Getting Data In

Discussions

Thread Info

After a change to inputs.conf to get Windows security event logs, why am I getting error "Failed to checkpoint for channel='security'"?

Hello, I've changed some whitelist parameters in the inputs.conf file to index Windows security event logs, howev...

by Communicator in

How to search the time difference between start and end events for each unique event ID?

I have a log file going to Splunk which indicates the start and end of an event for VM creation. For example, in the ...

by Engager in

How to set up a JMS listener and get it indexed in Splunk?

I have successfully set up a jms listener, but do not see the messages being pulled by splunk. I have created the inp...

by Path Finder in

Why is the deployment server not pushing updated inputs.conf configurations to forwarders automatically?

I updated inputs.conf on an app in the deployment server yesterday. The update was done by logging into the server an...

by Communicator in

What happens in a distributed environment with auto load balancing after the minFreeSpace is reached on an indexer?

Hello, Having a distributed environment with N indexers and M servers sending data in a load-balanced way (autoLB=...

by Explorer in

Directory / Source

Hi, First: I have a directory with five sources. Sometimes a source (always the same) is not loaded into Splunk ev...

by Path Finder in

Syslog logs sent but not the last

Hi, (Sorry for my English, I'm French) I send my logs via syslog on port 514 or 40514 and I have a problem with th...

by Path Finder in

Is it possible to encrypt traffic between the forwarder and indexer, but store the collected logs in clear text?

I am using the latest universal forwarder and I enabled SSL encryption. The collected logs stored are encrypted in th...

by New Member in

How to set up log file monitoring on a Windows universal forwarder?

I'm trying to set up .log file monitoring so splunk would pull the context of the .log files in to the indexer and no...

by New Member in

Rename fields in Props.conf?

I have some old iis logging going on in our web logs, and I am looking to rename some of the fields that I'm pulling ...

by Motivator in

Is there an easy way to access Microsoft specific folders for event log extraction?

I am trying to sort through certain event logs, and I am noticing that some I am searching for aren't under either Sy...

by Path Finder in

timestamp in chinese charactors

can splunk extract timestamp in chinese charactors: "2011年2月27日星期日下午03时13分36秒中国 (上海)" means 2011-02-27 15:12:36, "下"...

by Contributor in

Event breaking is sometimes erratic

I've got an issue with some events we are receiving from multiple Active Directory hosts. Sometimes, the events break...

by Path Finder in

How to create a report of all forwarders per index/sourcetype, their status (running/stopped), and amount of data pushed to that index per day?

How do I get the number of forwarders per index/source type along with the status (running/stopped) and the amount of...

by Communicator in

How to manage universal forwarders remotely, and how to control a universal forwarder's RAM utilization?

Hi, i am working on a Centralized Log Management project using the latest Splunk version on an indexer (installed ...

by New Member in

How can I purge data older than say 30 days from some but not all of my indexes to free up disk space?

I have run out of disk space on my indexers. I need to reclaim space and want to purge data from some of the indexes ...

by Explorer in

Auditing changes to Splunk configurations files related to users, adding/deleting files, receivers/forwarders ....

I am trying to find out how much auditing is built-in in Splunk related to adding/deleting/updating Users Configur...

by Explorer in

How can I retrieve the number of connections for collectd using the REST API?

Hello, Currently, I am trying to extract the connections realted data using REST API and I am aware that the requ...

by Engager in

is it possible to set up a script which logs in to Splunk automatically and performs a saved search or runs a query?

Hi, is it possible to set up a script which logs in to Splunk automatically and performs a saved search or runs a ...

by Path Finder in

Why I can't access data from Splunk using REST API?

Hello every body! I'm new and i 'd like to communicate with Splunk by REST API using "curl" comand. I tried some exam...

by New Member in

Splunk 6.2 - "Add Data Source" with Local Server Data Itself Can't See Past 2 Tiers of Folders From / (root)

I'm getting an odd error. When using Splunk 6.2.3, and trying to access files in a folder that is read/write/execute ...

by Path Finder in

Why am I getting an error installing a universal forwarder on WIndows server 2008 R2 with a Powershell script?

Out of the 37 of our servers which this processed worked successfully without issue, I am running into an error on ou...

by New Member in

Should I configure line breaking for a log with XML data on the universal forwarder or indexer?

I have a universal forwarder on a remote machine that forwards the splunk enterprise instance a log that may include ...

by New Member in

Want to see data by host

Hi, In the below given query i want to see the data by host but unable to see. Kindly suggest index=sc-perfmon ...

by Communicator in

Why are my macros and search not properly filtering out data collected on weekend days from my indexes?

I have a problem with a requirement to remove data collected on weekend days from my indexes. I can do this accuratel...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

After a change to inputs.conf to get Windows security event logs, why am I getting error "Failed to checkpoint for channel='security'"?

How to search the time difference between start and end events for each unique event ID?

How to set up a JMS listener and get it indexed in Splunk?

Why is the deployment server not pushing updated inputs.conf configurations to forwarders automatically?

What happens in a distributed environment with auto load balancing after the minFreeSpace is reached on an indexer?

Directory / Source

Syslog logs sent but not the last

Is it possible to encrypt traffic between the forwarder and indexer, but store the collected logs in clear text?

How to set up log file monitoring on a Windows universal forwarder?

Rename fields in Props.conf?

Is there an easy way to access Microsoft specific folders for event log extraction?

timestamp in chinese charactors

Event breaking is sometimes erratic

How to create a report of all forwarders per index/sourcetype, their status (running/stopped), and amount of data pushed to that index per day?

How to manage universal forwarders remotely, and how to control a universal forwarder's RAM utilization?

How can I purge data older than say 30 days from some but not all of my indexes to free up disk space?

Auditing changes to Splunk configurations files related to users, adding/deleting files, receivers/forwarders ....

How can I retrieve the number of connections for collectd using the REST API?

is it possible to set up a script which logs in to Splunk automatically and performs a saved search or runs a query?

Why I can't access data from Splunk using REST API?

Splunk 6.2 - "Add Data Source" with Local Server Data Itself Can't See Past 2 Tiers of Folders From / (root)

Why am I getting an error installing a universal forwarder on WIndows server 2008 R2 with a Powershell script?

Should I configure line breaking for a log with XML data on the universal forwarder or indexer?

Want to see data by host

Why are my macros and search not properly filtering out data collected on weekend days from my indexes?

Index This | Divide 100 by half. What do you get?

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Splunk and Fraud

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures