Getting Data In

Discussions

Thread Info

Record Delimeters

I'm running free version 4.2.3. I have an email archive that I'm pre-processing the data to allow for key=value setti...

by New Member in

What is the best way to migrate old data from a single Splunk server to a new cluster?

Is there any way to point my old Splunk server at the new cluster and have it forward all of my previously indexed ev...

by Builder in

Props.conf and time_format, what am I missing

I'm missing something, not sure what...I've got some GMT timestamped logs that Splunk didn't magically guess correctl...

by Contributor in

Extracting time zone and other info from header of a log and apply them to events in same log

Hello Splunk experts, my log files are structured in the following way: 09032011 12:23:34.567 App name: TestApp01...

by Explorer in

Is it possible to have 1 forwarder forward data to 2 different groups of indexer clusters?

Hi splunkers, Good day! I just want to ask some opinion what is the best way I can do or is it possible to achieve...

by Communicator in

Addition of '=' between events

Hi all , I have a indexes which is capturing logs in real time. However i have observed a strange thing happening ...

by Path Finder in

Splunk initial indexing not behaving as expected

I'm setting up a fresh new Splunk server and am re-indexing my data from scratch. Syslog data is being sent to my ...

by Builder in

sending only part of logs to server

Hi, I have been trying to extract a part of my events in logs before they are sent to indexing server. I trying wi...

by Explorer in

Is it possible to have multiple sourcetypes point to one props.conf?

I am working with application data that has the same exact format across several applications. The sourcetypes are ba...

by Path Finder in

Why are events not being indexed into the indexes specified in the inputs.conf on my Windows universal forwarder?

Hi guys, I have one Universal Forwarder that has a deployed app from the deployment server. Inside the inputs.conf...

by Explorer in

How do I filter out parts of my sample log and only index a portion of the message for an event?

I have a log with a long message. i need to cut it from A to B and, if it possible, not to show other events to work ...

by New Member in

Why does my distributed management console show 0 deployment clients?

Hi, I have configured my universal forwarder as a deployment client and my search head as a " deployment server" ...

by Contributor in

Size discrepency between file system and named pipe

One of our Splunk environments receives data from a FIFO pipe. That is, syslog-ng takes incoming syslog data and send...

by Builder in

Is the CHARSET setting also available for Hunk in props.conf?

Is the CHARSET Setting also available for Hunk in the props.conf? Thanks, Regards Sven

by Path Finder in

Why can't a logfile that Splunk is monitoring be accessed, preventing a script from writing to the file and log messages are getting lost?

Hi all, I'm logging the output of scheduled tasks to a central CIFS location. On the fileserver hosting the CIFS, ...

by Builder in

Indexing same log file multiple times issue

Hi All, I have a question regarding indexing log file. I am using one application and monitoring events online.I h...

by Path Finder in

custom datetime.xml is not working for me

hi guys I have 2 different kind of events inside the same file. I am aware that I need to use a custom datetime.xm...

by Builder in

Why am I not able to start splunk after installation of a Splunk universal forwarder on Solaris and getting error "invalid argument"?

Hi Team, I have installed splunk universal forwarder on solaris10. When I am trying to start splunk, it's giving m...

by Path Finder in

How do you search for windows username and login failure?

I need to be able to quickly report on, and identify AD/windows user account login failures...and to be able to find ...

by New Member in

How can I limit disk space usage in Splunk / Netapp Ontap App?

Hello, In my environment I use Splunk and netapp ontap app. The index is on a separate nfs Vol 400GB in size. My c...

by Explorer in

HOW TO USE LINE_BREAKER 3?

Hello, I have logs with some events. My events start from:"main: number of bytes received: " and finish to:"msgsnd_w_...

by New Member in

help with CSV inputs - utf16-le and header input problems

I have a utf-16 CSV file with a 0xFFFE byte order mark and the csv field names in the first line. I have defined t...

by SplunkTrust in

Identifying an asset over multiple sourcetype events

Hi Splunk Answers, First post here, go easy on me! We're running Splunk ES and I would like to create a correlation s...

by Path Finder in

filtering syslog from only one host

I have multiple hosts sending syslog information to splunk via its listener. However, one of these hosts, I'd like to...

by Explorer in

Logs dont show upp i "real time"

I recive some hosts from firewalls/Wireless controllers and they show up when you search for *. Recently i have some ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Record Delimeters

What is the best way to migrate old data from a single Splunk server to a new cluster?

Props.conf and time_format, what am I missing

Extracting time zone and other info from header of a log and apply them to events in same log

Is it possible to have 1 forwarder forward data to 2 different groups of indexer clusters?

Addition of '=' between events

Splunk initial indexing not behaving as expected

sending only part of logs to server

Is it possible to have multiple sourcetypes point to one props.conf?

Why are events not being indexed into the indexes specified in the inputs.conf on my Windows universal forwarder?

How do I filter out parts of my sample log and only index a portion of the message for an event?

Why does my distributed management console show 0 deployment clients?

Size discrepency between file system and named pipe

Is the CHARSET setting also available for Hunk in props.conf?

Why can't a logfile that Splunk is monitoring be accessed, preventing a script from writing to the file and log messages are getting lost?

Indexing same log file multiple times issue

custom datetime.xml is not working for me

Why am I not able to start splunk after installation of a Splunk universal forwarder on Solaris and getting error "invalid argument"?

How do you search for windows username and login failure?

How can I limit disk space usage in Splunk / Netapp Ontap App?

HOW TO USE LINE_BREAKER 3?

help with CSV inputs - utf16-le and header input problems

Identifying an asset over multiple sourcetype events

filtering syslog from only one host

Logs dont show upp i "real time"

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Re-ingest Windows logs across enterprise

SC4S Syslog server update fails during download wi...

Event break multiline PowerShell Transcript Log

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Getting Data In

Are you a member of the Splunk Community?

Discussions