Getting Data In

Community Activity

Splunk overwrites outputs.conf and inputs.conf on reboot Greetings! I'm trying to set up a splunk forwarder to use ssl between it and the indexer. I am only interested in e... by wheatstraw Explorer in Getting Data In 09-15-2015 2 8	2	8
When will search head clustering be available for windows? (Officially Supported) Looking for an ETA for when windows gets Search head clustering. Splunk does not currently support search head clus... by MartinMcNutt Communicator in Getting Data In 09-15-2015 0 1	0	1
Splunk is adding weird strings like "_linebreaker\x00\x00" to my events, what is going on? Before forwarding data I checked to see if it was indexing properly and it seemed to have no problems. However, once ... by jbsplunk Splunk Employee in Getting Data In 09-15-2015 8 8	8	8
Why does configuring props.conf with DATETIME_CONFIG = NONE cause less events to be indexed from Tomcat logs? I discovered this quite by accident while testing with a sample of Tomcat logs. If I index them without customizin... by lycollicott Motivator in Getting Data In 09-15-2015 0 6	0	6
Getting Error while doing MS Sql connection : Encountered the following error while trying to save: In handler 'databases': Error connecting to database: java.sql.SQLException: Network error IOException: Connection refused: connect I'm currently getting this error while doing trying to create an MS SQL connection: Encountered the following error... by rupesh_patil20 Path Finder in Getting Data In 09-15-2015 0 4	0	4
Can I add an Index-Cluster to a Multisite-Index-Cluster Hello all, I currently have a quite big splunk infrastructure with a multisite cluster (5 sites) each site has two ... by pinVie Path Finder in Getting Data In 09-14-2015 0 3	0	3
How and where do I configure props and transforms to forward a few events into a particular index by host? Hi, I have 4 forwarders, 4 search heads, and 2 forwarders in my Splunk cluster. Now one of the forwarders is configu... by allan_newton Path Finder in Getting Data In 09-14-2015 0 2	0	2
assign sourcetype based upon file name Hi, Is there a way to dynamically assign sourcetype based upon input filename? by a212830 Champion in Getting Data In 09-14-2015 1 3	1	3
How to configure props.conf for proper line breaking of Syslog data in Splunk? Our syslog data in Splunk is showing up with at least 1% of the results with incorrect line breaking. We have tried t... by iherre312 Explorer in Getting Data In 09-14-2015 1 3	1	3
Is there a bug in Splunk 6 with adding an attribute of an object in data models for a JSON field name containing curly brackets? I'm trying to create an object and add some auto-extracted attributes. Some field names contain curly braces because ... by dominicwood Engager in Getting Data In 09-14-2015 2 1	2	1
How to configure Splunk to ignore a timestamp to count two lines of data as one event? Here is a sampling of the log data. Lines 1-3 had no issues, but line 4 issues a warning and dumps the problem onto l... by MikeBertelsen Communicator in Getting Data In 09-14-2015 0 5	0	5
frozenTimePeriodInSecs and coldToFrozenScript frozenTimePeriodInSecs….if you set this to seconds and set a frozen path….is this enough to freeze data? Do I always... by DazzedNConfused New Member in Getting Data In 09-14-2015 0 1	0	1
Why is one Microsoft Windows Security event shows up as thousands of events? Started forwarding two specific IAS Security events to Splunk. My inputs.conf stanza on the Universal Forwarder is be... by mjkenney Explorer in Getting Data In 09-14-2015 0 2	0	2
How to exclude duplicate events from beign summary indexed Hello, i have log comming in, which i use to create summary index, here is the flow: i get some logs locatio... by desi New Member in Getting Data In 09-14-2015 0 2	0	2
How to handle a daily changing CSV file and avoid indexing duplicate events/rows? Hi, I have daily growing CSV file that I want to index. Just importing it every day would end up in a lot a duplicat... by HeinzWaescher Motivator in Getting Data In 09-14-2015 0 3	0	3
Find time of latest event type without streaming all data from indexer The time of the latest log record for a specific customer can be retrieved and used as the output from a subsearch wi... by plaxos Explorer in Getting Data In 09-13-2015 0 4	0	4
file size impact continuous monitoring in splunk? Hi, I have single file where I am writing all my logs and its size reached to 300 MB. I am seeing that some logs tha... by rameshlpatel Communicator in Getting Data In 09-12-2015 0 4	0	4
Is it possible to configure a universal forwarder to send data to two different indexes on the same indexer? As part of some custom requirement we need to forward the same data to two different indexes on same physical indexer... by badrinath_itrs Communicator in Getting Data In 09-12-2015 0 8	0	8
How to troubleshoot why my universal forwarder is showing Splunk Cloud hosts as inactive? Hello, I have installed and used the Splunk universal forwarder to successfully forward my data to my local Splunk E... by pkurt Path Finder in Getting Data In 09-11-2015 0 2	0	2
Why do I get a timeout when trying to connect to Splunk Cloud from the Splunk Javascript SDK? I get a timeout when trying to connect using my splunk cloud instance URL and port 8089. Is this supported? I want t... by luisatworkpop New Member in Getting Data In 09-11-2015 0 1	0	1
Unable to add TCP Data Inputs in Splunk Cloud Hi, I'm using Splunk Cloud and I'm unable to add a new Data Input. I'm entering all the required fields but when I c... by bobbyavn Engager in Getting Data In 09-11-2015 5 2	5	2
How to filter logs with the word "version" to nullQueue on the Splunk Cloud Sandbox? I'm trying to filter logs with the 'version' word, and send them to the nullQueue. First of all, i'm using the Unive... by andremidea Engager in Getting Data In 09-11-2015 0 5	0	5
Why am I unable to get a Splunk forwarder and indexer to talk over SSL using a non-default CA? Hey all, I'm having a really tough time getting my forwarders and indexer to talk over SSL using a non-default CA. ... by ryanleerally Explorer in Getting Data In 09-11-2015 0 2	0	2
Unable to delete data from Splunk Cloud trial Hi, I managed to import the tutorial data twice into my Splunk Cloud sandbox trial (once into the wrong place). So co... by nickblack New Member in Getting Data In 09-11-2015 0 3	0	3
How to install and configure a Windows forwarder on premises and use Splunk Cloud to analyze SQL Server logs? Hi, The manager of mine isstarting out a Splunk project and is asking how expensive would it be to install and oper... by artemf New Member in Getting Data In 09-11-2015 0 1	0	1

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Getting Data In

Splunk overwrites outputs.conf and inputs.conf on reboot

When will search head clustering be available for windows? (Officially Supported)

Splunk is adding weird strings like "_linebreaker\x00\x00" to my events, what is going on?

Why does configuring props.conf with DATETIME_CONFIG = NONE cause less events to be indexed from Tomcat logs?

Getting Error while doing MS Sql connection : Encountered the following error while trying to save: In handler 'databases': Error connecting to database: java.sql.SQLException: Network error IOException: Connection refused: connect

Can I add an Index-Cluster to a Multisite-Index-Cluster

How and where do I configure props and transforms to forward a few events into a particular index by host?

assign sourcetype based upon file name

How to configure props.conf for proper line breaking of Syslog data in Splunk?

Is there a bug in Splunk 6 with adding an attribute of an object in data models for a JSON field name containing curly brackets?

How to configure Splunk to ignore a timestamp to count two lines of data as one event?

frozenTimePeriodInSecs and coldToFrozenScript

Why is one Microsoft Windows Security event shows up as thousands of events?

How to exclude duplicate events from beign summary indexed

How to handle a daily changing CSV file and avoid indexing duplicate events/rows?

Find time of latest event type without streaming all data from indexer

file size impact continuous monitoring in splunk?

Is it possible to configure a universal forwarder to send data to two different indexes on the same indexer?

How to troubleshoot why my universal forwarder is showing Splunk Cloud hosts as inactive?

Why do I get a timeout when trying to connect to Splunk Cloud from the Splunk Javascript SDK?

Unable to add TCP Data Inputs in Splunk Cloud

How to filter logs with the word "version" to nullQueue on the Splunk Cloud Sandbox?

Why am I unable to get a Splunk forwarder and indexer to talk over SSL using a non-default CA?

Unable to delete data from Splunk Cloud trial

How to install and configure a Windows forwarder on premises and use Splunk Cloud to analyze SQL Server logs?

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation