Getting Data In

Community Activity

Can someone explain splunk overview for data forwarding and parsing? Hello Experts, I am new to splunk and learning it. http://docs.splunk.com/Documentation/Splunk/6.2.1/Forwarding/Rout... by chaseto Explorer in Getting Data In 02-01-2016 0 5	0	5
xpath is returning the duplicate values. How do I limit the output to single values? Hi All, Because of existing logs type, XPATH is returning a same value thrice. Is there any way to limit the number... by rishiaggarwal Explorer in Getting Data In 02-01-2016 0 2	0	2
How to configure a universal forwarder on Windows to send data to another Windows system? I already installed the universal forwarder on a Windows system. What I would like to do is get the data into another... by rakeshh123 Path Finder in Getting Data In 02-01-2016 0 2	0	2
How to configure a Splunk universal forwarder and receiver on Windows? Can you please help me in detail with configuring the Splunk universal forwarder and receiver on Windows? I would lik... by Umesh_Vedicsoft Path Finder in Getting Data In 02-01-2016 1 1	1	1
Why are we seeing duplicate headers? (host and timestamp) Splunk adds one header, then one more when forwarding to external logger. SPLUNK entry Jan 29 14:09:01 host.localdo... by jppham New Member in Getting Data In 02-01-2016 0 3	0	3
How to deploy a Splunk Universal Forwarder through GPO and MST setup? I have been trying to push the Splunk Universal Forwarder out to my client systems via GPO. I would like, however, t... by sardinha1 Engager in Getting Data In 02-01-2016 1 2	1	2
how many clients can one deployment server manage? Is there a practical or physical limit to how many clients a single Splunk Deployment Server can handle / manage? by maverick Splunk Employee in Getting Data In 02-01-2016 1 3	1	3
How to join multiple sourcetypes with additional data from a CSV using a common field (userId), then calculate the average for 2 possible fields by userId? Hi, We have 3 sourcetypes with similar data (column names are different e.g. RATE_DOWN in two of them and ACTUAL_DA... by ivanlesk Engager in Getting Data In 02-01-2016 0 2	0	2
Is it possible to configure an app in Splunk to overwrite the hostname in logs sent from a universal forwarder? Hi all, New to Splunk here. I have configured 100 servers to send syslog data. I did this by using puppet to install... by mlhess New Member in Getting Data In 02-01-2016 0 1	0	1
Why am I not seeing any events in Splunk after creating a WinEventLog stanza in inputs.conf? We have an application that imports its events into the Windows Event Log, and I am trying to forward those into Splu... by joshk2005 Explorer in Getting Data In 02-01-2016 0 2	0	2
Splunk as CMDB - initCrcLength set to max creates duplicates Hi, i want to use splunk as GUI for a CMDB. I know, that not the default use case, but splunk exists already and i li... by f1dot4 Explorer in Getting Data In 02-01-2016 1 7	1	7
Does the number of forwarders determine the number of indexers and search heads for our environment? I saw this table when I was researching the correct Hardware requirements for Splunk. I have a total users of 2 for n... by josefa123 Explorer in Getting Data In 01-31-2016 0 4	0	4
How to force Splunk to pull logs that were missed during a lost network connection? I recently had an issue where Splunk lost connectivity with a log server. After the network connectivity was restored... by hohojoe23 New Member in Getting Data In 01-29-2016 0 1	0	1
Why is heavy forwarder repeatedly getting "WARN TcpOutputProc - Forwarding to indexer group default-autolb-group blocked for 600 seconds." We are seeing the following errors on our Heavy Forwarder side: 09-05-2014 13:39:06.483 - 0400 INFO TcpOutputProc - ... by hagjos43 Contributor in Getting Data In 01-29-2016 5 9	5	9
My three searches with outputcsv are working when run manually, but why are results not written to CSV as scheduled searches? We are looking to perform heavy calculations within Splunk from multiple sources. Currently the formula we are workin... by aputz Path Finder in Getting Data In 01-29-2016 0 5	0	5
Can someone possibly suggest a better way to handle snapshot data or tell me how to get more information on buckets? We currently have some data that appears in "snapshot" form. In other words, we get a snapshot of the data every day... by jaredlaney Contributor in Getting Data In 01-29-2016 1 15	1	15
Why are multiple events being merged together as a single event? Hi, I have following logs which are being merged as a single event in Splunk. There are similar events which are co... by lohitkidu Path Finder in Getting Data In 01-29-2016 0 8	0	8
REST rebalance_primaries We're hitting max capacity in one of our (smaller file system) indexers and attempted a bucket rebalance with no luck... by splunk_zen Builder in Getting Data In 01-29-2016 0 8	0	8
How configure SED props.conf on a Heavy Forwarder to make a field CIM compliant? All, My first time messing with data manipulation at the heavy forwarder tier. Specifically looking to CIM a field ... by daniel333 Builder in Getting Data In 01-28-2016 0 5	0	5
Why is must_break_after configuration not working? I have a large (10's of thousands of lines) data stream that runs every 10 minutes and I want it to break after this ... by mjones414 Contributor in Getting Data In 01-28-2016 0 2	0	2
Why is the deployment server reporting missing forwarders after moving an indexer to physical hardware from virtual? Hey gang. This is somewhat urgent. Moved the indexer to a physical box from a virtual. In our situation we use an al... by Admiral_Marith Explorer in Getting Data In 01-28-2016 0 1	0	1
How to set up a heavy forwarder/deployment server on one server? After building a deployment and a heavy forwarder on one server we seem to be having issues when we point the univers... by sbattista09 Contributor in Getting Data In 01-28-2016 1 4	1	4
Moving to a least privileged model for service accounts, what permissions are needed for WMI collections, the universal forwarder, and folder monitoring and database connections? We are moving to a least privileged model for service accounts and I have to ask the question of what permissions Spl... by sbattista09 Contributor in Getting Data In 01-28-2016 0 1	0	1
What are the indexer hardware requirements for a small amount of input, but a very long retention time? We are intending to input about 35GB/day into Splunk enterprise. That can easily be handled by a single "reference" ... by ldacsplunktest New Member in Getting Data In 01-28-2016 0 4	0	4
Can someone help me understand how protocols, permissions, and communication are configured for universal forwarders? Protocols, I am assuming that everything is running on TCP, but perhaps UDP is required as wellPermission, there is n... by dwin02 Explorer in Getting Data In 01-28-2016 0 1	0	1

