Getting Data In

Thread Info

How to index part of a log file that was not indexed after disk failure?

We had a disk failure on our indexer. During this time, Splunk was thinking it was indexing data. We had to stop splu...

by New Member in

How to display count of zipcodes that have been visited by the number of users per day in a bar chart?

I want to assign the count of users on the X-axis where series of Zipcode on Y-axis. I have one .csv file which has t...

by Path Finder in

How do I get to know the status of Windows Updates from different Windows servers

Hi Experts, I'm trying to setup the Windows Forwarder on different servers to forward the status of Windows Update...

by Communicator in

Why is the REST API not answering ?

I'm trying, in vain, to get answers from the REST API as described here: http://dev.splunk.com/view/basic-tutorial/SP...

by Engager in

Can you use 'new line' as a delimiter?

Hi folks, I just got a new data feed where my events come in as a multiline event, with one key/value pair on each...

by Communicator in

How do I properly configure Splunk to index JSON data?

I'm trying to index a json file (below) using the preview of the Add data>Set sourcetype window, but every configurat...

by New Member in

How to troubleshoot why indexing of events is slow only for monitored files on the Indexer?

Hi, I have been banging my head for a while. I have a couple of flat files that are a monitored input directly on...

by Contributor in

Continuously monitor a single file while replacing the file with an appended version of the same file.

I am trying to monitor several individual files for changes. For example, I will watch "FILE1.log" If that file is ap...

by Communicator in

heavy forward error Connection refused

hi I use the heavyforwarder forward to indexer,but ... 01-17-2014 10:49:26.162 +0800 WARN TcpOutputFd - Connect to...

by Path Finder in

How to exclude some specific files in a monitored Source folder from being indexed?

Hi, I have added my log folder in Splunk monitoring. I want to exclude the files that start with Test from Splunk ...

by Path Finder in

Is there a way to accurately determine the volume of events being dropped to the nullQueue?

Is there a way to accurately determine the volume of events being dropped to the nullQueue? I have a standard prop...

by New Member in

How do I edit my inputs.conf to monitor logs from two servers (webserver) with the same location?

Hi, I am trying to get logs from two different servers running Tomcat application, but have the same location. The...

by Explorer in

What happens when queues are blocked?

Hi Guys, We had a series of events that meant our SUFs were unable to forward to their respective indexers for abo...

by New Member in

How to apply changes to forwarders immediately from the deployment server?

Hi all, We have set property phoneHomeIntervalInSecs to 1 hour in deploymentclient.conf and pushed this app to for...

by Explorer in

取り込むログのhost情報をもとに保存するIndexを分ける方法について

universalforwarderからindexerにデータを転送している環境で、host情報等をもとに保存先のIndexを分ける方法を教えて下さい。例えば、以下をUniversalforwarder上に設定するとすべてのデ...

by Splunk Employee in

Is it better to have many specific monitors, or one monitor with wildcards and blacklists?

We are generating inputs.conf configs programmatically with puppet or chef. We have a directory tree with a bunch ...

by New Member in

is it possible to stop the indexing after source file reach some size ?

Hi , I would like to know, is there any way to stop the indexing if any specific source file grows 1 GB in size. S...

by Path Finder in

What Linux filesystem and fs options are people using for Splunk indexers?

Good morning. I am wondering what filesystem and fs options people are using for spunk indexers? I am running it on C...

by Builder in

How to configure inputs.conf monitoring on universal forwarders for multiple apps?

Hi, I'm using a Splunk Universal Forwarder to monitor log files on various machines. I would like to split the inp...

by Path Finder in

what happens to old events when props.conf is modified?

Log files for a sourcetype called "logx" are being forwarded to my Splunk enterprise using forwarders from a few diff...

by New Member in

Find Current logged in users in Splunk 6, query works for 5.x

Hi All, I have been using below query to get the list of users currently logged into my Splunk Instance. | rest...

by Revered Legend in

How to replace the host in the event with the output from an event?

We have a script running on <script-server> which produces the output as below. We are getting service stats running ...

by Path Finder in

How to replace the host in WinEventLog with the ComputerName field?

My goal is to replace the host in WinEventLog events with the ComputerName field. The data is being forwarded from an...

by Contributor in

c# Remote access using SPLUNK API

So I have a Splunk server on Linux. I can log in from Windows chrome browser (https) to my (NOT ADMIN) account, but I...

by Explorer in

Can you index images with Splunk?

Is it possible to index images in splunk? I want to gather logs from a certain location, so I specified an index lik...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to index part of a log file that was not indexed after disk failure?

How to display count of zipcodes that have been visited by the number of users per day in a bar chart?

How do I get to know the status of Windows Updates from different Windows servers

Why is the REST API not answering ?

Can you use 'new line' as a delimiter?

How do I properly configure Splunk to index JSON data?

How to troubleshoot why indexing of events is slow only for monitored files on the Indexer?

Continuously monitor a single file while replacing the file with an appended version of the same file.

heavy forward error Connection refused

How to exclude some specific files in a monitored Source folder from being indexed?

Is there a way to accurately determine the volume of events being dropped to the nullQueue?

How do I edit my inputs.conf to monitor logs from two servers (webserver) with the same location?

What happens when queues are blocked?

How to apply changes to forwarders immediately from the deployment server?

取り込むログのhost情報をもとに保存するIndexを分ける方法について

Is it better to have many specific monitors, or one monitor with wildcards and blacklists?

is it possible to stop the indexing after source file reach some size ?

What Linux filesystem and fs options are people using for Splunk indexers?

How to configure inputs.conf monitoring on universal forwarders for multiple apps?

what happens to old events when props.conf is modified?

Find Current logged in users in Splunk 6, query works for 5.x

How to replace the host in the event with the output from an event?

How to replace the host in WinEventLog with the ComputerName field?

c# Remote access using SPLUNK API

Can you index images with Splunk?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions