Getting Data In

Discussions

Thread Info

How to update a kvstore field from a local CSV file?

Happy Sunday All! I added a field to my KVSTORE, but want to be able to backfill that field with the appropriate d...

by Explorer in

What do I need to install on 8 Windows machines to send security logs to Splunk Light, and how can I handle the installation and configurations remotely?

I am attempting to set up 8 Windows machines to send the security logs to the Splunk Light server. 1) What exactly do...

by New Member in

How can I identify the full path to the output file of a dump command?

I am being forced to output my saved search results in .tsv format, so it appears that the dump command is the way to...

by New Member in

Is there any way to pass more metadata to the deployment server from universal forwarders?

Is there any way to pass more metadata to a deployment server from universal forwarders? I'm thinking either key/valu...

by New Member in

Splunk 6.1 how to find a listing of local admins on all workstations and servers

Hey guys, I was wondering if there is a search that would list all local admin accounts on a workstation or server...

by Path Finder in

How to prevent fields automatically extracted by DB Connect from being truncated?

Hello, we just started using dbconnect and both my users complain that field values extracted by Splunk are truncated...

by Path Finder in

How to get the data from remote server through universal forwarder?

Hi All, We dont have splunk enterprise installed on windows 2008 R2 server. We have installed the Splunk Universal...

by Explorer in

How to format output of REST API using .Net.WebClient in Powershell?

I have the following script. I am trying to format the output to CSV format, not HTML. Unfortunately the Output_Mode=...

by Engager in

How to prevent the indexing of particular error. Is it possible to filter by Message?

I can't quite find a way to block this particular event from being indexed. Blacklisting doesn't seem to be an option...

by Path Finder in

How to configure different sourcetypes for logs in the same directory?

Hi, I've got the following directory structure: c:\Logs\<system> At the moment, inputs.conf for application...

by Communicator in

How to add new deployment clients to a Server Class?

Hi All, New to this, but getting on ok. I'm just a little confused about new client PCs or Servers being added to...

by New Member in

Why are Windows Event Logs from a Windows Server 2003 missing a value for the Message field for some EventCodes (628 and 644)?

Some events (628 and 644) of a Windows 2003 are coming in with an empty Message field. ex: LogName=Security Sou...

by Explorer in

Why would indexers in our indexer cluster suddenly start consuming 100% CPU?

We have an indexer clustering Splunk environment, and recently, all our indexers are consuming 100% CPU. Not sure wha...

by Explorer in

Splunk DB Connect MS SQL DB - Connection refused

I am getting the following error while I am tring to connect Microsoft SQL database, Encountered the following err...

by Communicator in

connecting Rest API from R

Hi, I am trying to perform search using rest api from R language. This is the curl I am using which is available i...

by New Member in

I am getting this error while uploading my app "the icon found in the package is not a valid png file"

Friends, I have followed the details at following link, but still I am getting this error "the icon found in the p...

by Path Finder in

How to Upload an App?

I am a newbie and have inherited a Splunk installation. I downloaded the License Usage app and want to use of it in m...

by New Member in

How to blacklist specific hosts so Splunk will not index their IIS logs in our "iis" index?

I have an index called "iis". How can I blacklist some specific hosts so that Splunk would not process iis logs fo...

by New Member in

Why is a specific file type still being indexed with my inputs.conf whitelist configuration?

Here's my stanza: [monitor:///opt/stash/logs/] blacklist = \.gz$ disabled = false followTail = 0 index = stash_pp ...

by New Member in

My scripted input is working, but why is it assigning an incorrect hostname for 1 of 6 target hosts?

I have a simple scripted input that runs a powermt command periodically. <apps>/powermt/bin/powermt.sh #!/bin/b...

by Path Finder in

jflow support in splunk

Hi, There is a way or app to get jflow from Juniper MX or M routers ? thx for help

by New Member in

How do I filter events into 2 environments?

I have an old environment (5.0) and new environment (6.2.1). I have heavy forwarders in the new environment collectin...

by Path Finder in

Using inputlookup .csv, how do we get columns to display in the same order as the CSV file, not alphabetical?

I'm using a few .csv files for lookups. When I display the .csv files, the column order is alphabetical. Is there a w...

by Path Finder in

Using a shell script to collect data on a universal forwarder, what do I need to configure in inputs and outputs.conf?

Universal Forwarder-> Heavy Forwarder -> Indexer We have a universal forwarder which is sitting on a different domain...

by Communicator in

Is there a way for a universal forwarder to monitor Environment Variables?

I am trying to determine if there is a way for the Splunk Universal Forwarder to monitor environmental variables. We ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to update a kvstore field from a local CSV file?

What do I need to install on 8 Windows machines to send security logs to Splunk Light, and how can I handle the installation and configurations remotely?

How can I identify the full path to the output file of a dump command?

Is there any way to pass more metadata to the deployment server from universal forwarders?

Splunk 6.1 how to find a listing of local admins on all workstations and servers

How to prevent fields automatically extracted by DB Connect from being truncated?

How to get the data from remote server through universal forwarder?

How to format output of REST API using .Net.WebClient in Powershell?

How to prevent the indexing of particular error. Is it possible to filter by Message?

How to configure different sourcetypes for logs in the same directory?

How to add new deployment clients to a Server Class?

Why are Windows Event Logs from a Windows Server 2003 missing a value for the Message field for some EventCodes (628 and 644)?

Why would indexers in our indexer cluster suddenly start consuming 100% CPU?

Splunk DB Connect MS SQL DB - Connection refused

connecting Rest API from R

I am getting this error while uploading my app "the icon found in the package is not a valid png file"

How to Upload an App?

How to blacklist specific hosts so Splunk will not index their IIS logs in our "iis" index?

Why is a specific file type still being indexed with my inputs.conf whitelist configuration?

My scripted input is working, but why is it assigning an incorrect hostname for 1 of 6 target hosts?

jflow support in splunk

How do I filter events into 2 environments?

Using inputlookup .csv, how do we get columns to display in the same order as the CSV file, not alphabetical?

Using a shell script to collect data on a universal forwarder, what do I need to configure in inputs and outputs.conf?

Is there a way for a universal forwarder to monitor Environment Variables?

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

DB Connect SQL Procedures

Possible lineabreaker issue with lastlog in Splunk...

Splunk HF Stops Receiving Fortigate WAF Logs via S...

_TCP_ROUTING with clustered indexers system logs

JSON Data extraction issues with Comma