Getting Data In

Discussions

Thread Info

Has anyone used Chocolatey/NuGet to install the Splunk forwarder?

We are moving towards using Chocolatey for all our server configuration (after Chef sets up base software), but when ...

by New Member in

First install problem - Use a deployment server OR a receiving indexer- Which one? Why?

Hi all, I am trialling Splunk and installing it for the first time. I have installed the main Splunk server withou...

by Explorer in

Call Toll Free @@@@^^^^ 1-888-548-0653 ^^^^@@@@ windows live mail technical support phone number?

Call Toll Free @@@@^^^^ 1-888-548-0653 ^^^^@@@@ windows live mail technical support phone numberCall Toll Free @@@@^^...

by New Member in

Why is splunkweb not starting after a new Splunk installation on Windows 8 64-bit?

I am new to splunk and i downloaded and installed splunk in my windows 8 OS-64 bit. After installation Splunkd is wor...

by New Member in

LEA Client don't connect to Check Point OPSEC LEA Server

Hello all, I try to create connection from LEA client to Check Point OPSEC LEA Server, Connection Details > C...

by Loves-to-Learn Lots in

How to change the max line length parameter before adding a line break for exporting by CSV?

Hello, I'm doing such a search: mysearch | stats dc(ip) as countip, values(ip) as valuesip | where countip > x...

by Communicator in

Which ports does Hunk use to read files? Which ports do indexers use to write files? What ports need to be open on the Hadoop/HDFS machine?

What ports need to be open on the hadoop/hdfs machine? Which ports hunk uses to read the files? Which ports the splun...

by New Member in

How to edit my search to establish protocols for various portions of a graph to reflect different values by color?

I'm working with a CSV file from salesforce. I'd like to build out a bar graph that reflects the 50 largest accounts ...

by Splunk Employee in

Why is the Splunk Universal Forwarder on my domain controllers consuming 100% CPU with error "DsBind failed"?

On more than a few of my domain controllers, the Splunk Universal Forwarder is consuming 100% CPU and spewing many er...

by Explorer in

Troubleshooting why only part of a log file was imported

I have an application that creates a separate log file every time a major process runs. I discovered a single log fil...

by Path Finder in

I'm able to gather Memory and CPU information, but why am I not seeing any LogicalDisk perfmon data using a Universal Forwarder?

Greetings, I have been building a perfmon solution for a POC that my company is about to undergo with regards to s...

by Contributor in

Is there a configuration value I can change to reduce the indexing size threshold?

Hi all, We have an indexer on our test environment that is complaining with the following error message: Search...

by Communicator in

Can Splunk Cloud index .evtx Windows event logs if I upload this directly?

Is it correct that Splunk Cloud cannot index .evtx Windows event logs in case I upload this directly?

by Engager in

Route syslog UDP data to specific index and sourcetype

Simple task and I am sure I am close here. A UDP port is open on a heavy forwarder and data is coming in to source...

by Builder in

Transfer indexed data from standalone Splunk instance to clustered index.

So we have a single standalone Splunk instance Indexer/Search Head with a year or more indexed data on it. We have...

by Builder in

Is it possible to assign EnvironmentB more of our license and EnvironmentA to a different stack on the same indexer?

We have an indexer where we have multiple environments (A and B) sending logs to this one indexer. My question: Is...

by Path Finder in

Why are some Windows Universal Forwarders not responding to any Splunk commands like 'splunk status'?

Hi, I've installed a UF on about 10 Windows machines, some desktops and some servers, and see some strange behavio...

by Communicator in

parsing specific area of a field

Hello all, just wondering if it is possible and how to do the following search? Got a field with URLs ( for exa...

by New Member in

Why is our props.conf configuration for our universal forwarder and clustered indexers not breaking events properly?

We have a few access log files from our SecureMedia application that we are attempting to ingest. I've been able to g...

by Communicator in

Is it possible to have a Splunk universal forwarder read a growing file and delete it when it's done?

Howdy, I want to ingest files on a universal forwarder that are still being written, and to delete them once the f...

by Path Finder in

How to troubleshoot why one forwarder "could not send data to output queue" after upgrading to Splunk 6.2.2?

Hey Guys I have a right one here. So I have a bunch of systems in a DMZ forwarding to a heavy forwarder that then ...

by Communicator in

Is my process to add cold storage to my Splunk 6.2.2 indexer clustering setup correct?

I'm looking to add cold storage to my Splunk 6.2.2 indexer clustering setup and just wanted to verify my process was ...

by Explorer in

Why is my TCP Input data being cut off? Is there a limit I can configure?

Hello experts, I am using the TCP input "channel" in order to get data into splunk (inputs.conf): [tcp://558] c...

by Explorer in

After creating and setting a new index in inputs.conf on the universal forwarder, why do I see no search results on the search head?

I'm trying to create a new index called 'winevents_endpoint'. I've added this index to the Search Head, Indexer, and ...

by Path Finder in

how to find n th line data using rex

Hi, how to find nth line data in an event. for example: I have to get 7th line data and needs to correlate with th...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Has anyone used Chocolatey/NuGet to install the Splunk forwarder?

First install problem - Use a deployment server OR a receiving indexer- Which one? Why?

Call Toll Free @@@@^^^^ 1-888-548-0653 ^^^^@@@@ windows live mail technical support phone number?

Why is splunkweb not starting after a new Splunk installation on Windows 8 64-bit?

LEA Client don't connect to Check Point OPSEC LEA Server

How to change the max line length parameter before adding a line break for exporting by CSV?

Which ports does Hunk use to read files? Which ports do indexers use to write files? What ports need to be open on the Hadoop/HDFS machine?

How to edit my search to establish protocols for various portions of a graph to reflect different values by color?

Why is the Splunk Universal Forwarder on my domain controllers consuming 100% CPU with error "DsBind failed"?

Troubleshooting why only part of a log file was imported

I'm able to gather Memory and CPU information, but why am I not seeing any LogicalDisk perfmon data using a Universal Forwarder?

Is there a configuration value I can change to reduce the indexing size threshold?

Can Splunk Cloud index .evtx Windows event logs if I upload this directly?

Route syslog UDP data to specific index and sourcetype

Transfer indexed data from standalone Splunk instance to clustered index.

Is it possible to assign EnvironmentB more of our license and EnvironmentA to a different stack on the same indexer?

Why are some Windows Universal Forwarders not responding to any Splunk commands like 'splunk status'?

parsing specific area of a field

Why is our props.conf configuration for our universal forwarder and clustered indexers not breaking events properly?

Is it possible to have a Splunk universal forwarder read a growing file and delete it when it's done?

How to troubleshoot why one forwarder "could not send data to output queue" after upgrading to Splunk 6.2.2?

Is my process to add cold storage to my Splunk 6.2.2 indexer clustering setup correct?

Why is my TCP Input data being cut off? Is there a limit I can configure?

After creating and setting a new index in inputs.conf on the universal forwarder, why do I see no search results on the search head?

how to find n th line data using rex

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout