Getting Data In

Discussions

Thread Info

Heavy Forwarder line breaking, reading logs too fast

Hi, We use Heavy Forwarders in our environment. Recently, I noticed that the events are not breaking up properly. ...

by Communicator in

Monitor RabbitMQ queues and exchanges

I am interested in using Splunk to monitor queue depths and message timings on a RabbitMQ install. I've found the AMQ...

by Explorer in

Anyone know what negative numbers means when I see this in Splunk?

Does anyone know what the negative numbers mean with monitoring? This comes from JVM logs that splunk is collectin...

by New Member in

How to connect MS SQL Server Express Edition with Splunk DB Connect 1?

Hi, I am trying to connect Microsoft SQL Server 2012 Express Edition with Splunk DB Connect V1 through GUI with Fo...

by Explorer in

configure field extractions props.conf/transforms.conf for syslog

Hi, How would I configure field extraction for syslog messages. I have for example the following in my syslog. ...

by Explorer in

Configuring Input stanza for forwarder

I used this command to configure splunk forwarder using cli splunk add monitor d:\logs -Follow-only True I got ...

by Explorer in

File monitor behavior when thruput maxKBps is exceeded

We have some files that we're monitoring through a universal forwarder and we're seeing behaviors where as the file i...

by Engager in

Extracting fields from different syslog messages using props.conf transforms.conf

The syslog messages we receive from the firewall have multiple formats. A limited sample is listed below Apr 30 15...

by Explorer in

Splunk Indexer as Virtual Machine - Best practices?

Has anybody implemented a distributed Splunk Environment using Virtual Machines from top to bottom? This seems to...

by SplunkTrust in

Is _indextime set at parse time or index time?

Does anyone know if the _indextime field is assigned during the parsing phase or when the event is written into the i...

by Super Champion in

Difference in Size Between Events

I have two indexes that contain different sets of events. Index 1 Event Count – 23,952 Current Size – 19 Index...

by Path Finder in

Multiline file, indexes every line

Hi I have a log file that mainly contains one liners, but the errors that are logged comes as multiple lines and a...

by Engager in

rewrite index with fallback to a default one, if it doesn't exist

I am trying to achieve the following: 1 - define the index on the forwarder directly in the inputs.conf (let's say...

by Path Finder in

Why there are additional TCP connections initiated from my Universal Forwarder, which are TIME_OUT

Hello, I recently started installing the Splunk Universal Forwarder on all of our Windows hosts. The deployment go...

by Communicator in

Hunk - specify delimiter when using SplunkLineRecordReader

How does one specify the delimiter when using SplunkLineRecordReader? Trying to read in a csv file with a header and ...

by Engager in

Using the Heavy Forwarder to load balance syslog message output?

I am using a heavy forwarder to transform splunk message into a syslog format. I would then like to the heavy forward...

by New Member in

How to parse key-value pairs from logs in JSON format?

Hi, In my Java application, I am printing logs in JSON format. Here in JSON "message" field I am logging a value as k...

by Communicator in

Fixed Format Records - Timestamp Extraction Issues

Guys, This is probably a simple answer, but I'm struggling to get it right  I have events of fixed length - ea...

by Contributor in

Multi-line events breaking at 257 lines despite MAX_EVENTS=40000

I have some files I'm trying to parse into splunk, and I'm having trouble with getting large multi-line events to wor...

by Engager in

BREAK_ONLY_BEFORE not working

I have a clustered system that I am using, and I'm attempting to break events at the search head level, and it seems ...

by Motivator in

Why I cant reindex my log data after two consecutive cleaning of index?

Hi all, Im having trouble with re indexing my logs after i did twice index clean up. I have here my inputs.conf...

by Contributor in

Grouping JSON data and creating dynamic chart

Hi experts, I am trying to create a dashboard from my data, which is logged in JSON format. However, I am stuck wi...

by Explorer in

Splunk Forwarder not sending logs

I get the following error: 10-09-2013 00:28:22.177 -0600 WARN TcpOutputFd - Connect to X.X.X.X:9997 failed. No con...

by Path Finder in

Forwarding from universal to index

It was working fine and suddenly got the following error of nowhere and not geeting data anymore. 11-03-2011 16:53...

by Path Finder in

Universal Forwarder and custom sourcetype

I would like to forward my symfony logs using a Splunk universal forwarder. I ran a train on a sample symfony log fil...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Heavy Forwarder line breaking, reading logs too fast

Monitor RabbitMQ queues and exchanges

Anyone know what negative numbers means when I see this in Splunk?

How to connect MS SQL Server Express Edition with Splunk DB Connect 1?

configure field extractions props.conf/transforms.conf for syslog

Configuring Input stanza for forwarder

File monitor behavior when thruput maxKBps is exceeded

Extracting fields from different syslog messages using props.conf transforms.conf

Splunk Indexer as Virtual Machine - Best practices?

Is _indextime set at parse time or index time?

Difference in Size Between Events

Multiline file, indexes every line

rewrite index with fallback to a default one, if it doesn't exist

Why there are additional TCP connections initiated from my Universal Forwarder, which are TIME_OUT

Hunk - specify delimiter when using SplunkLineRecordReader

Using the Heavy Forwarder to load balance syslog message output?

How to parse key-value pairs from logs in JSON format?

Fixed Format Records - Timestamp Extraction Issues

Multi-line events breaking at 257 lines despite MAX_EVENTS=40000

BREAK_ONLY_BEFORE not working

Why I cant reindex my log data after two consecutive cleaning of index?

Grouping JSON data and creating dynamic chart

Splunk Forwarder not sending logs

Forwarding from universal to index

Universal Forwarder and custom sourcetype

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions