Getting Data In

Community Activity

How do I edit my current inputs.conf and props.conf for proper monitoring, setting a sourcetype, and line breaking? Sorry newbie questions. I have been looking at trying my hand at customizing the setup, instead of using the GUI. The... by newmember New Member in Getting Data In 01-11-2016 0 3	0	3
I set my receiver to also forward data to itself by mistake. How do I remove the forwarder instance without uninstalling the receiver? I'm running 6.3.2 and when I did the initial setup for my receiver, I misunderstood the directions I was getting and ... by superiorlabels Explorer in Getting Data In 01-11-2016 0 5	0	5
Why are Apache access logs not appearing after configuration and ogs show the server is rejecting the connection between itself? Hey guys, I have configured the forwarder to send apache access logs to itself from localhost. However, when I look... by Spiere Path Finder in Getting Data In 01-11-2016 0 1	0	1
How to integrate AWS Autoscale with Splunk indexers to automate high availability without an admin redeploying configurations Last year we had great luck with our Splunk configuration and I'm trying to adapt it to use multisite clustering for ... by agoebel Path Finder in Getting Data In 01-11-2016 0 2	0	2
How can I ensure a high availability on Splunk servers using VMware (2 ESXI Servers)? I installed Spunk Enterprise on a VM "Win Server 2012" on ESXI server. How can I ensure a high availability on Splun... by sdaghfous Explorer in Getting Data In 01-11-2016 0 1	0	1
After identifying future timestamps in indexed events, is there any way to adjust time / date after fixing the issue? Basically, my wineventlog is showing a 'latest event' of Dec 01, 2020 and I need to revert that back to the proper ti... by dschmidt_cfi Path Finder in Getting Data In 01-11-2016 0 1	0	1
In deploymentclient.conf, how can we use a variable to mention the hostname of the machine for the clientname entry? Dear All, In our environment, we are planning to push a splunkforwarder to a Windows server. Part of that, we are co... by raju4244 Explorer in Getting Data In 01-11-2016 0 2	0	2
Selective join Trying out for below 1) sourcetype="A" has login details 2) sourcetype ="B" has success login details When I sel... by sreelesh_n New Member in Getting Data In 01-11-2016 0 1	0	1
how monitor amazone EC2 linux with splunk ? I have a instance amazone EC2 LINUX in my account amazone AWS. my probleme is : i want monitor my amazone EC2 instanc... by fdi01 Motivator in Getting Data In 01-11-2016 0 2	0	2
Can I use Splunk to monitor user and agent activity on a network to ensure adherence to policies e.g. stopping password sharing, etc? With multiple applications both cloud and on premise in use, I am looking for a toolset which can automate the manual... by Difference New Member in Getting Data In 01-11-2016 0 2	0	2
TCP input - tcp-raw not splitting rows by newline Hi All, I have written a python HTTP downloader which is pulling down multiple zip files and extracting the contents... by phoenixdigital Builder in Getting Data In 01-11-2016 1 2	1	2
Install Windows Deployment Client WITHOUT DEPLOYMENT_SERVER flag. Can it work?? Hi. I've been struggling with this for a more days than I'd care to admit. I'm HOPING someone can advise... (Enable... by mfeeny1 Path Finder in Getting Data In 01-11-2016 2 6	2	6
How to configure Splunk DB Connect 1 to support TLS encryption? I am using DBX v1, and would like to take advantage of splunkd using TLS 1.2 (this is in [sslconfig] for server.conf)... by splunkIT Splunk Employee in Getting Data In 01-11-2016 4 4	4	4
Why is the Splunk compression rate at 500% for 6GB of CSV data? Hi, I have indexed 6GB of CSV data in Splunk. When I look at the compression rate using this search: \| dbinspect in... by pduflot Path Finder in Getting Data In 01-11-2016 0 5	0	5
How to edit the clientName across all forwarders in my environment? Hi everyone, We have an environment of about 3000 forwarders installed. Recently, I was told to edit the clientName... by s0rbeto Explorer in Getting Data In 01-11-2016 1 7	1	7
How do I edit my Hosts > Heavy Forwarder > Heavy Forwarder > Indexers configuration to route data to different target groups based on metadata? I have gone through the docs: routing based on meta data (source, host, sourcetype) to send specific data to a differ... by rgomatha Explorer in Getting Data In 01-10-2016 1 1	1	1
How do I select different sourcetypes for multiple logs coming from multiple servers using rsyslog.conf (no universal forwarders)? How do I select different sourcetypes for multiple logs coming from multiple servers (no universal forwarders, using ... by CREVITCH Path Finder in Getting Data In 01-10-2016 0 3	0	3
How to find the IP address of the AWS(f5) data coming through port 9997 to a heavy forwarder? The port 9997 is enabled, data hitting the Heavy Forwarder. How to validate specific data and IP address? by Rocky31 Path Finder in Getting Data In 01-09-2016 0 4	0	4
How to schedule a search to run every morning at 6:00AM? Hi, We have a search that retrieves data for the last 24 hours and will send a CSV to an email distribution list. I... by mattkun New Member in Getting Data In 01-09-2016 0 2	0	2
Can I set up Splunk so that only certain forwarders use encryption? Hi, I have a request from a customer to encrypt their feed to Splunk. The doc looks pretty simple, but after readi... by a212830 Champion in Getting Data In 01-09-2016 0 2	0	2
Event Hashing: Location of Hashes Hey Folks, http://docs.splunk.com/Documentation/Splunk/latest/admin/Eventhashing After reading the documentation on... by michaeloleary Path Finder in Getting Data In 01-08-2016 3 1	3	1
Why are events not being split for each date for one heavy forwarder? Events should be split for each date, which is not happening for one of the forwarders: The following is the part of... by athorat Communicator in Getting Data In 01-08-2016 0 9	0	9
How to monitor multiple files across multiple subdirectories We are new to Splunk and are trying it before we buy it. I am having trouble getting Splunk to monitor the individual... by slrobeson Engager in Getting Data In 01-08-2016 0 1	0	1
How to troubleshoot why all 8 of my universal forwarders suddenly lost connection to my receiver? Yesterday I had set up 8 Universal Forwarders on 8 different machines and had them all sending data over to the Recei... by superiorlabels Explorer in Getting Data In 01-08-2016 0 3	0	3
How to troubleshoot why an indexer stopped receiving data on one index after I fixed a different index? We are working on configuring Splunk for the first time in advance of buying it, and I am having problems with the in... by antessima Explorer in Getting Data In 01-08-2016 0 2	0	2

Get Updates on the Splunk Community!

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS) We Want Your Feedback on Admin Config Service ...

Getting Data In

How do I edit my current inputs.conf and props.conf for proper monitoring, setting a sourcetype, and line breaking?

I set my receiver to also forward data to itself by mistake. How do I remove the forwarder instance without uninstalling the receiver?

Why are Apache access logs not appearing after configuration and ogs show the server is rejecting the connection between itself?

How to integrate AWS Autoscale with Splunk indexers to automate high availability without an admin redeploying configurations

How can I ensure a high availability on Splunk servers using VMware (2 ESXI Servers)?

After identifying future timestamps in indexed events, is there any way to adjust time / date after fixing the issue?

In deploymentclient.conf, how can we use a variable to mention the hostname of the machine for the clientname entry?

Selective join

how monitor amazone EC2 linux with splunk ?

Can I use Splunk to monitor user and agent activity on a network to ensure adherence to policies e.g. stopping password sharing, etc?

TCP input - tcp-raw not splitting rows by newline

Install Windows Deployment Client WITHOUT DEPLOYMENT_SERVER flag. Can it work??

How to configure Splunk DB Connect 1 to support TLS encryption?

Why is the Splunk compression rate at 500% for 6GB of CSV data?

How to edit the clientName across all forwarders in my environment?

How do I edit my Hosts > Heavy Forwarder > Heavy Forwarder > Indexers configuration to route data to different target groups based on metadata?

How do I select different sourcetypes for multiple logs coming from multiple servers using rsyslog.conf (no universal forwarders)?

How to find the IP address of the AWS(f5) data coming through port 9997 to a heavy forwarder?

How to schedule a search to run every morning at 6:00AM?

Can I set up Splunk so that only certain forwarders use encryption?

Event Hashing: Location of Hashes

Why are events not being split for each date for one heavy forwarder?

How to monitor multiple files across multiple subdirectories

How to troubleshoot why all 8 of my universal forwarders suddenly lost connection to my receiver?

How to troubleshoot why an indexer stopped receiving data on one index after I fixed a different index?

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation