Getting Data In

Discussions

Thread Info

Inputs.conf not working for Splunk 6.3.0

Recently we upgraded the Splunk version to 6.3.0 We are trying to filter certain event codes from Security and Sys...

by New Member in

How to configure fschange Windows file monitoring, but exclude a sub-folder using blacklist?

I'm trying to monitor file changes within a specific location on a production server's d:\ drive (d:\filestomonitor),...

by Engager in

Splunk 6.3 Extract Fields Props.conf & transforms.conf not working

I setup a field extraction two ways, neither have worked and have caused Splunk to not function in a manner I think i...

by Path Finder in

Does anyone have experience with getting Bluecoat Packet Shaper or Packeteer data into Splunk?

Does anyone have any experience with Bluecoat Packeteer data and getting it in to Splunk? This isn't something that i...

by Explorer in

Website monitoring not working.

Hi All, I have installed the website monitoring app in my PC (Splunk 6). But I couldn't make it working.Its says "...

by Contributor in

"splunk offline" command prompts for username and password. How to bypass it without providing the password in an rc script?

Hello, I am trying to setup a rc script on our indexer so that Splunk does 'splunk offline' whenever the indexer i...

by Communicator in

Why am I unable to forward logs from a Linux machine to Windows using Splunk 6.3?

I am new to Splunk and downloaded Splunk free to several machines, Linux and Windows. All machines are on the same su...

by Path Finder in

How limit my index growth

Hi Splunk Users, I am having an issue with my indexes growing very large and clogging up the space on my disk. ...

by Communicator in

When creating a dashboard to create a list of windows log sources how do you get it to escape the \ characters within the dashboard

When doing this via the search bar index=xxxx | chart count by source, when you select a source in search it automati...

by Explorer in

Is it possible to use Splunk on a Windows machine as a cluster master for Splunk indexers on Linux machines?

Hi. I have an environment with two Splunk indexers running on VMs with Linux OS, and I want to create an indexer ...

by Builder in

Is there a way to find out all the indexers and forwarders in our Splunk environment via Splunk Web or CLI?

It would be great if someone can help me get this answer, either in GUI or CLI (through commands). Thank you in advan...

by Path Finder in

How to set the site during Universal Forwarder installation for a Splunk 6.3 multisite indexer cluster?

I am deploying Universal Forwarders by either Puppet or SCCM to multiple hosts. They will be forwarding to a 6.3.0 mu...

by Path Finder in

Duplicate data problem

Hi I have the following configuration in inputs.conf: [monitor:///<directory>] index=results crcSalt = <SOURCE>...

by Builder in

Enabling export to csv button in web framework

Hello, I am looking to enable an export to csv button in web framework (where you can hover over the bottom of a t...

by Communicator in

If I currently have a single Windows server running Splunk, how can I add a new Linux front end server to use apps that require Linux?

Right now I have Splunk set up on a single Windows server, but have found some apps that require a Linux server to ru...

by Engager in

How can I parse 2 sets of CSVs in one file?

How could I parse this? section1String field1,field2,field3 value1,value2,value3 value1,value2,value3 value1,value...

by Contributor in

Adding Data from a forwarder, why am I getting error "There are currently no forwarders configured as deployment clients to this instance"?

I just installed a forwarder on a host and trying to connect it to the Enterprise server, but got an error when launc...

by Engager in

Aside from disabling Redhat's Out of Memory (OOM) Manager that is killing splunkd, is there any other way to manage the splunk-optimize process to reduce the memory it uses?

Splunk-optimize is launching on our indexers and eating up a few GB of memory, then Redhat's out-of-memory manager ki...

by Path Finder in

How can I locate the actual source of events?

I have a sourcetype that has a non-descriptive host and a source defined (both appear to have been overwritten by sta...

by Path Finder in

Implement Retention Policy

Hi all, our customer want to implement a policy that track logs of the last six months starting from the time in whic...

by Explorer in

What options are there to find if a forwarder has stopped sending data to our Splunk server?

Hi, Is there any way or any work around or any app through which I can know if Splunk stop receiving data from the...

by Communicator in

what happens to the data forwarded to indexer when the index is not present ?

Sample Warning Message: Search peer 10.0.1.1 has the following message: received event for unconfigured/disabled/d...

by Motivator in

Getting two time stamps in a syslog entry - how to correct

Hey all. Trying to figure out how to clear up my issue. I'm getting two separate time stamps on a syslog entry com...

by New Member in

Extracting sourcetype from source /tmp/csv/file1

The sourcetype should be csv or tsv or psv, depending on the full path in the source field. For hosts we have host_re...

by Contributor in

Trouble indexing Amanda (backup) JSON files into Splunk

I have added the following to my props.conf file. AMANDA JSON FILES [amanda] INDEXED_EXTRACTIONS = json KV_MODE...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Inputs.conf not working for Splunk 6.3.0

How to configure fschange Windows file monitoring, but exclude a sub-folder using blacklist?

Splunk 6.3 Extract Fields Props.conf & transforms.conf not working

Does anyone have experience with getting Bluecoat Packet Shaper or Packeteer data into Splunk?

Website monitoring not working.

"splunk offline" command prompts for username and password. How to bypass it without providing the password in an rc script?

Why am I unable to forward logs from a Linux machine to Windows using Splunk 6.3?

How limit my index growth

When creating a dashboard to create a list of windows log sources how do you get it to escape the \ characters within the dashboard

Is it possible to use Splunk on a Windows machine as a cluster master for Splunk indexers on Linux machines?

Is there a way to find out all the indexers and forwarders in our Splunk environment via Splunk Web or CLI?

How to set the site during Universal Forwarder installation for a Splunk 6.3 multisite indexer cluster?

Duplicate data problem

Enabling export to csv button in web framework

If I currently have a single Windows server running Splunk, how can I add a new Linux front end server to use apps that require Linux?

How can I parse 2 sets of CSVs in one file?

Adding Data from a forwarder, why am I getting error "There are currently no forwarders configured as deployment clients to this instance"?

Aside from disabling Redhat's Out of Memory (OOM) Manager that is killing splunkd, is there any other way to manage the splunk-optimize process to reduce the memory it uses?

How can I locate the actual source of events?

Implement Retention Policy

What options are there to find if a forwarder has stopped sending data to our Splunk server?

what happens to the data forwarded to indexer when the index is not present ?

Getting two time stamps in a syslog entry - how to correct

Extracting sourcetype from source /tmp/csv/file1

Trouble indexing Amanda (backup) JSON files into Splunk

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions