Getting Data In

Discussions

Thread Info

what happens to old events when props.conf is modified?

Log files for a sourcetype called "logx" are being forwarded to my Splunk enterprise using forwarders from a few diff...

by New Member in

Find Current logged in users in Splunk 6, query works for 5.x

Hi All, I have been using below query to get the list of users currently logged into my Splunk Instance. | rest...

by Revered Legend in

How to replace the host in the event with the output from an event?

We have a script running on <script-server> which produces the output as below. We are getting service stats running ...

by Path Finder in

How to replace the host in WinEventLog with the ComputerName field?

My goal is to replace the host in WinEventLog events with the ComputerName field. The data is being forwarded from an...

by Contributor in

c# Remote access using SPLUNK API

So I have a Splunk server on Linux. I can log in from Windows chrome browser (https) to my (NOT ADMIN) account, but I...

by Explorer in

Can you index images with Splunk?

Is it possible to index images in splunk? I want to gather logs from a certain location, so I specified an index lik...

by Path Finder in

how to calculate the percentage bandwidth utilization for both incoming and outgoing traffics from a switch/router?

Trying to calculate the percentage bandwidth utilization on each link -How can I achieve that? index=snmp dst_devi...

by Path Finder in

For those of you with large deployments, how big are your indexer clusters and what are the limits?

I'm very curious. For those of you with large installs, how big are your clusters? Where are the limits? If greater t...

by Explorer in

What is the queue named "aeq" and how to increase its max_size_kb?

We have an older RedHat 5.6 box running the Splunk Universal Forwarder 5.0.2 processing a few directories with many *...

by Path Finder in

Will running command ./splunk splunkd-port 8089 on Windows server with UF change the UF port to 8089?

I currently am having issues collect logs from a windows server that has the UF. I think the issue might be that the ...

by Path Finder in

WinPrintMon not logging page_printed correctly

I have a universal forwarder installed on my print server. I am collecting [WinPrintMon://job] type=job disabled=0 i...

by Builder in

Why are we not receiving Windows event logs from our domain controller and getting error "Admin handler 'win-wmi-enum-eventlogs' not found"?

When setting up a Splunk forwarder for monitoring a Windows server, we receive performance metrics, but not Windows e...

by New Member in

After upgrading our Splunk indexers from 6.2.2 to 6.2.4, why did the splunkd service stop twice and had to be restarted?

Hello, Two days ago, we upgraded the Splunk version on our indexers from 6.2.2. to 6.2.4. However, we are facing a...

by Communicator in

How do I configure Splunk to recognize the non-standard timestamp format in my log file?

Hi All, I'm trying to Upload a file/log using the 'Add Data' -> 'upload' in Splunk Web. Unfortunately, as per most...

by Path Finder in

Indexing process

Hi guys! How can I look at indexing process? Can I see what splunk is indexing file by file. Because it looks like...

by Path Finder in

How do I index a simple http URL request in Splunk Light?

Our web PHP error and access logs are available only at a simple http URL request. How can I get these into Splunk Li...

by New Member in

Syslog File Monitor - Issues with multiple monitor paths

For some reason the inputs.conf is not liking how I am giving it two monitor paths with wildcards in the same set of ...

by Communicator in

Why are my UDP inputs not showing up in my metrics.log?

Hi all, I would like to know.... I have a functional index named "phone" I have 120 IP (with no host) defined i...

by Path Finder in

If I have an application writing the same logs to two servers, can we run a forwarder on both and configure an indexer to only index events from one?

I have an application which writes the same log to two servers. They act as each other's backup during maintenance sc...

by Path Finder in

Do you have any recommendations for Universal forwarder settings that would ease the resource usage for Universal Forwarders loaded on AWS micro servers?

One of our user applications utilizes over 50% Micro Servers in AWS. The micros meet the minimum requirements for Spl...

by New Member in

Filter Events per EventID

Hi Splunkers, I am relatively new to splunk so I just have an basic knowledge and I apologize if my question is an...

by Explorer in

Indexer not filtering forwarded events

So. We have recently changed MSSPs, and we are going to be forwarding events to them from our Splunk instance. We hav...

by Engager in

Dealing with key/value pairs with inconsistent key case

Our set up is like this.. On all of our servers, we collect a "contacts" file we use to keep track of what functio...

by Communicator in

Is it possible to change the default output CSV file location/path?

Hi Exports , I need to find a way to export the csv file to a specific location/path after searching. Somebody ...

by Explorer in

How to use 24-hour clock in the US Local?

Using SPLUNK 6.2.1 - How do I display all my date/times using the 24-hour clock? I want to keep the US Local for the ...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

what happens to old events when props.conf is modified?

Find Current logged in users in Splunk 6, query works for 5.x

How to replace the host in the event with the output from an event?

How to replace the host in WinEventLog with the ComputerName field?

c# Remote access using SPLUNK API

Can you index images with Splunk?

how to calculate the percentage bandwidth utilization for both incoming and outgoing traffics from a switch/router?

For those of you with large deployments, how big are your indexer clusters and what are the limits?

What is the queue named "aeq" and how to increase its max_size_kb?

Will running command ./splunk splunkd-port 8089 on Windows server with UF change the UF port to 8089?

WinPrintMon not logging page_printed correctly

Why are we not receiving Windows event logs from our domain controller and getting error "Admin handler 'win-wmi-enum-eventlogs' not found"?

After upgrading our Splunk indexers from 6.2.2 to 6.2.4, why did the splunkd service stop twice and had to be restarted?

How do I configure Splunk to recognize the non-standard timestamp format in my log file?

Indexing process

How do I index a simple http URL request in Splunk Light?

Syslog File Monitor - Issues with multiple monitor paths

Why are my UDP inputs not showing up in my metrics.log?

If I have an application writing the same logs to two servers, can we run a forwarder on both and configure an indexer to only index events from one?

Do you have any recommendations for Universal forwarder settings that would ease the resource usage for Universal Forwarders loaded on AWS micro servers?

Filter Events per EventID

Indexer not filtering forwarded events

Dealing with key/value pairs with inconsistent key case

Is it possible to change the default output CSV file location/path?

How to use 24-hour clock in the US Local?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions