Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
sanjeewa_fernan

2 node cluster master reporting single peer to search head when there are 2 indexers

Have 2 node Indexer cluster with a separate cluster master instance and separate SH instance, however when the SH is ...
by sanjeewa_fernan Engager in Getting Data In 10-22-2015
0 3
0
3
adamblock2

How to use transforms.conf to assign a custom index and sourcetype?

I am currently trying, unsuccessfully, to assign a custom sourcetype and index from within a local/transforms.conf fi...
by adamblock2 Path Finder in Getting Data In 10-22-2015
0 3
0
3
asoul

Why am I unable to start Splunk Light on Windows 7?

Just downloaded and installed Splunk-light. (Windows 7 Enterprise SP1) I tried to start it, but I only get a browser ...
by asoul New Member in Getting Data In 10-22-2015
0 5
0
5
akawacz

How to automatically upload CSV files to Splunk monthly?

Hello, I would like to upload automatically CSV files in monthly manner. Data should be normally indexed and go to ...
by akawacz Path Finder in Getting Data In 10-22-2015
0 4
0
4
OldManEd

I can't find EventCodeDescription from Windows logs

I just loaded Splunk 6.2.3 and am forwarding event log events from my laptop running Windows 7. Everything looks OK ...
by OldManEd Builder in Getting Data In 10-22-2015
1 1
1
1
daniel_augustyn

Why do my indexers in my indexer clustering environment have a different number of buckets?

I just deployed Splunk in an indexer cluster deployment, and I've noticed that my indexers have a different number of...
by daniel_augustyn Contributor in Getting Data In 10-21-2015
0 2
0
2
vincenteous

How to configure Splunk to monitor Border Network Gateway (BNG) accounting traffic?

Hello Everyone, Actually, I don't know if this question is actually valid to be asked here or not. So, I'm going to ...
by vincenteous Communicator in Getting Data In 10-21-2015
0 2
0
2
pchauhan03

How do I integrate Jira and Splunk to monitor Jira logs?

Hello, I have some tools. Let's say in this case I want to use Jira and and use Splunk to monitor its logs. How do ...
by pchauhan03 New Member in Getting Data In 10-21-2015
0 6
0
6
rfiscus

DNSLOOKUP for a Destination Host, only the Source Host is working.

I am apparently doing something wrong with the Destination Host dnslookup, it shows the Source Host instead. Any ide...
by rfiscus Path Finder in Getting Data In 10-21-2015
0 1
0
1
ddarmand

How to remove information from forwarded data?

Hello everyone, This is my topology: Splunk Forwarder (with local copy of data) -----> Main Splunk The forwarder i...
by ddarmand Communicator in Getting Data In 10-21-2015
0 8
0
8
btorresgil

Store an API Key encrypted

I'm trying to create a setup.xml for my app that takes in an API key as an input from the user. I have it working fo...
by btorresgil Builder in Getting Data In 10-21-2015
3 5
3
5
dannestor

Why is per-event sourcetype override not working with my current props.conf and transforms.conf configuration?

Hello fellow Splunkers, this is my first post here! I am trying to configure per-event source type overriding. I hav...
by dannestor Explorer in Getting Data In 10-21-2015
0 1
0
1
Federica_92

How to create props.conf and transforms.conf to change the fields name of a CEF event

Hi everyone, I'm receiving logs in arcsight format, for example: <131>Oct 8 12:06:49 servename ASM:CEF:0|F5|ASM|...
by Federica_92 Communicator in Getting Data In 10-21-2015
0 5
0
5
moo2k

Splunk Light Free + Universal Forwarder: How to fix my configurations to monitor input paths with wildcards and assign proper sourcetypes?

Hello guys. I am new to Splunk. Let me introduce my problem. I have installed Splunk Light Free on the server (bas...
by moo2k New Member in Getting Data In 10-21-2015
0 2
0
2
eallanjr

Why is a monitored file behaving like a batch file on a Splunk 6.2.1 Universal forwarder?

I have a monitored file input for a .tsv file that gets updated via a SQL query every hour. However, the data is onl...
by eallanjr Explorer in Getting Data In 10-20-2015
1 1
1
1
cwatterson

How can you get a complete list of all files with the path Splunk is monitoring/ingesting?

I'm trying to get a list of all files with the path that Splunk is currently monitoring. Google and searches here hav...
by cwatterson New Member in Getting Data In 10-20-2015
0 3
0
3
antlefebvre

Why does data stop getting indexed for a monitored file when Splunk is restarted, and how do I fix this?

I am attempting to monitor a file that is fairly large and on a UNC file share. It appears that the file only indexes...
by antlefebvre Communicator in Getting Data In 10-20-2015
0 4
0
4
cdevoe57

How do I troubleshoot why indexing performance is slow?

Operating System: Oracle Linux 3.8.13-55.1.5, 64 bit 2 CPUs, total of 40 cores, 128 gb memory, 1 GB network, 6 300 G...
by cdevoe57 Path Finder in Getting Data In 10-20-2015
1 4
1
4
patrickdelliot

Integrating Splunk data in Talend

Greetings. We have data in Splunk, and related data in Oracle. We are looking to integrate the two using Talend. H...
by patrickdelliot New Member in Getting Data In 10-19-2015
0 2
0
2
tmarlette

delay forwarder ingesting file

I have a script that creates a file, thoguh the command that is run, has a very long output, and it takes about 20 se...
by tmarlette Motivator in Getting Data In 10-19-2015
0 4
0
4
jmonreal

How to override host metadata?

Good day everyone! I have my Splunk cluster separated in Forwarders (inside each application server), Indexer (a set...
by jmonreal New Member in Getting Data In 10-19-2015
0 3
0
3
Bhargav99

How to get data into Splunk?

Hello Experts Could some one please let me know the procedure step by step for on boarding data into Splunk? Thank...
by Bhargav99 New Member in Getting Data In 10-19-2015
0 3
0
3
splunkDude2015

Is it recommended to use a Splunk 6.3 universal forwarder with a 6.2.X indexer / base install?

What is best practice / recommended when deploying universal forwarders relative to the splunk indexers / base instal...
by splunkDude2015 Explorer in Getting Data In 10-19-2015
0 1
0
1
OldManEd

What deployment-apps subdirectory do I need on a Linux Deployment Server to update inputs.conf and outputs.conf on a Windows Universal Forwarder?

First, if this is a repeat question, I apologize. I tried to ask this question a short time ago, but cannot find it ...
by OldManEd Builder in Getting Data In 10-19-2015
0 4
0
4
carljohan

Run indexes on different servers

We are planning to have a Splunk setup where we have: 1 server running a Splunk indexer2 servers per operation from ...
by carljohan Path Finder in Getting Data In 10-19-2015
0 8
0
8
Get Updates on the Splunk Community!

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Developer Spotlight with Mika Borner

From Hackathon Winner to Enterprise Leader    Mika Borner, CEO and Founder of Datapunctum AG, has been ...

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...
Top Solution Authors
View All