Getting Data In

Ask a Question

Discussions

Thread Info

help with line-breaking

Hi, I have a feed coming in from db connect, which I can't get to line-break properly. My props is: [Performan...

by Champion in

How to encrypt communication between a universal forwarder and heavy forwarder?

I am not able to configure heavy forwarder inputs.conf file to receive encrypted traffic. 1) config inputs.conf on...

by Path Finder in

How to use the where clause and wildcard to filter results?

Hi, I am trying to run this search without success (the search runs however there are 0 results) sourcetype=dhc...

by Path Finder in

Is it possible to add an option to the UI in Simple XML to allow users to select a file or folder and run a oneshot python script to index it?

Hello, I am working on an App that will allow users to select a file or folder and then call a python script in th...

by Path Finder in

Correlate logs when time order is inconsistent

I have spent a lot of time trying to get something that works perfectly here, and I just can't get more than partial ...

by New Member in

Wrong time offset in indexed data

Hello. There is a few cisco routers are sending syslogs via UDP to splunk server. Earlier everything was ok, but rece...

by New Member in

extract time from events but date from modification time

Hello, I've read Precedence rules for timestamp assignment. What I want is to extract time)(hour,minute,second,...

by Path Finder in

encrypt splunk deployment server and client communication

I went through security guide and blogs on splunk , but I am still not clear how to encrypt communication between spl...

by Path Finder in

How can we monitor a CIFS Filesystem and its host (storage server) through splunk enterprise?

I am having a storage server and have created a CIFS filesystem on that which is mounted to a Windows server on which...

by New Member in

Exception logging by time

Hey Guys, I'm having problems analyzing log files, which are printing out exceptions, traces and exceptions that a...

by New Member in

email not sending from windows search head

From splunkd.log 05-29-2015 07:53:02.696 -0700 ERROR HttpListener - Handler for /en-US/api/shelper?snippet=true&sn...

by Communicator in

How to troubleshoot why a universal forwarder is not forwarding contents of a file?

Beating my head off this one guys. I'm simply trying to forward several logs from my SEPM (SYmantec EndPoint Manager)...

by Path Finder in

Record Delimeters

I'm running free version 4.2.3. I have an email archive that I'm pre-processing the data to allow for key=value setti...

by New Member in

What is the best way to migrate old data from a single Splunk server to a new cluster?

Is there any way to point my old Splunk server at the new cluster and have it forward all of my previously indexed ev...

by Builder in

Props.conf and time_format, what am I missing

I'm missing something, not sure what...I've got some GMT timestamped logs that Splunk didn't magically guess correctl...

by Contributor in

Extracting time zone and other info from header of a log and apply them to events in same log

Hello Splunk experts, my log files are structured in the following way: 09032011 12:23:34.567 App name: TestApp01...

by Explorer in

Is it possible to have 1 forwarder forward data to 2 different groups of indexer clusters?

Hi splunkers, Good day! I just want to ask some opinion what is the best way I can do or is it possible to achieve...

by Communicator in

Addition of '=' between events

Hi all , I have a indexes which is capturing logs in real time. However i have observed a strange thing happening ...

by Path Finder in

Splunk initial indexing not behaving as expected

I'm setting up a fresh new Splunk server and am re-indexing my data from scratch. Syslog data is being sent to my ...

by Builder in

sending only part of logs to server

Hi, I have been trying to extract a part of my events in logs before they are sent to indexing server. I trying wi...

by Explorer in

Is it possible to have multiple sourcetypes point to one props.conf?

I am working with application data that has the same exact format across several applications. The sourcetypes are ba...

by Path Finder in

Why are events not being indexed into the indexes specified in the inputs.conf on my Windows universal forwarder?

Hi guys, I have one Universal Forwarder that has a deployed app from the deployment server. Inside the inputs.conf...

by Explorer in

How do I filter out parts of my sample log and only index a portion of the message for an event?

I have a log with a long message. i need to cut it from A to B and, if it possible, not to show other events to work ...

by New Member in

Why does my distributed management console show 0 deployment clients?

Hi, I have configured my universal forwarder as a deployment client and my search head as a " deployment server" ...

by Contributor in

Size discrepency between file system and named pipe

One of our Splunk environments receives data from a FIFO pipe. That is, syslog-ng takes incoming syslog data and send...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

help with line-breaking

How to encrypt communication between a universal forwarder and heavy forwarder?

How to use the where clause and wildcard to filter results?

Is it possible to add an option to the UI in Simple XML to allow users to select a file or folder and run a oneshot python script to index it?

Correlate logs when time order is inconsistent

Wrong time offset in indexed data

extract time from events but date from modification time

encrypt splunk deployment server and client communication

How can we monitor a CIFS Filesystem and its host (storage server) through splunk enterprise?

Exception logging by time

email not sending from windows search head

How to troubleshoot why a universal forwarder is not forwarding contents of a file?

Record Delimeters

What is the best way to migrate old data from a single Splunk server to a new cluster?

Props.conf and time_format, what am I missing

Extracting time zone and other info from header of a log and apply them to events in same log

Is it possible to have 1 forwarder forward data to 2 different groups of indexer clusters?

Addition of '=' between events

Splunk initial indexing not behaving as expected

sending only part of logs to server

Is it possible to have multiple sourcetypes point to one props.conf?

Why are events not being indexed into the indexes specified in the inputs.conf on my Windows universal forwarder?

How do I filter out parts of my sample log and only index a portion of the message for an event?

Why does my distributed management console show 0 deployment clients?

Size discrepency between file system and named pipe

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures