Getting Data In

Thread Info

Why is per-event sourcetype override not working with my current props.conf and transforms.conf configuration?

Hello fellow Splunkers, this is my first post here! I am trying to configure per-event source type overriding. I h...

by Explorer in

How to create props.conf and transforms.conf to change the fields name of a CEF event

Hi everyone, I'm receiving logs in arcsight format, for example: <131>Oct 8 12:06:49 servename ASM:CEF:0|F5|...

by Communicator in

Splunk Light Free + Universal Forwarder: How to fix my configurations to monitor input paths with wildcards and assign proper sourcetypes?

Hello guys. I am new to Splunk. Let me introduce my problem. I have installed Splunk Light Free on the server (ba...

by New Member in

Why is a monitored file behaving like a batch file on a Splunk 6.2.1 Universal forwarder?

I have a monitored file input for a .tsv file that gets updated via a SQL query every hour. However, the data is only...

by Explorer in

How can you get a complete list of all files with the path Splunk is monitoring/ingesting?

I'm trying to get a list of all files with the path that Splunk is currently monitoring. Google and searches here hav...

by New Member in

Why does data stop getting indexed for a monitored file when Splunk is restarted, and how do I fix this?

I am attempting to monitor a file that is fairly large and on a UNC file share. It appears that the file only indexes...

by Communicator in

How do I troubleshoot why indexing performance is slow?

Operating System: Oracle Linux 3.8.13-55.1.5, 64 bit 2 CPUs, total of 40 cores, 128 gb memory, 1 GB network, 6 300 GB...

by Explorer in

Integrating Splunk data in Talend

Greetings. We have data in Splunk, and related data in Oracle. We are looking to integrate the two using Talend. Has ...

by New Member in

delay forwarder ingesting file

I have a script that creates a file, thoguh the command that is run, has a very long output, and it takes about 20 se...

by Motivator in

How to override host metadata?

Good day everyone! I have my Splunk cluster separated in Forwarders (inside each application server), Indexer (a s...

by New Member in

How to get data into Splunk?

Hello Experts Could some one please let me know the procedure step by step for on boarding data into Splunk? T...

by New Member in

Is it recommended to use a Splunk 6.3 universal forwarder with a 6.2.X indexer / base install?

What is best practice / recommended when deploying universal forwarders relative to the splunk indexers / base instal...

by Explorer in

What deployment-apps subdirectory do I need on a Linux Deployment Server to update inputs.conf and outputs.conf on a Windows Universal Forwarder?

First, if this is a repeat question, I apologize. I tried to ask this question a short time ago, but cannot find it a...

by Builder in

Run indexes on different servers

We are planning to have a Splunk setup where we have: 1 server running a Splunk indexer2 servers per operation fro...

by Path Finder in

How to monitor switch, router... and other Cisco devices using SNMP.

Hi. Using NET-SNMP on Windows to receive and log SNMP traps to a file, and I want Splunk monitor that file. How t...

by Explorer in

What is the proper sourcetype for Symantec Brightmail Gateway 10.X?

Hi I need help finding the Splunk sourcetype for the Symantec Brightmail Gateway 10.X. Syslog or sendmail_syslog i...

by Explorer in

Splunk forwarder on linux: parameter format error after adding monitor

Hi, I have installed splunk forwarder on linux which is having symantec Brightmail Gateway. and i tried to forward th...

by SplunkTrust in

Universal Forwarder and Free Splunk license?

Is the universal forwarder free or do you need to have a license to use it? I am looking to use them on my Windows ma...

by Path Finder in

Event Breaking Issue

Hi Everyone, Need help regarding event breaking, below is my current scenario: One my log file in the indexer i...

by Contributor in

How to set hostname for the Splunk Windows Universal Forwarder

When I installed the Splunk Universal Forwarder for Windows, the inputs.conf file has the stanza; [default] host =...

by Builder in

What deployment apps subdirectory on a Linux Deployment Server do I need to update inputs.conf and outputs.conf on a Windows Universal Forwarder?

I'm trying to follow the Splunk documentation to set up my Splunk Linux Deployment Server to update configuration fil...

by Builder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Why is per-event sourcetype override not working with my current props.conf and transforms.conf configuration?

How to create props.conf and transforms.conf to change the fields name of a CEF event

Splunk Light Free + Universal Forwarder: How to fix my configurations to monitor input paths with wildcards and assign proper sourcetypes?

Why is a monitored file behaving like a batch file on a Splunk 6.2.1 Universal forwarder?

How can you get a complete list of all files with the path Splunk is monitoring/ingesting?

Why does data stop getting indexed for a monitored file when Splunk is restarted, and how do I fix this?

How do I troubleshoot why indexing performance is slow?

Integrating Splunk data in Talend

delay forwarder ingesting file

How to override host metadata?

How to get data into Splunk?

Is it recommended to use a Splunk 6.3 universal forwarder with a 6.2.X indexer / base install?

What deployment-apps subdirectory do I need on a Linux Deployment Server to update inputs.conf and outputs.conf on a Windows Universal Forwarder?

Run indexes on different servers

How to monitor switch, router... and other Cisco devices using SNMP.

What is the proper sourcetype for Symantec Brightmail Gateway 10.X?

Splunk forwarder on linux: parameter format error after adding monitor

Universal Forwarder and Free Splunk license?

Event Breaking Issue

How to set hostname for the Splunk Windows Universal Forwarder

What deployment apps subdirectory on a Linux Deployment Server do I need to update inputs.conf and outputs.conf on a Windows Universal Forwarder?

Why does CSV import look crazy?

Initially, props.conf line breaking works properly and extracts the timestamp, but why does it stop working later?

Is there a REST API call or other method to check which files were processed by a Splunk forwarder in the past?

Best/optimum log file size?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR