Getting Data In

Community Activity

Why is my inputs.conf monitor stanza with multiple wildcards not picking up anything? I'm trying to index all the files marked with a [Y] in the directory structure below. [Y] - /tmp/test.log [Y] - /tmp... by splunkok New Member in Getting Data In 02-20-2016 0 9	0	9
How to filter out all WinEventLog:Security messages except those containing the word "delete"? Hey guys. I want to exclude all messages from WinEventLog:Security except those containing the word "delete"(for del... by Shark2112 Communicator in Getting Data In 02-20-2016 0 5	0	5
How to monitor HD free space on servers? Do I have to have the Splunk forwarder loaded on every server, or is there a way to send that info to a syslog server... by jbleich Path Finder in Getting Data In 02-19-2016 0 2	0	2
How to get all system logs like CPU, disk, and memory from a Splunk forwarder machine? Hi, I want to get all system logs, like CPU, Disk, Memory and other system logs, from machine where my Splunk forwar... by ashokapex Explorer in Getting Data In 02-19-2016 0 3	0	3
How to extract data from a CSV file with multiple lines, but the timestamp on a different line?? Hi, My log has a timestamp and a CSV rows. Eg. given 2 records. Sun Feb 14 07:01:05 EST 2016 customer_name,cust_... by anasar New Member in Getting Data In 02-19-2016 0 1	0	1
Why am I not able to exclude events from getting indexed with my current props and transforms.conf? Not able to exclude events from indexing on Splunk Enterprise Free version. Can anyone help me out here? Sample data... by sameera123 Explorer in Getting Data In 02-19-2016 0 2	0	2
How to route data from forwarders to separate indexes based on the source field when data is coming from single TCP port? I have log data from multiple sources coming into a single TCP port in JSON format as below: <01>- hostname {"name":... by bkumarm Contributor in Getting Data In 02-19-2016 0 1	0	1
How to create or update KV Store via REST endpoints? Hello, I want to fill my KVStore with information from a script. The script adds data via a REST Endpoint to the KVS... by hypePG Path Finder in Getting Data In 02-19-2016 0 3	0	3
What is the best architecture for a huge amount of syslog data ? Hi splunkers, I'm think about the best architecture for a huge amount of syslog data. At first, I used rsyslog in rh... by sunrise Contributor in Getting Data In 02-18-2016 0 4	0	4
forwarder monitor a log file but only get "splunk-cooked-mode-v3"? Hi All, I installed a splunk server and 4 splunk forwarder, and add monitor for an always updating file. But I can... by frnkhng Engager in Getting Data In 02-18-2016 0 5	0	5
Need to hard code host reported by Universal Forwarder Hello, We are currently in the process of moving some of our hosts from Solaris to Windows. These hosts are part of... by kollerj Explorer in Getting Data In 02-18-2016 0 11	0	11
Can you have a wildcard in a props.conf stanza header when matching sourcetypes? I have some settings that I want to apply to several sourcetypes with similar names. Can I do something like this in ... by erga00 Path Finder in Getting Data In 02-18-2016 2 6	2	6
How to set and configure the sourcetype to format events written to Splunk's HTTP event collector? I'm having issues when writing events to Splunk's HTTP event collector. We have a good amount of existing queries tha... by nickcromwell87 Explorer in Getting Data In 02-18-2016 0 8	0	8
How to properly use summary indexing for sensor data in a large-scale deployment? This is more of a question about the "right" way of doing things versus what is possible. I want to know if there is... by rjthibod Champion in Getting Data In 02-18-2016 0 6	0	6
How many log sources can be received and forwarded from a universal forwarder? Hi users, Probably a bit silly question, but because I've never seen that setup in any of Google searches, I have th... by evang_26 Communicator in Getting Data In 02-18-2016 0 4	0	4
Why do the results exported to CSV not match total number of events? Hi , I have a search without any statistic/transformation command like index=abc earliest=-7d. I am getting followin... by lohitkidu Path Finder in Getting Data In 02-18-2016 0 2	0	2
Retention Issue: Why is data getting rolled to frozen before hitting the frozenTimePeriodInSecs setting? Hello, we are currently having some issues with an index. Basically we have configured the following in the related i... by arber Communicator in Getting Data In 02-18-2016 1 5	1	5
How to delete logs in a tsidx index? Hi at all, I installed Splunk App for BlueCoat. I loaded some test data and now I have to delete them before loading... by gcusello SplunkTrust in Getting Data In 02-18-2016 0 5	0	5
After modifying the timezone in props.conf, why has the _time field not changed? I've got a variety of customers sending data in to our Splunk indexer. One particular customer has all of their serve... by hagjos43 Contributor in Getting Data In 02-18-2016 0 7	0	7
Why is forwardedindex in outputs.conf not working on my Windows universal forwarder? I have a universal forwarder running on a Windows Server 2008 R2 server. .../etc/system/local/inputs.conf is monitori... by PhilipShaunTayl New Member in Getting Data In 02-17-2016 0 1	0	1
After configuring an automatic lookup in props.conf, why is this now taking precedence over another stanza with the same sourcetype? Hello all, Hoping someone could help clarify and hopefully help figure out an issue I've run into. I created an aut... by ronaldsc New Member in Getting Data In 02-17-2016 0 4	0	4
Is it possible to rsync an indexer's colddb while the indexer is still running the Splunk service? Is it possible to rsync an indexer's colddb which resides on an NFS export from that network location to another netw... by jodros Builder in Getting Data In 02-17-2016 0 2	0	2
Why is my Distributed Management Console trying to push a bundle to a newly added search peer which happens to be a standalone indexer? I have a single Distributed Management Console which I have monitoring separated regional indexers like so.... I h... by lycollicott Motivator in Getting Data In 02-17-2016 0 1	0	1
What is the equivilant method of Input lookup using Splunk 6.3 SDK Javascript API Hi , I am creating a new dashboard in html and javascript , I have not downloaded the Splunk 6.3 SDK JavaScript yet... by theoborrero Explorer in Getting Data In 02-17-2016 0 4	0	4
How to configure props.conf to parse XML on NetScan reports? Hey Friends I'm having a lot of issues importing an XML file to my Splunk Enterprise. Actually, I'm a new user to Sp... by madrinux Engager in Getting Data In 02-17-2016 0 2	0	2

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

Getting Data In

Why is my inputs.conf monitor stanza with multiple wildcards not picking up anything?

How to filter out all WinEventLog:Security messages except those containing the word "delete"?

How to monitor HD free space on servers?

How to get all system logs like CPU, disk, and memory from a Splunk forwarder machine?

How to extract data from a CSV file with multiple lines, but the timestamp on a different line??

Why am I not able to exclude events from getting indexed with my current props and transforms.conf?

How to route data from forwarders to separate indexes based on the source field when data is coming from single TCP port?

How to create or update KV Store via REST endpoints?

What is the best architecture for a huge amount of syslog data ?

forwarder monitor a log file but only get "splunk-cooked-mode-v3"?

Need to hard code host reported by Universal Forwarder

Can you have a wildcard in a props.conf stanza header when matching sourcetypes?

How to set and configure the sourcetype to format events written to Splunk's HTTP event collector?

How to properly use summary indexing for sensor data in a large-scale deployment?

How many log sources can be received and forwarded from a universal forwarder?

Why do the results exported to CSV not match total number of events?

Retention Issue: Why is data getting rolled to frozen before hitting the frozenTimePeriodInSecs setting?

How to delete logs in a tsidx index?

After modifying the timezone in props.conf, why has the _time field not changed?

Why is forwardedindex in outputs.conf not working on my Windows universal forwarder?

After configuring an automatic lookup in props.conf, why is this now taking precedence over another stanza with the same sourcetype?

Is it possible to rsync an indexer's colddb while the indexer is still running the Splunk service?

Why is my Distributed Management Console trying to push a bundle to a newly added search peer which happens to be a standalone indexer?

What is the equivilant method of Input lookup using Splunk 6.3 SDK Javascript API

How to configure props.conf to parse XML on NetScan reports?

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

SC4S postfilter not dropping Fortigate east-west t...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation