Getting Data In

Discussions

Thread Info

Posting to a receiver using REST API giving "insufficient permission to access this resource" error

We are investigating how to create a Splunk log entry over the REST API via JavaScript. I'm posting the following eve...

by New Member in

Why is my indexer randomly indexing old logs?

I have noticed that at random times my indexer is indexing old data logs from days, and sometimes even months in the ...

by Path Finder in

Pulling logs from devices in my network, how can I create a table showing if and which users are logged in to these devices?

I am pulling logs from the devices in my network and I would like to know if it is possible for Splunk to show on a d...

by Path Finder in

Why are DAT files not being read with my current monitor configurations?

Hi, I have configured an app being pushed from deployment server to a remote Windows host to read DAT files. L...

by Path Finder in

How to deploy a single configuration file, not the whole app from a deployment server?

Instead of deploying the whole app, I want to deploy only one configuration under XXXX application. If I use ./spl...

by Contributor in

How to delete raw data files?

Hi all, We encounter Splunk server running out of disk space issue in past months. I tried to reduce maxTotalData...

by Communicator in

What is F5 data and how do we identify this on a heavy forwarder?

My head is going to blow up. What is f5 data, how to identify this on a Splunk heavy forwarder and make sure the heav...

by Path Finder in

Does anyone have a working example of coldtofrozenscript.py?

Does anyone have a working coldtofrozenscript.py script I can see? I'm looking at the coldToFrozenExample.py provided...

by Contributor in

How do load-balanced forwarders select receivers?

The Splunk docs for Forwarder load-balancing say that a forwarder randomly chooses between the different available re...

by Explorer in

How do I configure the sourcetype in inputs.conf to index Incapsula Imperva logs in Splunk?

Hello there.. I am integrating Imperva logs into Splunk. I cannot seem to figure out what to set the sourcetype t...

by Builder in

Remove default attribute

I have an environment where I want to use apps like Splunk for Nix, but have the logs go to different indexes. Spl...

by Path Finder in

How do I compare field names?

p.123.label - hostname 1 p.123.status - status of the server 1 p.234.label - hostname 2 p.234.status - status of t...

by Explorer in

Different sourcetypes for different syslog hosts?

Scenario: Multiple hosts send syslog data to the Splunk server on UDP port 514I want to be able to parse each host...

by Engager in

Why is CSV data not getting parsed while being monitored on server with a universal forwarder?

We have a remote server where some CSVs are stored and the directory set to be monitored by Splunk. Now, if I upload ...

by Communicator in

Will Splunk Mint Express for Xamarin iOS be updated to support Xamarin's new Unified API?

Will Splunk MINT Express for Xamarin iOS be updated to support Xamarin's new Unified API? Is there already a beta som...

by Engager in

Firewall checkpoint for windows 8

Is it possible to index Check Point firewall logs in Splunk for windows?

by Path Finder in

What is the best practice for parsing custom multiline logs?

Dear Splunk experts, I am working on parsing multiline custom application logs where log represents multiple lines...

by Path Finder in

How can I further troubleshoot why I am unable to send data from a forwarder to receiver?

I have installed a universal forwarder in one laptop and Splunk Enterprise in other laptop in my home. Both are conne...

by Explorer in

How can I troubleshoot why suddenly 8 of 10 subfolders with proxy logs have stopped being indexed?

I've been sending proxy logs to the FTP server and from there I installed an universal forwarder to send the logs to ...

by Contributor in

How to use Splunk to monitor if a new file was added to a folder?

As of today, is there a way to simply monitor a folder for new files created on it? Right now, I am monitoring a f...

by Explorer in

DBConnect V2 indexing timestamp

I have DBConnect V2 running on SPlunk 6.3.1 and it was working fine until the new year. All records were indexing cor...

by Explorer in

How to set up and add CISCO L3 switches to Splunk ?

Hi, I'm very new to Splunk. My manager gave me a task how to add CISCO L3 switches to Splunk. My manager said the...

by New Member in

Why is our [httpserver] maxThreads limit parameter in server.conf not being applied?

We were receiving errors similar to this message due to running out of http rest connections on some of our Splunk in...

by Path Finder in

How to use a lookup with wildcard based fields to search for matching field combinations?

Hi all. My scenario is: 1) lookup table with fields 3 fields msgId,msg,critical SHK5*,*BLABLABLA*,yes 2)...

by Explorer in

Logging Aggregation for Checkpoint Firewalls Logs

I am going slightly over my license limit from time to time because of the Checkpoint firewall logs. Is there a way t...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Posting to a receiver using REST API giving "insufficient permission to access this resource" error

Why is my indexer randomly indexing old logs?

Pulling logs from devices in my network, how can I create a table showing if and which users are logged in to these devices?

Why are DAT files not being read with my current monitor configurations?

How to deploy a single configuration file, not the whole app from a deployment server?

How to delete raw data files?

What is F5 data and how do we identify this on a heavy forwarder?

Does anyone have a working example of coldtofrozenscript.py?

How do load-balanced forwarders select receivers?

How do I configure the sourcetype in inputs.conf to index Incapsula Imperva logs in Splunk?

Remove default attribute

How do I compare field names?

Different sourcetypes for different syslog hosts?

Why is CSV data not getting parsed while being monitored on server with a universal forwarder?

Will Splunk Mint Express for Xamarin iOS be updated to support Xamarin's new Unified API?

Firewall checkpoint for windows 8

What is the best practice for parsing custom multiline logs?

How can I further troubleshoot why I am unable to send data from a forwarder to receiver?

How can I troubleshoot why suddenly 8 of 10 subfolders with proxy logs have stopped being indexed?

How to use Splunk to monitor if a new file was added to a folder?

DBConnect V2 indexing timestamp

How to set up and add CISCO L3 switches to Splunk ?

Why is our [httpserver] maxThreads limit parameter in server.conf not being applied?

How to use a lookup with wildcard based fields to search for matching field combinations?

Logging Aggregation for Checkpoint Firewalls Logs

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

sc4s app_parsers don't seem to work

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!