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

Getting Data In

Can someone explain splunk overview for data forwarding and parsing?

xpath is returning the duplicate values. How do I limit the output to single values?

How to configure a universal forwarder on Windows to send data to another Windows system?

How to configure a Splunk universal forwarder and receiver on Windows?

Why are we seeing duplicate headers? (host and timestamp)

How to deploy a Splunk Universal Forwarder through GPO and MST setup?

how many clients can one deployment server manage?

How to join multiple sourcetypes with additional data from a CSV using a common field (userId), then calculate the average for 2 possible fields by userId?

Is it possible to configure an app in Splunk to overwrite the hostname in logs sent from a universal forwarder?

Why am I not seeing any events in Splunk after creating a WinEventLog stanza in inputs.conf?

Splunk as CMDB - initCrcLength set to max creates duplicates

Does the number of forwarders determine the number of indexers and search heads for our environment?

How to force Splunk to pull logs that were missed during a lost network connection?

Why is heavy forwarder repeatedly getting "WARN TcpOutputProc - Forwarding to indexer group default-autolb-group blocked for 600 seconds."

My three searches with outputcsv are working when run manually, but why are results not written to CSV as scheduled searches?

Can someone possibly suggest a better way to handle snapshot data or tell me how to get more information on buckets?

Why are multiple events being merged together as a single event?

REST rebalance_primaries

How configure SED props.conf on a Heavy Forwarder to make a field CIM compliant?

Why is must_break_after configuration not working?

Why is the deployment server reporting missing forwarders after moving an indexer to physical hardware from virtual?

How to set up a heavy forwarder/deployment server on one server?

Moving to a least privileged model for service accounts, what permissions are needed for WMI collections, the universal forwarder, and folder monitoring and database connections?

What are the indexer hardware requirements for a small amount of input, but a very long retention time?

Can someone help me understand how protocols, permissions, and communication are configured for universal forwarders?

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation