Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
raby1996

How to find the time difference between values in the same field

Hi all, I have a field that i am calling "code_load_date" and I am running a stats command that groups them by associ...
by raby1996 Path Finder in Getting Data In 01-25-2016
0 2
0
2
JScordo

Monitor syslog Inputs

I currently have a syslog server forwarding data to our splunk instance. I wanted to know if there were any searches...
by JScordo Path Finder in Getting Data In 01-25-2016
0 1
0
1
thisissplunk

What is the best way to fork events into a new sourcetype that will eventually become the only sourcetype?

Basically, I want to have ONE log file populating TWO sourcetypes at the same time. Identical events in both. Eventua...
by thisissplunk Builder in Getting Data In 01-24-2016
0 1
0
1
Alan_Bradley

How do I tell if a forwarder is down?

How can you differentiate between a forwarder being down and a forwarder not having any data to send ? i.e is there a...
by Alan_Bradley Path Finder in Getting Data In 01-22-2016
5 6
5
6
usd0872

sending WinEventLog://Application to different indexes

I have the following requirement: <ul> <li> send WinEventLog://Application , except for one specific EventCode to one...
by usd0872 Path Finder in Getting Data In 01-22-2016
1 1
1
1
mcrawford44

Active Directory inputs missing SYNC event types after 6.2.1 upgrade?

As the question above states; Since the 6.2.1 update of Splunk, our active directory inputs are no longer gathering ...
by mcrawford44 Communicator in Getting Data In 01-22-2016
2 2
2
2
michael_sleep

Can't seem to figure out wildcards when monitoring files (inputs.conf)

I've been messing about with this for a while now and I can't seem to figure out the rhyme or reason behind how wildc...
by michael_sleep Communicator in Getting Data In 01-22-2016
0 5
0
5
shmoman

ERROR ScriptRunner

Any idea as to what causes this error: 02-19-2014 17:17:01.577 -0500 ERROR ScriptRunner - extern write error: errno=...
by shmoman Engager in Getting Data In 01-22-2016
1 1
1
1
uktechnologyser

Can i tcpout to multiple servers with output.conf file?

Complete newbie to Splunk, have just setup a distributed search structure (1 deployment server, 1 search head, 2 inde...
by uktechnologyser Path Finder in Getting Data In 01-22-2016
0 3
0
3
xrtan

Unable to forward syslogs coming in from UDP:514

Here is my setup on my Heavy Forwarder inputs.conf [udp://:514] sourcetype = syslog connection_host = ip disabled ...
by xrtan Explorer in Getting Data In 01-22-2016
0 5
0
5
shankarananthth

how to view data based on different time zone?

Hi, my splunk log is falling as charlotte time. when people from dubai or London or Denver viewwing the report. Rep...
by shankarananthth Explorer in Getting Data In 01-22-2016
0 3
0
3
tweaktubbie

How to configure props.conf to set specific Datetime-configs on specific sources/sourcetypes from specific hosts?

I have an issue with two servers with WebSphere logs that have an overriding different timezone setting in the jvm. O...
by tweaktubbie Communicator in Getting Data In 01-22-2016
0 2
0
2
msantich

How to troubleshoot error "forwarding to indexer group default-autolb group blocked for N seconds"?

hello We have a Linux server running Splunk forwarder which forwards to one of two heavy forwarders in an autolb co...
by msantich Path Finder in Getting Data In 01-22-2016
0 4
0
4
a212830

Why does my Splunk universal forwarder monitor stop processing files the next day after they roll over?

Hi, I have a Splunk Universal Forwarder running on Windows 2012, monitoring a bunch of files in different folders. ...
by a212830 Champion in Getting Data In 01-21-2016
0 4
0
4
splunk_zen

How to access saved search artifacts from last Monday via REST API?

Let's say Splunk keeps the last job artifacts from an accelerated search which spans the last 7 days. What's the sim...
by splunk_zen Builder in Getting Data In 01-21-2016
0 3
0
3
ChrisWC

Converting local apps into deployment apps, will forwarders start sending data that has already been indexed?

I have a handful of forwarders which have locally-configured apps on them, and I want to start converting those into ...
by ChrisWC New Member in Getting Data In 01-21-2016
0 1
0
1
lycollicott

Is the Splunk 6.3 universal forwarder using 90% of your CPUs?

I'm not sure how long it has been happening, but I began to see it across our UFs today.
by lycollicott Motivator in Getting Data In 01-21-2016
0 18
0
18
tevgey23

Hard limit on whitelist for deployment server

Hello, Is there a hard limit on the number of servers you can have per whitelist class Seems I cant add more then ...
by tevgey23 Explorer in Getting Data In 01-21-2016
2 5
2
5
a212830

My Splunk 6.3.2 universal forwarder is connecting, but why am I seeing "Could not send data to output queue" errors?

Hi, I have a UFW running 6.3.2, and I'm seeing the following in my logs on a regular basis. I'm also being told tha...
by a212830 Champion in Getting Data In 01-21-2016
0 2
0
2
a212830

How to get a license report with sourcetypes and indexes?

Hi, I need a license report for sourcetypes that also shows the relevant index. Is that possible?
by a212830 Champion in Getting Data In 01-21-2016
0 4
0
4
par13

How to set up splunk to listen to syslog messages coming from hp switches and other network appliances using port UDP 514?

I am fairly new with Splunk, and I'm trying to set up Splunk to listen to UDP 514 for syslog messages. Can anyone exp...
by par13 New Member in Getting Data In 01-21-2016
0 3
0
3
Admiral_Marith

Why are we getting error "Forwarding to indexer group primary_indexers blocked for 100 seconds" trying to move a virtual indexer to a physical indexer?

Following the steps in this document: http://docs.splunk.com/Documentation/Splunk/6.2.5/Installation/MigrateaSplunkin...
by Admiral_Marith Explorer in Getting Data In 01-21-2016
0 1
0
1
madan27

Why is the Splunk DB Connect app suddenly not pulling logs into our index?

Hi Splunkers, Suddenly I am not getting logs in to index fetching from database via Splunk DB Connect App. The erro...
by madan27 Explorer in Getting Data In 01-21-2016
0 3
0
3
bharathkumarnec

Why am I seeing duplicate events in Splunk with my current configuration?

Hi All, I am facing a problem with duplicate events in splunk, below is my configuration: props.conf: [source::......
by bharathkumarnec Contributor in Getting Data In 01-21-2016
0 6
0
6
michael_lee

Why am I unable to send events to a syslog server with my current heavy forwarder configuration?

Background I tried to configure sending events to a syslog server. Here is my configurations outputs.conf [syslog:m...
by michael_lee Path Finder in Getting Data In 01-21-2016
0 1
0
1
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...