Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
seksit

How can I search total time indexing for source="xxx.log" and bandwidth speed of data transfer between site.

Hi everyone, Now I'm working splunk site to site. I have splunk indexer at HQ and splunk forwarder at branch. I'm ...
by seksit Explorer in Getting Data In 10-09-2015
0 1
0
1
deepthi5

how to avoid searching with source file name

Hi Experts, I need your help in the following scenario 1.I have 200 routers configured to feed splunk daily for gen...
by deepthi5 Path Finder in Getting Data In 10-09-2015
0 2
0
2
tmblue

indexed data is being rolled off, deleted. Not sure why, what config am I missing 6.2?

t_activity 500,000 N/A 149,887 581,087,973 Mar 31, 2015 2:57:59 PM Apr 21, 2015 11:50:35 AM I have others that hav...
by tmblue Engager in Getting Data In 10-08-2015
0 9
0
9
yonphang

How to push a script out to remote forwarders?

hello everyone, I saw multiple post regarding this but couldn't really understand the architect behind. We have 300...
by yonphang Explorer in Getting Data In 10-08-2015
0 7
0
7
gph12

How do I get useful information\reports from Splunk about Windows desktops and servers?

Hi Everyone, How can I get useful information and\or reports from Splunk? I'm new to Splunk and we have a complianc...
by gph12 Explorer in Getting Data In 10-08-2015
0 4
0
4
athoma31

Attempting to run Splunk, why am I getting "Problem parsing indexes.conf: Cannot create index 3rdIndex: path of homePath must be absolute"?

[volume:primary] path = opt/splunk/splunk_data maxVolumeDataSizeMB = 2000000 [3rdIndex] homePath = volume:primary/...
by athoma31 Explorer in Getting Data In 10-08-2015
0 2
0
2
tony_luu

Why is my Splunk 6.2.5 Heavy Forwarder not filtering out events as expected?

My Heavy Forwarder forwards data to the indexer fine, however, I wanted to filter out some events before being forwar...
by tony_luu Path Finder in Getting Data In 10-08-2015
0 4
0
4
rubeniturrieta

How can I design my search head and indexer clustering architecture?

Hi to everyone I have a design, with four Splunk instances (two search head, and two indexers). I want an "indexer c...
by rubeniturrieta Communicator in Getting Data In 10-08-2015
0 7
0
7
pipegrep

Why is my index not being populated with my current configuration?

We've been chugging along fine with our 4 unreplicated indexers. I'd like to add a new index now, but have gotten stu...
by pipegrep Path Finder in Getting Data In 10-08-2015
0 5
0
5
moonhound

What does sendCookedData actually do on a heavy forwarder (i.e. what does 'cooked' mean at a technical level)?

What transformations / processing happens when data is cooked on a heavy forwarder? Is it the same as the data being ...
by moonhound Explorer in Getting Data In 10-08-2015
0 2
0
2
RicoSuave

is there a limit on the number of files splunk can monitor?

is there a limit on the number of files splunk can monitor? Say for example if i have a directory with 100k+ files. I...
by RicoSuave Builder in Getting Data In 10-08-2015
4 9
4
9
faceplate23

How do I split out a result So that I have a count of True and False

here is what I am trying to do I have a bunch of IP address's Source Count 10.150.1.181 19984 10.150....
by faceplate23 New Member in Getting Data In 10-08-2015
0 3
0
3
jcbrendsel

Deploying blacklist configuration in inputs.conf to universal forwarder

I am having problems blacklisting a sourcefile from being indexed. We currently run version 4.3 and deploy configura...
by jcbrendsel Path Finder in Getting Data In 10-08-2015
0 3
0
3
gn694

Why is log data still present in an Index well after the frozenTimePeriodInSecs retention period?

I have an index for which "frozenTimePeriodInSecs = 7776000" (90 days) is set. Usually Indexes do not have data beyon...
by gn694 Communicator in Getting Data In 10-08-2015
2 7
2
7
mamborn

Cisco ASA logging format change

It looks like with 8.3 of Cisco ASA software the logging format has changed some. Old Version: Mar 15 13:39:13 192.16...
by mamborn Explorer in Getting Data In 10-08-2015
1 14
1
14
kftaylor

When filtering Windows event logs, can you filter on fields other than EventCode, such as Account_Name?

Taken from inputs.conf on the deployment server: blacklist1 = EventCode="4662" blacklist2 = EventCode="566" blackli...
by kftaylor Observer in Getting Data In 10-07-2015
0 1
0
1
conner9

Can I build an indexer cluster with a single indexer and migrate the second indexer in later?

I currently have a single Splunk server doing everything. I would like to move to a clustered environment. I have a s...
by conner9 Path Finder in Getting Data In 10-07-2015
0 6
0
6
loctle817

Can someone help me to install and configure a universal forwarder on a Windows 7 machine to forward data to Splunk Cloud?

I need to collect the security logs from the Windows 7 machine and add the data to Splunk Cloud. I am new to Splunk a...
by loctle817 New Member in Getting Data In 10-07-2015
0 5
0
5
ArthurGautesen

How do I list all sourcetypes for each host per index, provided one sourcetype=apache?

I am trying to set up a stats output so that for each index, it lists all hosts, and for each of those hosts, it list...
by ArthurGautesen Path Finder in Getting Data In 10-07-2015
0 8
0
8
Michael

Forwarder not recursively indexing in 6.3. Works in 6.2.5. A bug?

I have multiple servers running a Splunk 6.2.5 universal forwarder and it is indexing recursively just fine from /var...
by Michael Contributor in Getting Data In 10-07-2015
1 6
1
6
jlamirande_splu

Why are my props.conf and transforms.conf configurations to set host values based on event data being ignored?

In the Getting Data In documentation, it says I should be able to set host based on event data using props.conf and t...
by jlamirande_splu Splunk Employee Splunk Employee in Getting Data In 10-07-2015
1 1
1
1
surfjose

ERROR script - command="runshellscript", Cannot find script

Hello I have installed the app http://splunk-base.splunk.com/apps/50967/use-python-mail-for-scripted-alerts and i hav...
by surfjose New Member in Getting Data In 10-07-2015
0 3
0
3
wplank

Indexer and Heavy Forwarder in once?

Hello community, we would like to forward a subset of syslog data to a 3rd party syslog host. So, no problem, this i...
by wplank Path Finder in Getting Data In 10-07-2015
0 3
0
3
capilarity

Upgrade to Splunk 6.3 on Windows is failing with no useful error messages

I'm upgrading our environment from 6.2.6 to 6.3.0 on Windows (2012 R2) We have 1 x master, 3 x indexers and 1 x searc...
by capilarity Path Finder in Getting Data In 10-07-2015
0 2
0
2
Valky

Pass variable to a scripted alert

Hi, I would like to pass variable to run a perl script. I did it with fixed value and it runs well, but now i want t...
by Valky Explorer in Getting Data In 10-07-2015
1 6
1
6
Top Labels
Get Updates on the Splunk Community!

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...
Top Solution Authors
View All