Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
schose

Why does excludeFromUpdate not work in serverclass.conf?

Hi all, I'm managing my apps deployed through forwarder management using git. When running a scheduled "git pull" th...
by schose Builder in Getting Data In 10-28-2015
1 4
1
4
AaronAltonKinro

Discarding events using TRANSFORMS-null

I'm trying to bring in Cisco CDR files for some very basic splunk searches. The standard CDR format has a header row...
by AaronAltonKinro Path Finder in Getting Data In 10-28-2015
0 15
0
15
otan1010

Is there a best practice for maintaining replication for a specific index between two independent Splunk installations?

Hi, Is there a best practice way of keeping a set of indexes replicated between two independent Splunk installations...
by otan1010 Explorer in Getting Data In 10-28-2015
0 16
0
16
_gkollias

How to manually Index Data in Splunk 6.2.5?

Our production environment just upgraded to 6.2.5 from 6.0.3. The new data inputs seem to be pretty straight forward...
by _gkollias Builder in Getting Data In 10-27-2015
0 3
0
3
asmizaidi

Why am I getting "Received event for unconfigured/disabled/deleted index='wineventlog'" after installing a Universal forwarder on a Windows Domain Controller?

I've installed a universal forwarder on a Windows Domain Controller and configured on the Splunk server end I enabled...
by asmizaidi Engager in Getting Data In 10-27-2015
2 3
2
3
japala

how to differentiate b/w the source types and integrate them as one.

i am working in a environment which has three (almost similar) source types. i want to know which type of data is goi...
by japala Path Finder in Getting Data In 10-27-2015
0 5
0
5
pranov97

Inputs.conf not working for Splunk 6.3.0

Recently we upgraded the Splunk version to 6.3.0 We are trying to filter certain event codes from Security and Syste...
by pranov97 New Member in Getting Data In 10-27-2015
0 3
0
3
mattvickers

How to configure fschange Windows file monitoring, but exclude a sub-folder using blacklist?

I'm trying to monitor file changes within a specific location on a production server's d:\ drive (d:\filestomonitor),...
by mattvickers Engager in Getting Data In 10-27-2015
0 1
0
1
icyfeverr

Splunk 6.3 Extract Fields Props.conf & transforms.conf not working

I setup a field extraction two ways, neither have worked and have caused Splunk to not function in a manner I think i...
by icyfeverr Path Finder in Getting Data In 10-27-2015
0 2
0
2
AZYeti

Does anyone have experience with getting Bluecoat Packet Shaper or Packeteer data into Splunk?

Does anyone have any experience with Bluecoat Packeteer data and getting it in to Splunk? This isn't something that ...
by AZYeti Explorer in Getting Data In 10-27-2015
0 1
0
1
KarunK

Website monitoring not working.

Hi All, I have installed the website monitoring app in my PC (Splunk 6). But I couldn't make it working.Its says "Co...
by KarunK Contributor in Getting Data In 10-27-2015
0 5
0
5
sim_tcr

"splunk offline" command prompts for username and password. How to bypass it without providing the password in an rc script?

Hello, I am trying to setup a rc script on our indexer so that Splunk does 'splunk offline' whenever the indexer is ...
by sim_tcr Communicator in Getting Data In 10-27-2015
0 4
0
4
CREVITCH

Why am I unable to forward logs from a Linux machine to Windows using Splunk 6.3?

I am new to Splunk and downloaded Splunk free to several machines, Linux and Windows. All machines are on the same s...
by CREVITCH Path Finder in Getting Data In 10-27-2015
0 3
0
3
omuelle1

How limit my index growth

Hi Splunk Users, I am having an issue with my indexes growing very large and clogging up the space on my disk. For ...
by omuelle1 Communicator in Getting Data In 10-27-2015
0 3
0
3
mux

When creating a dashboard to create a list of windows log sources how do you get it to escape the \ characters within the dashboard

When doing this via the search bar index=xxxx | chart count by source, when you select a source in search it automa...
by mux Explorer in Getting Data In 10-27-2015
0 7
0
7
hettervik

Is it possible to use Splunk on a Windows machine as a cluster master for Splunk indexers on Linux machines?

Hi. I have an environment with two Splunk indexers running on VMs with Linux OS, and I want to create an indexer cl...
by hettervik Builder in Getting Data In 10-27-2015
0 2
0
2
japala

Is there a way to find out all the indexers and forwarders in our Splunk environment via Splunk Web or CLI?

It would be great if someone can help me get this answer, either in GUI or CLI (through commands). Thank you in advan...
by japala Path Finder in Getting Data In 10-26-2015
1 3
1
3
karlbosanquet

How to set the site during Universal Forwarder installation for a Splunk 6.3 multisite indexer cluster?

I am deploying Universal Forwarders by either Puppet or SCCM to multiple hosts. They will be forwarding to a 6.3.0 m...
by karlbosanquet Path Finder in Getting Data In 10-26-2015
0 2
0
2
edrivera3

Duplicate data problem

Hi I have the following configuration in inputs.conf: [monitor:///<directory>] index=results crcSalt = <SOURCE> sou...
by edrivera3 Builder in Getting Data In 10-26-2015
0 9
0
9
jamesvz84

Enabling export to csv button in web framework

Hello, I am looking to enable an export to csv button in web framework (where you can hover over the bottom of a tab...
by jamesvz84 Communicator in Getting Data In 10-26-2015
1 4
1
4
erickopp

If I currently have a single Windows server running Splunk, how can I add a new Linux front end server to use apps that require Linux?

Right now I have Splunk set up on a single Windows server, but have found some apps that require a Linux server to ru...
by erickopp Engager in Getting Data In 10-26-2015
0 1
0
1
hylam

How can I parse 2 sets of CSVs in one file?

How could I parse this? section1String field1,field2,field3 value1,value2,value3 value1,value2,value3 value1,value2,...
by hylam Contributor in Getting Data In 10-26-2015
0 7
0
7
fademidun

Adding Data from a forwarder, why am I getting error "There are currently no forwarders configured as deployment clients to this instance"?

I just installed a forwarder on a host and trying to connect it to the Enterprise server, but got an error when launc...
by fademidun Engager in Getting Data In 10-26-2015
1 1
1
1
rsolutions

Aside from disabling Redhat's Out of Memory (OOM) Manager that is killing splunkd, is there any other way to manage the splunk-optimize process to reduce the memory it uses?

Splunk-optimize is launching on our indexers and eating up a few GB of memory, then Redhat's out-of-memory manager ki...
by rsolutions Path Finder in Getting Data In 10-26-2015
0 10
0
10
zindain24

How can I locate the actual source of events?

I have a sourcetype that has a non-descriptive host and a source defined (both appear to have been overwritten by sta...
by zindain24 Path Finder in Getting Data In 10-26-2015
0 1
0
1
Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...
Top Solution Authors
View All