Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
fredkaiser

Is it possible to assign EnvironmentB more of our license and EnvironmentA to a different stack on the same indexer?

We have an indexer where we have multiple environments (A and B) sending logs to this one indexer. My question: Is t...
by fredkaiser Path Finder in Getting Data In 06-23-2015
0 2
0
2
pdjhh

Why are some Windows Universal Forwarders not responding to any Splunk commands like 'splunk status'?

Hi, I've installed a UF on about 10 Windows machines, some desktops and some servers, and see some strange behaviour...
by pdjhh Communicator in Getting Data In 06-23-2015
0 6
0
6
angelboshnakov

parsing specific area of a field

Hello all, just wondering if it is possible and how to do the following search? Got a field with URLs ( for example...
by angelboshnakov New Member in Getting Data In 06-23-2015
0 3
0
3
burras

Why is our props.conf configuration for our universal forwarder and clustered indexers not breaking events properly?

We have a few access log files from our SecureMedia application that we are attempting to ingest. I've been able to ...
by burras Communicator in Getting Data In 06-23-2015
0 6
0
6
acidkewpie

Is it possible to have a Splunk universal forwarder read a growing file and delete it when it's done?

Howdy, I want to ingest files on a universal forwarder that are still being written, and to delete them once the fil...
by acidkewpie Path Finder in Getting Data In 06-23-2015
0 1
0
1
AaronMoorcroft

How to troubleshoot why one forwarder "could not send data to output queue" after upgrading to Splunk 6.2.2?

Hey Guys I have a right one here. So I have a bunch of systems in a DMZ forwarding to a heavy forwarder that then fo...
by AaronMoorcroft Communicator in Getting Data In 06-23-2015
0 8
0
8
serwin

Is my process to add cold storage to my Splunk 6.2.2 indexer clustering setup correct?

I'm looking to add cold storage to my Splunk 6.2.2 indexer clustering setup and just wanted to verify my process was ...
by serwin Explorer in Getting Data In 06-23-2015
0 1
0
1
MemoreX42

Why is my TCP Input data being cut off? Is there a limit I can configure?

Hello experts, I am using the TCP input "channel" in order to get data into splunk (inputs.conf): [tcp://558] conne...
by MemoreX42 Explorer in Getting Data In 06-23-2015
1 2
1
2
nce054

After creating and setting a new index in inputs.conf on the universal forwarder, why do I see no search results on the search head?

I'm trying to create a new index called 'winevents_endpoint'. I've added this index to the Search Head, Indexer, and ...
by nce054 Path Finder in Getting Data In 06-23-2015
1 10
1
10
srinathd

how to find n th line data using rex

Hi, how to find nth line data in an event. for example: I have to get 7th line data and needs to correlate with the ...
by srinathd Contributor in Getting Data In 06-23-2015
0 2
0
2
johnwl

Active forwards don't forward data to Splunk Cloud instance

I use username: admin and password: changeme to log in to my Splunk universal forwarder. I am trying to forward logs...
by johnwl Explorer in Getting Data In 06-22-2015
0 7
0
7
judenaidoo

How to push Windows event and security logs to a *NIX Splunk server without deploying forwarders on the Windows servers?

According to my understanding, WMI as a pull agent is available on Windows' deployment of Splunk only. What are the...
by judenaidoo New Member in Getting Data In 06-22-2015
0 2
0
2
SwatiApte

Why is the same timestamp getting indexed differently in two different Splunk servers?

Hi, I am using DBConnect to fetch two timestamps from an Oracle database table, let's call them TS1 and TS2, having ...
by SwatiApte Path Finder in Getting Data In 06-22-2015
0 15
0
15
kulamani

Why am I unable to install the Splunk 6.2.3 free version on a Windows 7 64 bit machine with error "setup wizard ended prematurely..."

When I start installation process, it copies files and at the end point. it starts a roll back action and gives an er...
by kulamani Engager in Getting Data In 06-22-2015
0 1
0
1
johnc_ncc

How to permanently adjust the timezone for IIS logs in Splunk Light on Windows?

Hi, I am using Splunk Light for Windows, and I have imported some IIS Logs files, but the timezone is out by an hour...
by johnc_ncc New Member in Getting Data In 06-22-2015
0 1
0
1
deepthi5

How to index data from the directory based on the log created date in SPLUNK?

Hi Team, I have a couple of logs to be monitored daily from a directory called LOG. The log name is error log.0, err...
by deepthi5 Path Finder in Getting Data In 06-22-2015
0 1
0
1
nce054

How to configure my Marimba data input on a heavy forwarder to filter out some of the monitored logs?

I am currently trying to use my Marimba data gathered from the Endpoint tuner in Splunk. On my Universal Forwarder, I...
by nce054 Path Finder in Getting Data In 06-22-2015
0 5
0
5
lsolberg

Make Splunk stop learning sourcetypes!

Hi In this setup, we have servers for each universal-forwarder -> forwarder -> indexer -> searchhead. I am testing ...
by lsolberg Path Finder in Getting Data In 06-21-2015
3 1
3
1
thejohn

Windows host and source types not shown in search

I had to reinstall my universal forwarder on windows server and splunk stopped showing new messages. So deleted all m...
by thejohn Path Finder in Getting Data In 06-21-2015
0 4
0
4
Cuyose

Monitor directory with wildcards but not recursively

Splunk documentation is incorrect, as it states you should be able to do something like this : [monitor:///ebs/*/var...
by Cuyose Builder in Getting Data In 06-21-2015
0 1
0
1
mikehodges01

After upgrading from Splunk 6.1.3 to 6.2.1, why did universal forwarders stop sending logs that were specified with wildcards in the inputs.conf monitor stanzas?

I upgraded from 6.1.3 to 6.2.1 recently and noticed that some of my universal forwarders stopped sending certain logs...
by mikehodges01 Explorer in Getting Data In 06-21-2015
0 1
0
1
shannu1241

How to compare date time present in a log with the date time selected from the time range picker?

I have a log, which has two time fields, _time(Log indexed time)StartDate (Date time inside the log) When i select...
by shannu1241 New Member in Getting Data In 06-20-2015
0 1
0
1
SwatiApte

How to configure Splunk to convert multiple datetime attributes within the same data source to epoch at index-time and not treat them as strings?

Hi, In our data source (an application log file), we have multiple datetime attributes (say update_time, order_time,...
by SwatiApte Path Finder in Getting Data In 06-19-2015
0 1
0
1
nce054

Both universal forwarders have the same inputs.conf, but why is the index of data changing based on which machine it comes from?

I'm gathering data from two machines, and depending on which one it comes from, it has a different index. Both univer...
by nce054 Path Finder in Getting Data In 06-19-2015
0 3
0
3
sseekamp

Is splunk supported forwarding log data from an IBM GPFS mount point?

We are running a small GPFS cluster on AIX. I am seeing high CPU usage running a universal forwarder pointed at log f...
by sseekamp Explorer in Getting Data In 06-19-2015
3 5
3
5
Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...
Top Solution Authors
View All