Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
BlueSocket

How should I configure a Heavy Forwarder outputs.conf to work with the distributed management console?

Dear All, I have been getting ready to set up Distributed Management Console after our upgrade to Splunk 6.3.2 and I...
by BlueSocket Contributor in Getting Data In 01-14-2016
0 1
0
1
antessima

Why does event breaking sometimes occur in the middle of multiline events with my current configuration?

We have a forwarder installed on a Linux server that forwards data from application log files to our indexer. On the ...
by antessima Explorer in Getting Data In 01-14-2016
1 3
1
3
rmsit

How do I edit my wineventlog configuration to blacklist a specific SourceName?

Hello, everyone. I am having trouble finding a solution to blacklisting a SourceName called "SCLIntra Mobile Sync Se...
by rmsit Communicator in Getting Data In 01-14-2016
0 10
0
10
adamblock2

Syslog server "host" field question

The Splunk documentation defines “host” as being “an event host value is typically the hostname, IP address, or fully...
by adamblock2 Path Finder in Getting Data In 01-14-2016
0 2
0
2
nikhilagrawal

Can I blacklist sourcetype or Index?

We have client logs getting indexed using Rest API and our license is overloaded with high volume. Because of REST AP...
by nikhilagrawal Path Finder in Getting Data In 01-14-2016
1 1
1
1
phemmer

splunk ignoring LINE_BREAKER

I've configured a source type in props.conf with LINE_BREAKER = (\n+) to remove the \r from the default value. This w...
by phemmer Path Finder in Getting Data In 01-13-2016
0 5
0
5
hexx

When is it appropriate to set followTail to 'true'?

What is the appropriate use of 'followTail' for file monitor inputs in inputs.conf? In which cases is it useful to se...
by hexx Splunk Employee Splunk Employee in Getting Data In 01-13-2016
16 17
16
17
mafruma

Where did I go wrong with my inputlookup search?

Hello all. I have not been able to populate a table via a search that uses inputlookup. My table is only populating...
by mafruma Explorer in Getting Data In 01-13-2016
0 1
0
1
tkwaller

2 easy questions about indexes.conf

Somehow our default time changed from 30 days to ~6 years and going though indexes.conf in $SPLUNKHOME/etc/system/loc...
by tkwaller Builder in Getting Data In 01-13-2016
0 3
0
3
pavanae

After upgrading Splunk, why did one of my hosts stop reading files with errors "File too small to check seekcrc" and "Checksum for seekptr didn't match"?

After upgrading Splunk to the latest version, one of my indexers had stopped indexing data and reports the logs below...
by pavanae Builder in Getting Data In 01-13-2016
0 3
0
3
shreyasathavale

Why is the Windows perfmon data in Splunk for percentage processor time different from the performance counter value on the server?

I have this Splunk stanza below: [perfmon://CPUTime] interval = 30 object = Processor counters = % Processor Time in...
by shreyasathavale Communicator in Getting Data In 01-13-2016
3 2
3
2
twinspop

Splunk 6 REST API: Much slower than 5

I upgraded our indexers to Splunk 6 about 3 weeks ago. Our monitoring scripts use the REST interface to hit Splunk. S...
by twinspop Influencer in Getting Data In 01-13-2016
0 4
0
4
anasar

how to consolidate 200/500 error counts in access.log?

I have access.log data in index access_index. How can I draw a graph counting 200's and 500's. If I draw for las...
by anasar New Member in Getting Data In 01-13-2016
0 2
0
2
pesteaux

Fresh Install of Splunk Enterprise 6.2.3 on Windows 7, why am I unable to connect to Splunk Web?

I tried all evening to get Splunk Enterprise up and running on a Windows 7 box. I am installing on a non-system drive...
by pesteaux Explorer in Getting Data In 01-13-2016
0 11
0
11
esmith3

How to configure wineventlog on a universal forwarder to include milliseconds in event timestamps?

I'm using a Splunk 6.3.1 Universal Forwarder for Windows to forward a custom event viewer log to a Splunk indexer. W...
by esmith3 Engager in Getting Data In 01-13-2016
0 1
0
1
maratc

Scripted Inputs: how do I persist state between invocations of script?

I have a script that pulls events from my REST API for Splunk to index. My script runs on schedule. I want to only p...
by maratc Engager in Getting Data In 01-13-2016
0 3
0
3
attu013

Where to find an example to log directly into Splunk via log4j?

Could anybody please point me to an example of how to log directly into Splunk via log4j. I did search extensively on...
by attu013 Engager in Getting Data In 01-12-2016
0 1
0
1
eastlandm

Can a universal forwarder work without connectivity to a deployment server?

We have universal forwarders planned for the DMZ. Firewall admins want to limit connectivity to as few ports as possi...
by eastlandm New Member in Getting Data In 01-12-2016
0 1
0
1
buckml

Can I safely remove old tsidx files and/or the db_xxxxxxxxxx_xxxxxxxxxx_x directories?

I have a machine that is getting low on disk space. Most of the space is being taken by files in the /opt/splunk/v...
by buckml New Member in Getting Data In 01-12-2016
0 1
0
1
anortrup

Why am I getting a 404 error trying to configure receiving in my Splunk Cloud Trial?

I'm attempting to configure my Splunk Cloud Trial receiving so that my forwarders will work, but I get a 404 error wh...
by anortrup Explorer in Getting Data In 01-12-2016
0 2
0
2
junshi

Is there a way to export results to multiple CSVs with a fixed number of events per file?

I have a search that returns around 60,000 results in a straight table format: field1, field2 I need to export this ...
by junshi Explorer in Getting Data In 01-12-2016
0 3
0
3
hutchingsp

Installed Windows Forwarder, License Limit Exceeded by historical events. How to clear old data from being indexed?

Currently evaluating Splunk with a view to buying a license, but for now we're on the unlicensed 500mb tier. I insta...
by hutchingsp Engager in Getting Data In 01-12-2016
0 3
0
3
evgenyv

How can I collect events from several groups of Windows servers with separate dedicated indexes?

My goal is to create a multi-tenant environment for monitoring several groups of Windows Servers. In other words, I’d...
by evgenyv Explorer in Getting Data In 01-12-2016
0 4
0
4
sunnyparmar

How do I configure a data retention policy and a working script for my indexes?

Hi, I want to create a data retention policy for my all indexes, but I don't know how to configure this: - coldToFr...
by sunnyparmar Communicator in Getting Data In 01-12-2016
0 3
0
3
dineshraj9

Why is one of my indexers crashing frequently with error "replicationStatus Failed failure info: failed_because_BUNDLE_DATA_TRANSMIT_FAILURE"?

One my Splunk indexers is crashing frequently and it is not returning results when searched. In the search head, I ca...
by dineshraj9 Builder in Getting Data In 01-12-2016
0 2
0
2
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...
Top Solution Authors
View All