Getting Data In

Discussions

Thread Info

Why are my universal forwarder data inputs to index CSV files not working? (no indexed data, no sign of change in configuration)

Hello fellow splunk users! I am encountering a problem with indexing .csv files. A bit of background story: I ...

by Explorer in

What should be the maximum disk capacity per indexer?

How much stored data can a Splunk indexer comfortably manage? I know that the answer depends on the indexer hardware ...

by Legend in

Fireeye json truncating lines

It appears that Splunk is truncating Fireeye (7.4) ext json messages. There are 90 lines in the message it only extra...

by Explorer in

Splunk forwarder file monitor is not detecting new files and getting error "Bug during applyPendingMetadata, header processor does not own the indexed extractions confs"?

Hi Splunkers, I am monitoring a folder (/opt/pvlogs/QUT-GP-P10) with a collection of CSV text files, as follows: ...

by Explorer in

How can I index an event older than 10951 days if that is the max value of MAX_DAYS_AGO?

Hi all. Say I want to index an event from "10/1/1970", but the max value of 「MAX_DAYS_AGO is 10951. So, I cannot i...

by Communicator in

Time Taken for stored procedures to execute

Hi, I have an application with about 10 stored procedure calls made via Linq. I'd like to track the performance of...

by New Member in

Where should I put my syslog universal forwarder/deployment server with regards to subnets and firewalls in an indexer clustering environment?

Hi folks, I'm planning on installing some new machines running Splunk instances. Two of the machines are going to ...

by Builder in

Splunk 6.2.3 Universal Forwarder maxQueueSize: What is the algorithm used to determine the amount of memory to use?

The outputs.conf.spec shows a default value of "auto". The Splunk Universal Forwarder version is 6.2.3 on RHEL 6.6. W...

by Path Finder in

Distributed Search: Should I install the search head on the same server as an indexer in my environment?

Hello, I have 2 servers available to deploy Splunk. If I read this doc : http://docs.splunk.com/Documentation/Splu...

by Contributor in

How do I get the timestamps of the first and last events in a transaction?

Dear All, I am setting up a report of Username, Logged in time, Logged out time, Internal and External IP Addresse...

by Communicator in

How to create a report about each index and the sourcetypes it contains?

I need to create a report that shows each index on my system and the relevant data about sourcetypes within the index...

by Engager in

How to optimize data (key/value pairs) to be injected into Splunk 6.3 using the HTTP Event Collector?

We are adding a new feature to our product to send data in key value pairs into Splunk using the new 6.3 Http Event C...

by Contributor in

How can I properly index empty and blank space values in a multivalue field?

Hi all. Each event in my logfile are like instructions that log multiple actions at once. Then I made a transform ...

by Explorer in

Sourcetype override in props.conf not working on universal forwarder?

Our setup is a single search head that goes out to three indexers, with a universal forwarder that sends out to all t...

by Contributor in

What is the recommended method using a Splunk forwarder to send Window logs to Splunk Cloud and to ArcSight ESM?

Hi, Please let me know what is the best way to forward Window logs in parallel from current ArcSight ESM infra to ...

by New Member in

forwarder used to forward multiple tcp ports

I have an indexer that is using two forwarders to get logs. These forwarders are forwarding other forwarders in their...

by Path Finder in

Splunk 6.3 getting empty volume reports for 30 day

When I run the 30 day volume report (for all pool), I am getting no data since the time I upgraded to v6.3 The curren...

by Path Finder in

Universal Forwarder resends entire Security Event log after upgrade.

I have recently started upgrading Windows universal forwarders from 6.0.3 to 6.2.6. After I upgrade them they seem to...

by Communicator in

Is it possible to install Splunk on Windows 10? I'm getting a canceled installation without any error.

I'm trying to install Splunk Enterprise on Windows 10, but this isn't working. I'm getting a canceled installation wi...

by New Member in

How do I edit my configuration to index security event logs for Windows success/failed login and logout events?

Hi, I installed Splunk Enterprise to a single instance and am installing the Splunk Universal Forwarder. The goal...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why are my universal forwarder data inputs to index CSV files not working? (no indexed data, no sign of change in configuration)

What should be the maximum disk capacity per indexer?

Fireeye json truncating lines

Splunk forwarder file monitor is not detecting new files and getting error "Bug during applyPendingMetadata, header processor does not own the indexed extractions confs"?

How can I index an event older than 10951 days if that is the max value of MAX_DAYS_AGO?

Time Taken for stored procedures to execute

Where should I put my syslog universal forwarder/deployment server with regards to subnets and firewalls in an indexer clustering environment?

Splunk 6.2.3 Universal Forwarder maxQueueSize: What is the algorithm used to determine the amount of memory to use?

Distributed Search: Should I install the search head on the same server as an indexer in my environment?

How do I get the timestamps of the first and last events in a transaction?

How to create a report about each index and the sourcetypes it contains?

How to optimize data (key/value pairs) to be injected into Splunk 6.3 using the HTTP Event Collector?

How can I properly index empty and blank space values in a multivalue field?

Sourcetype override in props.conf not working on universal forwarder?

What is the recommended method using a Splunk forwarder to send Window logs to Splunk Cloud and to ArcSight ESM?

forwarder used to forward multiple tcp ports

Splunk 6.3 getting empty volume reports for 30 day

Universal Forwarder resends entire Security Event log after upgrade.

Is it possible to install Splunk on Windows 10? I'm getting a canceled installation without any error.

How do I edit my configuration to index security event logs for Windows success/failed login and logout events?

New Cloud Intrusion Detection System Add-on for Splunk

Happy CX Day to our Community Superheroes!

Check out This Month’s Brand new Splunk Lantern Articles

WebLogic add-on is not parsing UTC time zone corre...

How do I fix this Windows monitor stanza error: cr...

Splunk ingesting duplicate data from Azure File Sh...

How to escape ":" character from json string sent ...

JSON with escape character in field name