Getting Data In

Discussions

Thread Info

What are some cool, useful but less known features/apps in Splunk?

Title is pretty self explanatory. I'm new to Splunk and trying to learn as much as possible. EDIT: Just found the ...

by Path Finder in

Manually set host alias

I am trying to create a search that is pulling geographic IP information about the users and showing which server was...

by Engager in

inputs.conf using batch in stanza

If my forwarder's inputs.conf stanza line is set to batch instead of monitor, it will delete the file after it is ind...

by Builder in

Extract timestamp in db2audit

Hi, I need Splunk to recognize the timestamps down to microseconds. A sample event is listed below "2014-06-03-...

by Explorer in

Query to generate list of users, assigned roles and AD groups

Can someone advice on the splunk query to generate the list of users, assigned roles and associated Active Directory ...

by Path Finder in

output from scripted input best practice question

So I am writing a little python script that I intend to run as a scripted input. The script will collect information ...

by Builder in

File system changes (not log monitoring)

Have an environment where a directory is used to 'stage' files waiting for an update. Essentially, a file is sent to ...

by Communicator in

Disk space requirements

I need to get a vague idea of disk space requirements before I start forwarding logs to a Splunk instance. Each index...

by Path Finder in

TimeZone setting not working for host set from host_regex?

This configuration is not working: From inputs.conf [monitor:///somepath/.csv] host_regex = .([^])[^].csv(?:.gz)?...

by Esteemed Legend in

Monitor daily reports

I need to monitor daily reports with splunk. However the events in the logs are constantly updated throughout the day...

by Engager in

2 files same data indexed

Hi, I have 2 files with 1.log and 1.log.gz but they have exact same data. I see that indexer indexes both somehow....

by Explorer in

Remotely change Solaris universal forwarder admin password

I have somewhere between 20-50 universal forwarders installed on Solaris hosts. I need to change the Splunk admin pas...

by Explorer in

Need help troubleshooting oneshot

I'm trying to get an archival datafile into the indexes via oneshot. Current directory = C:\Program Files\SplunkUn...

by Engager in

IIS Logs - Format Question

I have added some IIS logs to Splunk via the "Files and Directories" input. While I can query the raw data it does no...

by New Member in

iplocation command not working

Hi, I am using splunk enterprise 6.0 and i used iplocation command on a index using the following command and it j...

by Contributor in

IIS Logs - Query to report on file downloads

Hello, I am currently using a trial version of Splunk 6.1 Enterprise. I am looking for a query that will create a ...

by New Member in

monitor stanza in Windows

I want to monitor the following C:\Users\...\AppData\Local\Microsoft\Windows\Burn sometimes with the Burn dire...

by Contributor in

indexer DNS in forwarder

Hi, I wanted to know should we use DNS entrie for indexer in forwarder configuration. e.g. [tcpout:default-aut...

by Communicator in

Splunk 6.1.1 upgrade from 6.0.3 Windows Splunk license agreement was not accepted. If installing silently, please pass AGREEMENTOLICENSE=Yes

We were initially trying to upgrade from 6.0.3 to 6.1.1. However, we keep receiving the following message, "Splunk li...

by Path Finder in

password doesnt work after installing forwarder

I am obviously doing something wrong, but this is twice now, i have installed the forwarder for Windows, and changes ...

by New Member in

Getting Data In

Discussions

What are some cool, useful but less known features/apps in Splunk?

Manually set host alias

inputs.conf using batch in stanza

Extract timestamp in db2audit

Query to generate list of users, assigned roles and AD groups

output from scripted input best practice question

File system changes (not log monitoring)

Disk space requirements

TimeZone setting not working for host set from host_regex?

Monitor daily reports

2 files same data indexed

Remotely change Solaris universal forwarder admin password

Need help troubleshooting oneshot

IIS Logs - Format Question

iplocation command not working

IIS Logs - Query to report on file downloads

monitor stanza in Windows

indexer DNS in forwarder

Splunk 6.1.1 upgrade from 6.0.3 Windows Splunk license agreement was not accepted. If installing silently, please pass AGREEMENTOLICENSE=Yes

password doesnt work after installing forwarder

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Logs Not Being Indexed

Volume not restricting index size

Ingest DNS Analytical Logs

Microsoft Log Analytics Add-On - Optimize Inputs

Heavy Forwarded Filtering Hosts

Getting Data In

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >