Getting Data In

Discussions

Thread Info

mvcombine ignores specified delimiter

My apologies for the duplicated question - I wasn't sure whether I could tag my particular situation re- mvcombine no...

by Path Finder in

Why is our Splunk 6.0.5 Universal Forwarder (HPUX) not contacting our Splunk 6.2.3 Deployment Server, even if connectivity exists.

I have installed Splunk Universal forwarder 6.0.5 in HPUX B.11.11 U 9000/800 box. We are using deployment server (...

by Communicator in

How to correlate multiple CSV files using different columns?

Hi all. I have almost 6 CSV files extracted from a running system where i can't access the backend to install a fo...

by Builder in

variance betweeen _time and date_* fields

I've got a situation where different date elements are providing inconsistent results for the same time data. I suspe...

by Explorer in

Help to find daily indexed data size by each index

Need your help, Can you please tell us, how to find daily indexed data size by each index?

by Builder in

How do I know if my application is used on desktop vs mobile

Hi there I want to log information to understand if my application is heavily used on desktop or mobile or tablet..!!...

by New Member in

What is recommended to prevent broken multiline events that are caused by a delayed output from a command?

About The log file is overwritten each time, therefore the MUST_NOT_BREAK_AFTER in the current definition does wor...

by Contributor in

Heavy forwarders are not auto load-balancing evenly

I'm having a problem right now where I'm not seeing an even distribution across my indexers. I have 21 indexers (inde...

by Explorer in

Missing events from monitored logs

Hi all, We have realised recently that one of our application logs is missing a large number of events. This was e...

by Communicator in

After a Disaster Recovery switchover, why did Linux universal forwarders running Splunk 6.1.1 not pick up new logs in the monitored directory?

Hi all, Recently we performed a Disaster Recovery switchover. It was found out after the switchover that none of t...

by Communicator in

How do I change the NIC that Splunk Universal Forwarder uses to communicate?

I want to change the NIC that the Splunk Universal Forwarder communicates and sends data through if the server has mu...

by Explorer in

Why am I unable to forward Linux syslog to my Splunk indexer with my current configuration?

Hi, I'm trying to forward /var/log/anaconda/syslog from my linux machine to my splunk indexer, but it's not comin...

by Explorer in

如何区分日志的每一条记录

1、日志是以时间开头的，比如：00:11:12:471，也就是当天零点11分12秒471毫秒，可是，splunk识别的时间为15/06/11 2:00 00 000 该怎么办？ 2、如下的一行，事实上不是一条新的记录，只是上一条...

by New Member in

matching value of two fields csv file with some value and return value of third field

Hi, My requirement is to match two fields of csv file and get value of third field. I have student name and roll n...

by Communicator in

Why running "splunk enable boot-start" did not start the indexing of my log data?

Splunk was installed and run as root. I did a "splunk enable boot-start" which created a /etc/init.d/splunk script. U...

by Path Finder in

Upgraded Windows Domain Controllers from 2008 R2 to 2012 R2, why are 6.2.2 and 6.2.3 universal forwarders not forwarding Security Event Logs?

My Help Desk relies upon using the Splunk server to assist with identifying the source machine or BYOD for account lo...

by Explorer in

After making a change to props.conf TIME_FORMAT and SHOULD_LINEMERGE attributes, do I restart splunkd on my deployment server or indexer?

After making a change to my props.conf TIME_FORMAT and SHOULD_LINEMERGE attribute (multiple events started merging to...

by Communicator in

Getting Data In

Discussions

mvcombine ignores specified delimiter

Why is our Splunk 6.0.5 Universal Forwarder (HPUX) not contacting our Splunk 6.2.3 Deployment Server, even if connectivity exists.

How to correlate multiple CSV files using different columns?

variance betweeen _time and date_* fields

Help to find daily indexed data size by each index

How do I know if my application is used on desktop vs mobile

What is recommended to prevent broken multiline events that are caused by a delayed output from a command?

Heavy forwarders are not auto load-balancing evenly

Missing events from monitored logs

After a Disaster Recovery switchover, why did Linux universal forwarders running Splunk 6.1.1 not pick up new logs in the monitored directory?

How do I change the NIC that Splunk Universal Forwarder uses to communicate?

Why am I unable to forward Linux syslog to my Splunk indexer with my current configuration?

如何区分日志的每一条记录

matching value of two fields csv file with some value and return value of third field

Why running "splunk enable boot-start" did not start the indexing of my log data?

Upgraded Windows Domain Controllers from 2008 R2 to 2012 R2, why are 6.2.2 and 6.2.3 universal forwarders not forwarding Security Event Logs?

How do I edit my props.conf for proper timestamp format of my sample data?

How do I cluster a new index server with my production index server?

How to parse the date_time and event_time fields from my raw data in PSV format?

After making a change to props.conf TIME_FORMAT and SHOULD_LINEMERGE attributes, do I restart splunkd on my deployment server or indexer?

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

How to monitor a script which never stop ?

Difference between AD logs from M365 add-on app an...

Permissions for Linux forwarder on .gz log files

Does Splunk Http Event Collector supports Server N...

Splunk log masking regex help

Getting Data In

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >