Getting Data In

Ask a Question

Discussions

Thread Info

Which from available Windows event logs is used to track my browsing history?

Hi, I was wondering which is the log (data inputs -> event log collection -> localhost) to add at Splunk in order ...

by Contributor in

What is the general capacity on a Splunk Load Balancer?

Hi Gurus! Here is the config first, [ 50 Universal Forwarders : Total 300G of Data ] ==> [2 Load Balancing For...

by Communicator in

Why upgrade from Splunk 6.1.1 to 6.2 on Windows took almost 1 hour and getting an error trying to open the UI?

I have splunk server 6.1.1 installed on Drive D and i upgraded it to 6.2 on windows2008R2. During istallation it did ...

by Explorer in

Can a Splunk enterprise instance set as an indexer/head be a heavy forwarder too?

Trying to forward the logs that arrive into the indexer/head into another 3rd party Siem tool. Rather than setting th...

by New Member in

What is the proper TIME_FORMAT I should use in props.conf for my sample data?

I am trying to create props.conf for a log file which has entries like below, {"timestamp":1429805010594,"message"...

by Communicator in

Monitoring a folder that stores my IIS logs, why is a new Source created daily for each new IIS log file?

I have Splunk set to monitor the folder that stores my IIS logs. It is currently working, however, since there is a n...

by Path Finder in

I'm trying to rename a sourcetype, by why isn't my configuration working?

Hi, I want to rename a sourcetype, but the following isn't working: [log4j] KV_MODE = auto ANNOTATE_PUNCT = fal...

by Champion in

In log file line break not working.

i working in sample log file in which some event break line is different i use BREAK_LINE = ([\r\n]+)/d+/./d/./d+* bu...

by Communicator in

How to correlate data from three CSV file sources with joining fields and run a stats count on the final result?

Hello Everyone, Here is the scenario. I have three source CSV files with joining fields: file1 field1 = file2 ...

by Explorer in

Disable Delete Capability - Free Edition

Is it possible to disable the delete capability from GUI on the free license of Splunk?

by Explorer in

How do I edit my props and transforms to filter out logs that start with 30 and 32 in a local monitored directory on Windows?

I'm using splunk enterprise on a local windows based system. I have a file reader configured to watch a directory...

by Engager in

Why am I seeing timezone differences for sourcetypes on the same host?

Indexing log files from a couple of IIS-servers. The events being logged are logged as GMT, whereas the time here in ...

by Contributor in

proper way to apply props.conf rules on a modified sourcetype, and other fun stories

I tried to setup 2 rules : - one to rename the sourcetype A to B for some events - one to apply a SEDCMD rule to the...

by Splunk Employee in

how to change date/time format in .csv email alert?

When I schedule the following search and send a report through email, the date/time in the attached .csv file does no...

by Splunk Employee in

If my log file does not have a header, how can I divide my raw data into 2 fields at index-time with the 1st space as the delimiter on each line?

Hi 20140902191418.351 TrxManagerFactory.CreateTrxManager Done 20140902191418.351 TransactionBaseMgr.Init 201409021...

by Communicator in

Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head?

Hello, Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head? ...

by Builder in

How often does the search head send the knowledge bundles to the indexers?

My indexer has /opt/splunk/var/run/searchpeers. How often do searchpeers get updated? I also have an old backup searc...

by Contributor in

How to to extract fields from Squid logs to Splunk from PFsense Firewall using 2.2.1?

I have standard UDP logs from PFsense being sent to my Splunk server. However, I can't seem to get the Squid logs to ...

by New Member in

Can I install a universal forwarder on a Windows server to monitor printer log data and forward it to Splunk on Unix?

Hello- I want to monitor my printers in our corporate environment which is a Windows print server. I want to get t...

by New Member in

How to call a Rest/Json service on HTML button click action in Drill down Dashboard Tabel?

We have rest/json/http services and need to make a call from Drill Down Dashboard button click event. Please let me k...

by Explorer in

Who can tell me why the API POST for JSON doc times out -

This DOES NOT work: curl -k -u admin:changeme "https://0.0.0.0:8089/services/receivers/simple?source=mysource&inde...

by Contributor in

Can I parse data at the indexer since I am using a Universal Forwarder on my source and how will that impact licensing?

I am a using a Universal Forwarder on my domain controller to forward security events to a Splunk indexer and would l...

by Explorer in

How to install and run Splunk as a domain user without admin permissions? (WINDOWS SERVER 2008)

I am trying to install Splunk on Winows Server 2008 as a domain user like here:(http://docs.splunk.com/Documentation/...

by Explorer in

How to resolve inputs.conf error "Invalid key in stanza" on our Windows universal forwarder?

Can you please tell us how to resolve this error on our Windows universal forwarder, Invalid key in stanza [monito...

by Builder in

Monitoring files on a local Windows 2008 R2 server, why aren't new files getting indexed?

Hi Everyone, I'm looking to monitor some files locally on the Splunk instance, and I am able to add them as data i...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Which from available Windows event logs is used to track my browsing history?

What is the general capacity on a Splunk Load Balancer?

Why upgrade from Splunk 6.1.1 to 6.2 on Windows took almost 1 hour and getting an error trying to open the UI?

Can a Splunk enterprise instance set as an indexer/head be a heavy forwarder too?

What is the proper TIME_FORMAT I should use in props.conf for my sample data?

Monitoring a folder that stores my IIS logs, why is a new Source created daily for each new IIS log file?

I'm trying to rename a sourcetype, by why isn't my configuration working?

In log file line break not working.

How to correlate data from three CSV file sources with joining fields and run a stats count on the final result?

Disable Delete Capability - Free Edition

How do I edit my props and transforms to filter out logs that start with 30 and 32 in a local monitored directory on Windows?

Why am I seeing timezone differences for sourcetypes on the same host?

proper way to apply props.conf rules on a modified sourcetype, and other fun stories

how to change date/time format in .csv email alert?

If my log file does not have a header, how can I divide my raw data into 2 fields at index-time with the 1st space as the delimiter on each line?

Is there a way to launch a script on the Universal Forwarder's App's bin directory from the search head?

How often does the search head send the knowledge bundles to the indexers?

How to to extract fields from Squid logs to Splunk from PFsense Firewall using 2.2.1?

Can I install a universal forwarder on a Windows server to monitor printer log data and forward it to Splunk on Unix?

How to call a Rest/Json service on HTML button click action in Drill down Dashboard Tabel?

Who can tell me why the API POST for JSON doc times out -

Can I parse data at the indexer since I am using a Universal Forwarder on my source and how will that impact licensing?

How to install and run Splunk as a domain user without admin permissions? (WINDOWS SERVER 2008)

How to resolve inputs.conf error "Invalid key in stanza" on our Windows universal forwarder?

Monitoring files on a local Windows 2008 R2 server, why aren't new files getting indexed?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions