Getting Data In

Discussions

Thread Info

Is there any way to pass more metadata to the deployment server from universal forwarders?

Is there any way to pass more metadata to a deployment server from universal forwarders? I'm thinking either key/valu...

by New Member in

Splunk 6.1 how to find a listing of local admins on all workstations and servers

Hey guys, I was wondering if there is a search that would list all local admin accounts on a workstation or server...

by Path Finder in

How to prevent fields automatically extracted by DB Connect from being truncated?

Hello, we just started using dbconnect and both my users complain that field values extracted by Splunk are truncated...

by Path Finder in

How to get the data from remote server through universal forwarder?

Hi All, We dont have splunk enterprise installed on windows 2008 R2 server. We have installed the Splunk Universal...

by Explorer in

How to format output of REST API using .Net.WebClient in Powershell?

I have the following script. I am trying to format the output to CSV format, not HTML. Unfortunately the Output_Mode=...

by Engager in

How to prevent the indexing of particular error. Is it possible to filter by Message?

I can't quite find a way to block this particular event from being indexed. Blacklisting doesn't seem to be an option...

by Path Finder in

How to configure different sourcetypes for logs in the same directory?

Hi, I've got the following directory structure: c:\Logs\<system> At the moment, inputs.conf for application...

by Communicator in

How to add new deployment clients to a Server Class?

Hi All, New to this, but getting on ok. I'm just a little confused about new client PCs or Servers being added to...

by New Member in

Why are Windows Event Logs from a Windows Server 2003 missing a value for the Message field for some EventCodes (628 and 644)?

Some events (628 and 644) of a Windows 2003 are coming in with an empty Message field. ex: LogName=Security Sou...

by Explorer in

Why would indexers in our indexer cluster suddenly start consuming 100% CPU?

We have an indexer clustering Splunk environment, and recently, all our indexers are consuming 100% CPU. Not sure wha...

by Explorer in

Splunk DB Connect MS SQL DB - Connection refused

I am getting the following error while I am tring to connect Microsoft SQL database, Encountered the following err...

by Communicator in

connecting Rest API from R

Hi, I am trying to perform search using rest api from R language. This is the curl I am using which is available i...

by New Member in

I am getting this error while uploading my app "the icon found in the package is not a valid png file"

Friends, I have followed the details at following link, but still I am getting this error "the icon found in the p...

by Path Finder in

How to Upload an App?

I am a newbie and have inherited a Splunk installation. I downloaded the License Usage app and want to use of it in m...

by New Member in

How to blacklist specific hosts so Splunk will not index their IIS logs in our "iis" index?

I have an index called "iis". How can I blacklist some specific hosts so that Splunk would not process iis logs fo...

by New Member in

Why is a specific file type still being indexed with my inputs.conf whitelist configuration?

Here's my stanza: [monitor:///opt/stash/logs/] blacklist = \.gz$ disabled = false followTail = 0 index = stash_pp ...

by New Member in

My scripted input is working, but why is it assigning an incorrect hostname for 1 of 6 target hosts?

I have a simple scripted input that runs a powermt command periodically. <apps>/powermt/bin/powermt.sh #!/bin/b...

by Path Finder in

jflow support in splunk

Hi, There is a way or app to get jflow from Juniper MX or M routers ? thx for help

by New Member in

How do I filter events into 2 environments?

I have an old environment (5.0) and new environment (6.2.1). I have heavy forwarders in the new environment collectin...

by Path Finder in

Using inputlookup .csv, how do we get columns to display in the same order as the CSV file, not alphabetical?

I'm using a few .csv files for lookups. When I display the .csv files, the column order is alphabetical. Is there a w...

by Path Finder in

Using a shell script to collect data on a universal forwarder, what do I need to configure in inputs and outputs.conf?

Universal Forwarder-> Heavy Forwarder -> Indexer We have a universal forwarder which is sitting on a different domain...

by Communicator in

Is there a way for a universal forwarder to monitor Environment Variables?

I am trying to determine if there is a way for the Splunk Universal Forwarder to monitor environmental variables. We ...

by Path Finder in

How to combine duplicate fields in the same event into one field?

Hey Guys, I have events that contains the same field, like so: 12/08/2015 1:03:03 PM Server="exchange" User="ad...

by New Member in

Linebreaking and event date in text file

We have a text file to log row counts for CSV files used in an ETL job. The format of the file is like this: 08/30...

by Path Finder in

How to configure props.conf to break JSON into events and get the correct timestamp?

Hi all. I'm getting some JSON files from API figures. This is what I receive: "2015-08-02": { "downloads"...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is there any way to pass more metadata to the deployment server from universal forwarders?

Splunk 6.1 how to find a listing of local admins on all workstations and servers

How to prevent fields automatically extracted by DB Connect from being truncated?

How to get the data from remote server through universal forwarder?

How to format output of REST API using .Net.WebClient in Powershell?

How to prevent the indexing of particular error. Is it possible to filter by Message?

How to configure different sourcetypes for logs in the same directory?

How to add new deployment clients to a Server Class?

Why are Windows Event Logs from a Windows Server 2003 missing a value for the Message field for some EventCodes (628 and 644)?

Why would indexers in our indexer cluster suddenly start consuming 100% CPU?

Splunk DB Connect MS SQL DB - Connection refused

connecting Rest API from R

I am getting this error while uploading my app "the icon found in the package is not a valid png file"

How to Upload an App?

How to blacklist specific hosts so Splunk will not index their IIS logs in our "iis" index?

Why is a specific file type still being indexed with my inputs.conf whitelist configuration?

My scripted input is working, but why is it assigning an incorrect hostname for 1 of 6 target hosts?

jflow support in splunk

How do I filter events into 2 environments?

Using inputlookup .csv, how do we get columns to display in the same order as the CSV file, not alphabetical?

Using a shell script to collect data on a universal forwarder, what do I need to configure in inputs and outputs.conf?

Is there a way for a universal forwarder to monitor Environment Variables?

How to combine duplicate fields in the same event into one field?

Linebreaking and event date in text file

How to configure props.conf to break JSON into events and get the correct timestamp?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions