Getting Data In

Discussions

Thread Info

is it possible to set up a script which logs in to Splunk automatically and performs a saved search or runs a query?

Hi, is it possible to set up a script which logs in to Splunk automatically and performs a saved search or runs a ...

by Path Finder in

Why I can't access data from Splunk using REST API?

Hello every body! I'm new and i 'd like to communicate with Splunk by REST API using "curl" comand. I tried some exam...

by New Member in

Splunk 6.2 - "Add Data Source" with Local Server Data Itself Can't See Past 2 Tiers of Folders From / (root)

I'm getting an odd error. When using Splunk 6.2.3, and trying to access files in a folder that is read/write/execute ...

by Path Finder in

Why am I getting an error installing a universal forwarder on WIndows server 2008 R2 with a Powershell script?

Out of the 37 of our servers which this processed worked successfully without issue, I am running into an error on ou...

by New Member in

Should I configure line breaking for a log with XML data on the universal forwarder or indexer?

I have a universal forwarder on a remote machine that forwards the splunk enterprise instance a log that may include ...

by New Member in

Want to see data by host

Hi, In the below given query i want to see the data by host but unable to see. Kindly suggest index=sc-perfmon ...

by Communicator in

Why are my macros and search not properly filtering out data collected on weekend days from my indexes?

I have a problem with a requirement to remove data collected on weekend days from my indexes. I can do this accuratel...

by Path Finder in

How to monitor OpenVPN connections for a standalone OpenVPN server on Ubuntu 14 LTS without PFsense?

I'm not using pfsense. I'm using the stand alone OpenVPN server on Ubuntu 14 LTS. How can I monitor OpenVPN connectio...

by New Member in

Removing an indexer from an indexer cluster, what does the "decommissioning" status for a node mean?

Hi, I want to remove an indexer from a cluster, permanently. I executed ./splunk offline --enforce-counts, and on ...

by Champion in

Is there a troubleshooting guide for universal forwarder performance?

Currently, I have a couple of universal forwarders that tend not to keep up with the data coming in. I see on the ind...

by Communicator in

owner of props.conf ?

I'm fairly new to Splunk, but I use it both at home (on openSUSE linux) and at work (redhat linux). At home, most of ...

by New Member in

How to add an external link reference into a Splunk /services/message using the Splunk REST API?

Hi guys, I'm using the REST API "/services/messages" to send a message to Splunk and it works fine. Now, I need to...

by Explorer in

How to forward events to different indexes based on universal forwarder IP address?

Hi there, I have dozens of devices forwarding data through universal forwarder to a heavy forwarder, which in turn...

by Engager in

Index Log file on demand

Hi, To avoid too much data collection, I would like Splunk to only index a log file following a manual action like...

by Communicator in

How to forward logs in gzip stored on a Windows server using a heavy forwarder?

Our proxy logs are stored in windows server in gzip format. When i installed a heavy forwarder, the logs were not get...

by New Member in

Uploading a CSV file, why am I getting error "Unable to parse timestamp" when I set source to CSV?

i am trying to upload a csv file. When I set source to CSV, I get an error "unable to parse timestamp", defaulting to...

by Explorer in

How to configure BREAK_ONLY_BEFORE to split multiline event ?

Hi Splunkers, I got the following multi-line event. # Time: 150601 17:30:31 # User@Host: sample[sample] @ SAMP...

by Contributor in

Defining timestamp on data from .csv file

I'm trying to index some data input from a .csv file. Is it possible to tell splunk to use a specific column of data ...

by Contributor in

how to specify props.conf for EPOCH timestamp in JSON object

I've events coming in JSON format with first part of the JSON data as EPOCH_START_TIME=8797994058574 ...the events ar...

by Path Finder in

What is the default thruput limit and what queue size increases are recommended for a busy Windows universal forwarder?

What is the default for thruput as it's not specified? [thruput] maxKBps = <integer> If specified and not zero, t...

by Path Finder in

the beginning and end of the event

Hello, i have logs with some event. I want see only my event. How i can remove another information. My event bigins a...

by New Member in

Why do the indexers in my distributed search environment have different numbers of splunkd.exe processes running in the Task Manager?

We have 4 indexers in our environment and on each indexer there are different number of splunkd.exe processes. 1 Inde...

by Communicator in

Collecting data via a python script, later putting it into Splunk

We have some customers which are running into memory issues, and we need to provide them a script to collect several ...

by Explorer in

Does Splunk Support IBM HPEL log ingestion

I need to ingest a hpel log file produce from IBM websphere server. I need to know does splunk support this. Any ...

by Motivator in

Why is Windows universal forwarder always sending performance stats to the main index every 10 seconds?

I am trying to forward the performance stats (CPU, Memory) from Windows Universal forwarder to Splunk Indexer on remo...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

is it possible to set up a script which logs in to Splunk automatically and performs a saved search or runs a query?

Why I can't access data from Splunk using REST API?

Splunk 6.2 - "Add Data Source" with Local Server Data Itself Can't See Past 2 Tiers of Folders From / (root)

Why am I getting an error installing a universal forwarder on WIndows server 2008 R2 with a Powershell script?

Should I configure line breaking for a log with XML data on the universal forwarder or indexer?

Want to see data by host

Why are my macros and search not properly filtering out data collected on weekend days from my indexes?

How to monitor OpenVPN connections for a standalone OpenVPN server on Ubuntu 14 LTS without PFsense?

Removing an indexer from an indexer cluster, what does the "decommissioning" status for a node mean?

Is there a troubleshooting guide for universal forwarder performance?

owner of props.conf ?

How to add an external link reference into a Splunk /services/message using the Splunk REST API?

How to forward events to different indexes based on universal forwarder IP address?

Index Log file on demand

How to forward logs in gzip stored on a Windows server using a heavy forwarder?

Uploading a CSV file, why am I getting error "Unable to parse timestamp" when I set source to CSV?

How to configure BREAK_ONLY_BEFORE to split multiline event ?

Defining timestamp on data from .csv file

how to specify props.conf for EPOCH timestamp in JSON object

What is the default thruput limit and what queue size increases are recommended for a busy Windows universal forwarder?

the beginning and end of the event

Why do the indexers in my distributed search environment have different numbers of splunkd.exe processes running in the Task Manager?

Collecting data via a python script, later putting it into Splunk

Does Splunk Support IBM HPEL log ingestion

Why is Windows universal forwarder always sending performance stats to the main index every 10 seconds?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

sc4s app_parsers don't seem to work

Streamfwd drops IPFIX data with “no template recei...

a problem in Splunk UBA Installation

Forwarding all logs from HF to third-party using s...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!