Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
Abilan1

Why is Splunk unable to index a converted text file?

Hi , I have saved the outlook file as a text fie and placed that file into a Splunk monitoring folder. Splunk is jus...
by Abilan1 Path Finder in Getting Data In 11-02-2015
0 3
0
3
hkizuka

How do I manually activate the SplunkForwarder service for a universal forwarder on Windows 7 (32bit)?

I have an issue with my forwarder in Windows 7 (32bit). After I installed a Universal forwarder by .msi, indexer did...
by hkizuka Explorer in Getting Data In 11-01-2015
0 2
0
2
tmuthuk

indexing multiple timezone data

We currently have 4 servers that send data to the Splunk indexer. Each server is located in different time zone, Our...
by tmuthuk Path Finder in Getting Data In 11-01-2015
0 9
0
9
APNelson

McAfee Host Intrusion Prevention event logs

From what I've been able to find, McAfee Host Intrusion Prevention does not write to its event.log file in a human re...
by APNelson Explorer in Getting Data In 11-01-2015
0 2
0
2
fernandoandre

can splunkd.log be forwarded from Heavy Forwarder to Indexer?

I have a Heavy Forwarder (HF) and an Indexer. I would like to forward splunkd.log from the Heavy Forwarder to Indexe...
by fernandoandre Communicator in Getting Data In 10-30-2015
1 4
1
4
edenael20

Real Time Search On Dashboard Time Zone

I have a dashboard that has 2 real time search counts and all the other panels are based on scheduled searches. The r...
by edenael20 New Member in Getting Data In 10-30-2015
0 2
0
2
lisaac

Batching gzipped files residing in 4 directories into Splunk, is there a way to run parallel batches on a Splunk 6.2.6 Linux universal forwarder?

I am batching gzipped files into Splunk. The files reside in 4 directories. Splunk, per splunkd.log, appears to be re...
by lisaac Path Finder in Getting Data In 10-30-2015
0 2
0
2
jimnol

How can I define new sourcetypes for one single TCP input ?

Hello, I'm trying to implement Splunk on a really big project. My team and I already used a LogLogic solution and wa...
by jimnol New Member in Getting Data In 10-30-2015
0 3
0
3
chrisboy68

After a restart, is there a way to configure which monitor stanzas Splunk should start processing first to prioritize what gets indexed?

HI, I have a few large directories that take a long time for Splunk to start indexing after a restart. Is there an ...
by chrisboy68 Contributor in Getting Data In 10-30-2015
0 1
0
1
jking81

How to strip the FQDN from an inputs.conf monitor path using host_segment?

I have files on multiple servers that I need to log that are housed in a directory where the path includes the system...
by jking81 Explorer in Getting Data In 10-30-2015
0 1
0
1
rbal_splunk

How to exclude one or more cluster peers from the index replication target list?

As the Cluster Deployments are reaching maturity, we are planning to add a new Cluster Peer/Indexer to the existing C...
by rbal_splunk Splunk Employee Splunk Employee in Getting Data In 10-30-2015
1 2
1
2
Julieda

Is it possible for the cluster master to have a different OS than the indexer cluster peers? What are the potential drawbacks?

My Splunk environment has two indexers running on VMs with Linux OS, and I want to create an indexer cluster. My thir...
by Julieda Explorer in Getting Data In 10-29-2015
0 1
0
1
xiyangyang

What decides the order of the fields output in CSV files from Splunk, and is there a way to control the order?

We output .csv file from splunk. When we test on a test machine, the order of CSV file fields is "Action", "Returnco...
by xiyangyang Path Finder in Getting Data In 10-29-2015
0 1
0
1
edrivera3

How to configure Splunk for input active files?

Hi, I'm already monitoring new files in a directory, but I would like to monitor the changes in the files too. Here ...
by edrivera3 Builder in Getting Data In 10-29-2015
0 2
0
2
bfnpmsz

How do I edit my props.conf and transforms.conf to filter select events from one source file from getting indexed?

We have a vanilla install, just one stand alone Splunk Server. I am wanting to filter select events from one source ...
by bfnpmsz New Member in Getting Data In 10-29-2015
0 10
0
10
splunkmasterfle

Input files have changed format, so how do I edit my configurations to keep the old data and handle the new data?

Hi, Here is my situation (and I know it isn't ideal, but I have to work with it for now) I have scripts that pre-pr...
by splunkmasterfle Path Finder in Getting Data In 10-29-2015
0 1
0
1
Norling80

Is it possible to filter all values in certain fields from our access logs to nullQueue?

Hey, We have a regular access log file with fields named UserAgent and Method. Is it possible to send all data in t...
by Norling80 Path Finder in Getting Data In 10-29-2015
0 3
0
3
Michael

What is the proper indexes.conf syntax for moving colddb to another volume?

I would just like to confirm my syntax... I've read a bunch of postings, I've RTFM, but none have an actual sample or...
by Michael Contributor in Getting Data In 10-29-2015
0 1
0
1
ng1p

Help save fschange! Still seeing great value in keeping fschange (deprecated since 5.x)

When my company first purchased Splunk 4.x fschange was not deprecated and was one of the reasons that we have Splunk...
by ng1p Path Finder in Getting Data In 10-29-2015
3 6
3
6
dkeck

After creating a new sourcetype, where do I find the props.conf for it?

Hello, I created a new sourcetype and there is no props.conf in splunk/etc/system/local.. Where is it stored? or is...
by dkeck Influencer in Getting Data In 10-29-2015
0 1
0
1
kimche

Why am I seeing "Authentication failed" in the Distributed Management Console for search peers added using CLI commands in a script?

Hi all, I add the search peers by using the CLI commands in a script. When I check the Distributed Management Consol...
by kimche Path Finder in Getting Data In 10-29-2015
0 1
0
1
arkonner

Our ISP sends us Exchange log files every hour. What is the best solution to analyze this?

Every hour our ISP send to us the Exchange logs file. What is the best solution to analyze this?
by arkonner Path Finder in Getting Data In 10-28-2015
0 1
0
1
scott778

Data Retention - can we copy frozendb to tape?

Is it possible to archive frozendbs to tape and pull that data back for splunk to read at a later date? For example,...
by scott778 Explorer in Getting Data In 10-28-2015
0 3
0
3
dknb

TCP Input Ignores Custom Timestamp in JSON

Hello, I have user event logs that I'm trying to ingest over TCP. Every event is a JSON like this: {key1:v1,....,e...
by dknb Engager in Getting Data In 10-28-2015
0 6
0
6
schose

Why does excludeFromUpdate not work in serverclass.conf?

Hi all, I'm managing my apps deployed through forwarder management using git. When running a scheduled "git pull" th...
by schose Builder in Getting Data In 10-28-2015
1 4
1
4
Top Labels
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...
Top Solution Authors
View All