Getting Data In

Ask a Question

Discussions

Thread Info

Where does forwarded data exist if the index mentioned in my inputs.conf monitor stanza was not created?

Hello Everyone, I have created an inputs.conf file for deploying an app in host machine to forward data. [moni...

by Path Finder in

If I have 2 identical inputs.conf monitor stanzas except for the target indexes, will data be received in both indexes or only the first?

Hello, I just had a quick question about the inputs.conf file in the Splunk Universal Forwarders. Let's say, I ...

by Path Finder in

How does one fix the multiple Forwarders with same GUID issue on Windows boxes?

Everyone, Here is my situation. I set up one Windows box with a Universal Forwarder, V6.3. This one forwarder was ...

by Builder in

running a script for creating a report

hi, We have scheduled scripts. I don't want to create a scheduled script but run the script on demand. i.e. run th...

by Path Finder in

Time format in email alert

Search AAA||rename _time as UpTime |fieldformat UpTime=strftime(UpTime, "%D %H:%M:%S") |Table UpTime Info It works...

by Explorer in

How to configure props.conf and transforms.conf to only whitelist events that start with a timestamp and have a LogLevel?

Hi We have a very volatile log source which we today control by sending unwanted events to the nullQueue. This is ...

by Path Finder in

2 node cluster master reporting single peer to search head when there are 2 indexers

Have 2 node Indexer cluster with a separate cluster master instance and separate SH instance, however when the SH is ...

by Engager in

How to use transforms.conf to assign a custom index and sourcetype?

I am currently trying, unsuccessfully, to assign a custom sourcetype and index from within a local/transforms.conf fi...

by Path Finder in

Why am I unable to start Splunk Light on Windows 7?

Just downloaded and installed Splunk-light. (Windows 7 Enterprise SP1) I tried to start it, but I only get a browser ...

by New Member in

How to automatically upload CSV files to Splunk monthly?

Hello, I would like to upload automatically CSV files in monthly manner. Data should be normally indexed and go t...

by Path Finder in

I can't find EventCodeDescription from Windows logs

I just loaded Splunk 6.2.3 and am forwarding event log events from my laptop running Windows 7. Everything looks OK e...

by Builder in

Why do my indexers in my indexer clustering environment have a different number of buckets?

I just deployed Splunk in an indexer cluster deployment, and I've noticed that my indexers have a different number of...

by Contributor in

How to configure Splunk to monitor Border Network Gateway (BNG) accounting traffic?

Hello Everyone, Actually, I don't know if this question is actually valid to be asked here or not. So, I'm going t...

by Communicator in

How do I integrate Jira and Splunk to monitor Jira logs?

Hello, I have some tools. Let's say in this case I want to use Jira and and use Splunk to monitor its logs. How...

by New Member in

DNSLOOKUP for a Destination Host, only the Source Host is working.

I am apparently doing something wrong with the Destination Host dnslookup, it shows the Source Host instead. Any idea...

by Path Finder in

How to remove information from forwarded data?

Hello everyone, This is my topology: Splunk Forwarder (with local copy of data) -----> Main Splunk The forwa...

by Communicator in

Store an API Key encrypted

I'm trying to create a setup.xml for my app that takes in an API key as an input from the user. I have it working for...

by Builder in

Why is per-event sourcetype override not working with my current props.conf and transforms.conf configuration?

Hello fellow Splunkers, this is my first post here! I am trying to configure per-event source type overriding. I h...

by Explorer in

How to create props.conf and transforms.conf to change the fields name of a CEF event

Hi everyone, I'm receiving logs in arcsight format, for example: <131>Oct 8 12:06:49 servename ASM:CEF:0|F5|...

by Communicator in

Splunk Light Free + Universal Forwarder: How to fix my configurations to monitor input paths with wildcards and assign proper sourcetypes?

Hello guys. I am new to Splunk. Let me introduce my problem. I have installed Splunk Light Free on the server (ba...

by New Member in

Why is a monitored file behaving like a batch file on a Splunk 6.2.1 Universal forwarder?

I have a monitored file input for a .tsv file that gets updated via a SQL query every hour. However, the data is only...

by Explorer in

How can you get a complete list of all files with the path Splunk is monitoring/ingesting?

I'm trying to get a list of all files with the path that Splunk is currently monitoring. Google and searches here hav...

by New Member in

Why does data stop getting indexed for a monitored file when Splunk is restarted, and how do I fix this?

I am attempting to monitor a file that is fairly large and on a UNC file share. It appears that the file only indexes...

by Communicator in

How do I troubleshoot why indexing performance is slow?

Operating System: Oracle Linux 3.8.13-55.1.5, 64 bit 2 CPUs, total of 40 cores, 128 gb memory, 1 GB network, 6 300 GB...

by Explorer in

Integrating Splunk data in Talend

Greetings. We have data in Splunk, and related data in Oracle. We are looking to integrate the two using Talend. Has ...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Where does forwarded data exist if the index mentioned in my inputs.conf monitor stanza was not created?

If I have 2 identical inputs.conf monitor stanzas except for the target indexes, will data be received in both indexes or only the first?

How does one fix the multiple Forwarders with same GUID issue on Windows boxes?

running a script for creating a report

Time format in email alert

How to configure props.conf and transforms.conf to only whitelist events that start with a timestamp and have a LogLevel?

2 node cluster master reporting single peer to search head when there are 2 indexers

How to use transforms.conf to assign a custom index and sourcetype?

Why am I unable to start Splunk Light on Windows 7?

How to automatically upload CSV files to Splunk monthly?

I can't find EventCodeDescription from Windows logs

Why do my indexers in my indexer clustering environment have a different number of buckets?

How to configure Splunk to monitor Border Network Gateway (BNG) accounting traffic?

How do I integrate Jira and Splunk to monitor Jira logs?

DNSLOOKUP for a Destination Host, only the Source Host is working.

How to remove information from forwarded data?

Store an API Key encrypted

Why is per-event sourcetype override not working with my current props.conf and transforms.conf configuration?

How to create props.conf and transforms.conf to change the fields name of a CEF event

Splunk Light Free + Universal Forwarder: How to fix my configurations to monitor input paths with wildcards and assign proper sourcetypes?

Why is a monitored file behaving like a batch file on a Splunk 6.2.1 Universal forwarder?

How can you get a complete list of all files with the path Splunk is monitoring/ingesting?

Why does data stop getting indexed for a monitored file when Splunk is restarted, and how do I fix this?

How do I troubleshoot why indexing performance is slow?

Integrating Splunk data in Talend

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Mimecast App to get Archive logs

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout