sits in one of the most consequential places in any Splunk pipeline: between your data sources ...
Top Solution Authors
View All