Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
devinmclean

Why am I getting an SSL Unknown Protocol Error trying to receive data from a universal forwarder on my indexer?

I'm getting the following error when trying to receive data from a universal forwarder on my indexer: (log from inde...
by devinmclean Path Finder in Getting Data In 08-10-2015
0 12
0
12
shariinPH

Why is latest data in monitored paths in my Windows folders not getting indexed?

I am monitoring certain paths in my Windows folders.. I have already done the following: Put crcSalt on my inputs.con...
by shariinPH Contributor in Getting Data In 08-10-2015
0 8
0
8
sundaresh83

Issue with deployment app creation

To create a deployment app I create a directory under the deployment-apps using the mkdir command say "def". Under th...
by sundaresh83 Explorer in Getting Data In 08-10-2015
1 1
1
1
kurtgad

Why do some logs stop forwarding while others continue ?

In our environment, our application logs all go to a single log folder divided by application. Ex... /scratch/conte...
by kurtgad New Member in Getting Data In 08-10-2015
0 1
0
1
Federica_92

Why is my installation script running Splunk as root instead of the new "splunk" user I created?

Hi everyone, I created a script to install the splunkforwarder on the clients. The script is called on the main ind...
by Federica_92 Communicator in Getting Data In 08-10-2015
0 11
0
11
cleartext

How can I parse bacticks/grave accents (`) in syslog?

Hi, I have a log that separate using Grave Accent 3`0`1`1`1dk3ad`1020`20140301`10:53:37`1`17`140219185904`172.3.19...
by cleartext New Member in Getting Data In 08-09-2015
0 2
0
2
rrmavani

Will our current configuration work for monitoring our application logs and changing the sourcetype?

Hello Splunk Guru, In our environment, we have many Universal forwarders, few indexers and couple of search heads. ...
by rrmavani Engager in Getting Data In 08-09-2015
0 1
0
1
sc0tt

Summary indexes and multiple time zones

In an environment that provides reporting across many different time zones, should summary searches run under a user ...
by sc0tt Builder in Getting Data In 08-09-2015
0 1
0
1
will_paxata

In Splunk Cloud, how do I delete data?

For example, I want to run a query: host="localhost" | delete But I am given the error: "Error in 'delete' command...
by will_paxata Explorer in Getting Data In 08-07-2015
0 1
0
1
redc

"Reindex" data on new indexer

We are about to transition from using Windows servers to run Splunk to using Linux servers. On the day we make the s...
by redc Builder in Getting Data In 08-07-2015
0 5
0
5
bgamblin

How can I use a universal forwarder to send log files in specific directory to ArcSight?

I am already sending *.debug syslog data to an ArcSight connector in rsyslog.conf. Now they want to monitor some appl...
by bgamblin Explorer in Getting Data In 08-07-2015
0 1
0
1
thesame

How can I get a list of subdirectories from a virtual index without having to retrieve events?

The metadata command does not work for virtual indexes used by Hunk. My goal is to get a list of values from items e...
by thesame Engager in Getting Data In 08-07-2015
0 5
0
5
Abilan1

If I installed a universal forwarder with a local system account, is it possible to change to a domain account without uninstalling the forwarder?

Hi , I have installed a Universal Forwarder with a local system account, but now I want to make it in a domain accou...
by Abilan1 Path Finder in Getting Data In 08-06-2015
0 5
0
5
HeinzWaescher

How to tell Splunk which fields are numbers in an uploaded .txt file?

Hi, I've create a sourcetype for uploading .txt files and use the headers as field names. Currently, all values are ...
by HeinzWaescher Motivator in Getting Data In 08-06-2015
1 5
1
5
Abilan1

Is it possible to forward logs to an indexer from a mapped drive using a universal forwarder?

Hi, I have installed the Splunk universal forwarder on my machine and I have also mapped on the remote server to thi...
by Abilan1 Path Finder in Getting Data In 08-06-2015
0 16
0
16
pinVie

Why does splunk adds a Timestamp to _raw if there already is a valid one.

Hello, I have the following problem and I don't really know where to look next in order to find the issue. I have...
by pinVie Path Finder in Getting Data In 08-06-2015
0 3
0
3
cipherjake

Splunk インストール時にLocal Userをother userに設定できない

Splunkインストールについて教えてください。 [質問内容] ・インストール時にLocal Userをother userに設定できるのか? ・SplunkサービスはPCのローカルユーザーはサポートされているのか? [環境] S...
by cipherjake Explorer in Getting Data In 08-06-2015
0 1
0
1
tdiestel

How to specify a specific field to use as time field while indexing json data

I need to know how to specify to Splunk to pick a particular field in the data as Time while indexing the data. My da...
by tdiestel Path Finder in Getting Data In 08-06-2015
1 2
1
2
jprashanth_splu

How do we ingest data from Jive into Splunk for analysis.

Whats the process to ingest data from Jive to Splunk for data analysis. Are there any add-on or apps available. Also ...
by jprashanth_splu Splunk Employee Splunk Employee in Getting Data In 08-06-2015
0 3
0
3
yAlff

Can props.conf and indexes.conf be split for more clear structure?

Hi, as mentioned in the title I'm wondering, if the props.conf or indexes.conf can be split for a more clear structur...
by yAlff Path Finder in Getting Data In 08-06-2015
0 4
0
4
cebo_myeza

What is the suggested amount of space needed in the Splunk syslog server to collect logs from 700-1000 network devices?

I am working on a Splunk project for collecting syslogs from the company network devices, so now I want to implement ...
by cebo_myeza Path Finder in Getting Data In 08-06-2015
0 8
0
8
SirHill17

Is it possible to change the current port (8089) of communication between the forwarder and the deployment server?

Hi, I would like to know if it is possible to change the port of communication between the forwarder and its deploym...
by SirHill17 Communicator in Getting Data In 08-06-2015
0 2
0
2
klutzen

Heavy Forwarder Pulling Windows events: blacklist not working

Blacklists and suppress_text in Splunk 6.2.4 are not working for me on a heavy forwarder. my inputs.conf is: [scrip...
by klutzen Explorer in Getting Data In 08-05-2015
0 6
0
6
splunkIT

Index time props and transforms not working

I have the following props & transforms in splunk dev and prod environment monitoring the same set of iis logs: prop...
by splunkIT Splunk Employee Splunk Employee in Getting Data In 08-05-2015
0 3
0
3
Abilan1

Why is my application log not getting created after we installed a universal forwarder?

Hi , We have installed one third party tool in our server and we wanted to forward those tool logs to a Splunk index...
by Abilan1 Path Finder in Getting Data In 08-05-2015
0 1
0
1
Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
Top Solution Authors
View All