Getting Data In

Community Activity

splunk to forward 1 index only Hello everyone : ) I have a splunk instance with an alert manager app that is producing logs that are being indexed... by Federica_92 Communicator in Getting Data In 12-23-2015 0 1	0	1
"This is Cindy, it is my new goatfriend" With things winding down during the last days of 2014, I found myself a bit bored and as I was digging through the so... by dvanzuijlekom Engager in Getting Data In 12-23-2015 5 5	5	5
How to not index certain messages from splunkd on the fwd servers I am trying to minimize the amount of apps I have by putting paths into inputs.conf that may or may not exist on all ... by brent_weaver Builder in Getting Data In 12-23-2015 0 5	0	5
What information do we need from respective server and application owners for installing and configuring Splunk forwarders to collect event logs? I am new to Splunk. What information do we need from Application owners, for installing and configuring a Forwarder? ... by kapuralasharad Engager in Getting Data In 12-23-2015 1 3	1	3
Is the Active Directory group name specified in authentication.conf case sensitive, and what will happen if we have 2 indexes with the same name in indexes.conf? Hi Fellow Splunkers, I have two questions: 1) Is the Active Directory group name specified in authentication.conf c... by hemendralodhi Contributor in Getting Data In 12-22-2015 0 4	0	4
Why am I getting error "Cannot create index 'main': path of coldToFrozenDir must be absolute" trying to move/archive files on Windows? I'm working in a test lab trying to move/archive files using the following indexes.conf file on our cluster master: ... by hagjos43 Contributor in Getting Data In 12-22-2015 0 10	0	10
How to disable KVStore on a heavy forwarder? I have KVStore taking up drive space on a HF. Documentation warns about this and says KVStore can be disabled in the ... by MikeBertelsen Communicator in Getting Data In 12-22-2015 1 1	1	1
How to use a dashboard time range picker to reference a time column in a CSV file generated by an inputcsv search? Hi, I have a csv file that I have not indexed and am using it directly through the inputcsv command. The problem is ... by Laya123 Communicator in Getting Data In 12-22-2015 1 3	1	3
Should I build out a cluster master with the same hardware spec requirements as my heavy forwarder? Should I build out a cluster master with the same hardware requirements as my heavy forwarder? by sbattista09 Contributor in Getting Data In 12-22-2015 0 4	0	4
Raw TCP forwarded events contain ForwarderInfo in Splunk 5.0.1 After upgrading to Splunk 5.0.1 from 4.3.1, TCP streams of forwarded events began to include lines such as this: For... by joelshprentz Path Finder in Getting Data In 12-21-2015 2 3	2	3
How to troubleshoot why no events are getting indexed in Splunk 6.3.1 on Linux CentOS 6.7? Hello guys, I have new Splunk 6.3.1 installation on Centos 6.7. After installation, there are no events coming to Sp... by vad34 Path Finder in Getting Data In 12-21-2015 0 2	0	2
Importing CSV files with numbers formatted in German localization (ex: 1.3400,39), how to configured SEDCMD in props.conf to switch commas and decimal points? Hey everybody, We recently got the request to import CSV files into Splunk. However, the files include some number f... by benjaminruland Explorer in Getting Data In 12-21-2015 2 6	2	6
can multiple sourcetypes stanza's in a props.conf - point to one single report extract (see below) Hello Splunk Community, Does this seem logical below? I am unsure if ASCII precedence is in play when I use the belo... by dmacgillivray Communicator in Getting Data In 12-21-2015 0 4	0	4
What would be the best way to upgrade our Splunk environment and add additional indexers and forwarders? I have an existing Splunk setup with 2 indexers and 2 forwarders with a clustered architecture. Now we are trying to ... by jkponnuri Explorer in Getting Data In 12-20-2015 1 1	1	1
Importing txt files, how do I configure props.conf so "£" characters do not appear as "\xA0"? Below is the format and I want to import. The data is showing \xA0 where there should be a £. Please can you send t... by smudge797 Path Finder in Getting Data In 12-20-2015 0 4	0	4
Retrieving saved search data using the REST API and showing results in CSV format, is there a way to specify pipe as the delimiter? Hi, I am trying to receive saved search data using REST API and showing the results in csv format. Is there a way th... by sdaruna Explorer in Getting Data In 12-20-2015 0 1	0	1
Help with windows security event log search string In order to find out if and when a member was added to a security group,I have done a search for EventCode=4728. The... by adrianmiron Explorer in Getting Data In 12-20-2015 1 3	1	3
Why are my props.conf settings not being applied to my data Here's my local props.conf. [tmweb@app1.splunkdev.jetdev2.syseng.tmcs ~]$ cat /opt/splunk-efr/splunk/etc/system/loca... by efrenette11 Path Finder in Getting Data In 12-19-2015 0 7	0	7
Indexing ZIP files Can Splunk index gzip/zip files (flat-file format)? by efelder0 Communicator in Getting Data In 12-18-2015 2 6	2	6
How could i filter network firewall data using a filed value ? Hello, I have a firewall that sends a lot of data, i would like to filter events using a specific field value (exemp... by Afef Communicator in Getting Data In 12-18-2015 0 11	0	11
Scripted input with powershell - SplunkTime not working Hi, I have a PowerShell script that's being executed, but the event time is showing as the time the script runs. Th... by mark19632 New Member in Getting Data In 12-18-2015 0 3	0	3
Newbie Universal forwarding. Is there a full example to forward a simple file or directory? Dear Group: Splunk Universal Forwarder 6.0 (build 182037) I have my splunk indexer working on one machine "vm251.fo... by leopapadopoulos New Member in Getting Data In 12-18-2015 0 2	0	2
How to monitor specific Active Directory user groups, and set up a search to alert when members of these groups perform a login? I am looking to monitor specific AD user groups and want to create a search that alerts me to when the members of the... by arkonner Path Finder in Getting Data In 12-18-2015 0 4	0	4
What is the precedence for identical stanzas within a single conf file? Is this a valid configuration? Hi, I'm facing the situation that there is the identical stanza twice within a single conf file. E.g. authorize.conf... by mlorch Path Finder in Getting Data In 12-18-2015 0 2	0	2
Why am I unable to execute script file to collect data using 'add oneshot' command. I have difficulty making a right script to collect data not in real time but on schedule. first, I made 'inputs.con... by leujinlove Explorer in Getting Data In 12-18-2015 1 2	1	2

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Getting Data In

splunk to forward 1 index only

"This is Cindy, it is my new goatfriend"

How to not index certain messages from splunkd on the fwd servers

What information do we need from respective server and application owners for installing and configuring Splunk forwarders to collect event logs?

Is the Active Directory group name specified in authentication.conf case sensitive, and what will happen if we have 2 indexes with the same name in indexes.conf?

Why am I getting error "Cannot create index 'main': path of coldToFrozenDir must be absolute" trying to move/archive files on Windows?

How to disable KVStore on a heavy forwarder?

How to use a dashboard time range picker to reference a time column in a CSV file generated by an inputcsv search?

Should I build out a cluster master with the same hardware spec requirements as my heavy forwarder?

Raw TCP forwarded events contain ForwarderInfo in Splunk 5.0.1

How to troubleshoot why no events are getting indexed in Splunk 6.3.1 on Linux CentOS 6.7?

Importing CSV files with numbers formatted in German localization (ex: 1.3400,39), how to configured SEDCMD in props.conf to switch commas and decimal points?

can multiple sourcetypes stanza's in a props.conf - point to one single report extract (see below)

What would be the best way to upgrade our Splunk environment and add additional indexers and forwarders?

Importing txt files, how do I configure props.conf so "£" characters do not appear as "\xA0"?

Retrieving saved search data using the REST API and showing results in CSV format, is there a way to specify pipe as the delimiter?

Help with windows security event log search string

Why are my props.conf settings not being applied to my data

Indexing ZIP files

How could i filter network firewall data using a filed value ?

Scripted input with powershell - SplunkTime not working

Newbie Universal forwarding. Is there a full example to forward a simple file or directory?

How to monitor specific Active Directory user groups, and set up a search to alert when members of these groups perform a login?

What is the precedence for identical stanzas within a single conf file? Is this a valid configuration?

Why am I unable to execute script file to collect data using 'add oneshot' command.

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation