Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
alekksi

Missing events from monitored logs

Hi all, We have realised recently that one of our application logs is missing a large number of events. This was evi...
by alekksi Communicator in Getting Data In 06-10-2015
0 4
0
4
alekksi

After a Disaster Recovery switchover, why did Linux universal forwarders running Splunk 6.1.1 not pick up new logs in the monitored directory?

Hi all, Recently we performed a Disaster Recovery switchover. It was found out after the switchover that none of the...
by alekksi Communicator in Getting Data In 06-10-2015
0 5
0
5
DPWSplunkPOC

How do I change the NIC that Splunk Universal Forwarder uses to communicate?

I want to change the NIC that the Splunk Universal Forwarder communicates and sends data through if the server has mu...
by DPWSplunkPOC Explorer in Getting Data In 06-10-2015
3 1
3
1
qazwsxedc994

Why am I unable to forward Linux syslog to my Splunk indexer with my current configuration?

Hi, I'm trying to forward /var/log/anaconda/syslog from my linux machine to my splunk indexer, but it's not coming ...
by qazwsxedc994 Explorer in Getting Data In 06-10-2015
0 2
0
2
wangyong_2

如何区分日志的每一条记录

1、日志是以时间开头的,比如:00:11:12:471,也就是当天零点11分12秒471毫秒,可是,splunk识别的时间为15/06/11 2:00 00 000 该怎么办? 2、如下的一行,事实上不是一条新的记录,只是上一条记录...
by wangyong_2 New Member in Getting Data In 06-10-2015
0 2
0
2
ektasiwani

matching value of two fields csv file with some value and return value of third field

Hi, My requirement is to match two fields of csv file and get value of third field. I have student name and roll num...
by ektasiwani Communicator in Getting Data In 06-09-2015
0 2
0
2
tony_luu

Why running "splunk enable boot-start" did not start the indexing of my log data?

Splunk was installed and run as root. I did a "splunk enable boot-start" which created a /etc/init.d/splunk script. U...
by tony_luu Path Finder in Getting Data In 06-09-2015
0 5
0
5
AndreaEClark

Upgraded Windows Domain Controllers from 2008 R2 to 2012 R2, why are 6.2.2 and 6.2.3 universal forwarders not forwarding Security Event Logs?

My Help Desk relies upon using the Splunk server to assist with identifying the source machine or BYOD for account lo...
by AndreaEClark Explorer in Getting Data In 06-09-2015
0 5
0
5
a212830

How do I edit my props.conf for proper timestamp format of my sample data?

Hi, I need to setup a props for an event with the following format. Not certain what to put for "Z" (or if it's nee...
by a212830 Champion in Getting Data In 06-09-2015
0 3
0
3
molinarf

How do I cluster a new index server with my production index server?

I have one indexer and would like to add another indexer for redundancy. Is it possible to cluster the two together a...
by molinarf Communicator in Getting Data In 06-09-2015
0 2
0
2
shivarpith

How to parse the date_time and event_time fields from my raw data in PSV format?

hi, i have some mainframe logs coming into splunk which is in PSV (pipe separated value) format. have managed to pa...
by shivarpith Path Finder in Getting Data In 06-09-2015
0 1
0
1
JoeSco27

After making a change to props.conf TIME_FORMAT and SHOULD_LINEMERGE attributes, do I restart splunkd on my deployment server or indexer?

After making a change to my props.conf TIME_FORMAT and SHOULD_LINEMERGE attribute (multiple events started merging to...
by JoeSco27 Communicator in Getting Data In 06-09-2015
0 1
0
1
nce054

How to push inputs.conf changes to multiple universal forwarders in my Splunk environment without editing each individual machine?

I am getting to the point where I have quite a few Universal Forwarders in my Splunk infrastructure. I was wondering ...
by nce054 Path Finder in Getting Data In 06-09-2015
0 3
0
3
afmohamm

Why is a props.conf change on a universal forwarder not being applied in a multisite Splunk 6.2.0 indexer clustering environment?

I have a Splunk 6.2.0 multisite cluster setup. Per site, there is one indexer, one search head and a master. I am pul...
by afmohamm Engager in Getting Data In 06-09-2015
0 1
0
1
theouhuios

Splunk Checkpoint FW grabber collecting more logs than the one of the logserver

I have a strange case where we see more logs in Splunk from the Checkpoint App than the ones in the Checkpoint log se...
by theouhuios Motivator in Getting Data In 06-09-2015
0 4
0
4
nce054

Changed outputs.conf, but why is my Universal Forwarder still sending to the old server, even after a restart?

I've changed the outputs.conf file on my Universal Forwarder to direct to a different server, and restarted the servi...
by nce054 Path Finder in Getting Data In 06-09-2015
0 2
0
2
nicolay_koecher

How to monitor the Internet Explorer Process in Splunk?

Hello, For security reasons, I have to monitor processes, especially the IExplore Process. Open connections are impo...
by nicolay_koecher Explorer in Getting Data In 06-09-2015
0 1
0
1
sahoo0233

How can i automate indexing of logs to splunk web?

Hi everyone, My everyday process is to upload logs to splunk web and take a report and analyse it. So in this, 1st ...
by sahoo0233 Path Finder in Getting Data In 06-09-2015
0 22
0
22
sjovang

What would cause a blocked queue on an ec2 host and is there any tuning that can solve and prevent this issue?

We have ~50 hosts that are placed on various locations outside our data center. To receive logs from these hosts we h...
by sjovang Engager in Getting Data In 06-09-2015
0 1
0
1
qazwsxedc994

Running scripts from indexer to linux forwarder

I am trying to set up searchable scripts however when i am on my indexer and go to add data and select forwarders it ...
by qazwsxedc994 Explorer in Getting Data In 06-08-2015
0 1
0
1
alessio23

Is it possible to use a Universal Forwarder to write logs directly to HDFS?

Hi, I installed and configured Hunk to read data from HDFS. I'm trying to use Universal Forwarder to write directly...
by alessio23 New Member in Getting Data In 06-08-2015
0 2
0
2
niiick

First time importing of data into Splunk

I am a new user trying Splunk for the first time. I am trying to visualize some csv files so we have trending informa...
by niiick New Member in Getting Data In 06-08-2015
0 15
0
15
brutecat

How to configure Splunk so I can accurately analyze data captured in the Central European timezone?

Hi there, I have an issue with time zones where my analysis system (Splunk Free) is in the Australian Eastern time z...
by brutecat Path Finder in Getting Data In 06-08-2015
0 8
0
8
smvalois

Windows Event Logs and Non Standard Importing

Morning, We run AD in our environment and the Windows server team does not wish to allow for the use of WMI calls an...
by smvalois Explorer in Getting Data In 06-08-2015
0 3
0
3
BT_Neophyte

Splunk not forwarding/indexing gzip files

I'm having an issue where I have a directory that contains numerous .gz files and I'm trying to get them into Splunk,...
by BT_Neophyte Explorer in Getting Data In 06-08-2015
0 1
0
1
Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...
Top Solution Authors
View All