Getting Data In

Thread Info

Is it possible that the Splunk forwarder caches old events and resends the data again and again?

We have a batch script which monitors files under some folder and then creates a log file with the file name and file...

by Contributor in

If I have a monitored log file with lines that are overwritten rather than appended, will this cause any problems to indexing?

Suppose I am monitoring a file that has 10 lines in it. These lines are already sent to splunk. Now, if I overwrite t...

by New Member in

Will the increase of logging to metrics.log impact performance on an indexer?

I want to have a bigger picture on sourcetypes/indexes in the metrics.log. The default "series" shown in metrics is 1...

by Builder in

Can I continue to delete files on Splunk Free Edition

Hi, I'm currently using Splunk Enterprise Trial Edition, and I got to know that Splunk Free does not have Access cont...

by New Member in

How to remove index-time field extractions from an index, but still keep the _raw data?

We need to remove a list of index-time extracted fields while keeping the _raw data, is this possible? The reason ...

by Builder in

French Syslog

Hi, (Sorry for my English, I'm French) I have new systems that send Syslog to Splunk UniversalFowarder via 40514 p...

by Path Finder in

Is there any risk in load balancing universal forwarder outputs with dedicated LB hardware?

Hi, I need to forward from a few Universal Forwarders to some third party indexers, and I'm not that keen on actua...

by Path Finder in

How to troubleshoot error "TcpOutputFd - Connection to xxx host failed." on the forwarder?

I am getting a TcpOutputFd on the forwarder. Connection to xxx host failed. 4-22-2015 16:17:34.736 -0400 WARN Tc...

by Explorer in

Why am I getting error "HttpPubSubConnection - Received message for an unsubscribed channel: ..." on my universal forwarder?

Hi: I am getting the following error in Splunk on a Windows Universal Forwarder: HttpPubSubConnection - Receive...

by Path Finder in

Has anyone tried to get Cisco ScanSafe data into SPlunk?

Hello We are trying to get Cisco ScanSafe data into splunk and it looks like I need to make calls to the s3 bucket...

by Motivator in

How to extract age from a birthday field before the year of our Splord 1970?

Dearest Brethren and Sistren of Splunk Almighty, Do thou hearst my plea? A field by the name bday cometh forth ...

by Splunk Employee in

How to search for multiple fields in a source files?

So I have a set of source files that list different fields as separate events and I would like to search for source f...

by New Member in

DateParserVerbose - what is splunkd.log telling me?

I'm trying to figure out what the number is at the end of the following internal DateParserVerbose log. Sometimes a n...

by Communicator in

An external script saves "host" values in a csv, but names the field after the first result. How do I get the file to name the field "host" to run an inputlookup?

Hello I have an external script that runs and saves the results in a file I called puppet_results.csv in $SPLUNK_H...

by Builder in

We are thinking of using directory recursion to collect logs from various servers, but what's the overhead on the system?

In a large enterprise with thousands of IIS, apache and tomcat servers, with each server having multiple web or app i...

by New Member in

Running Splunk Enterprise on Windows 2008 R2, how do I index local security logs?

I'm running Splunk Enterprise on a Windows 2008 R2 server and I'm looking to index the local security logs for the se...

by Engager in

What is the best way to edit inputs.conf to pull logs from multiple paths into one sourcetype?

I have two sets of logs that I want to be able to ingest into splunk /opt/Model15/log/* /opt/Model17/log/* Wha...

by Communicator in

Why am I getting https error "ssl_error_rx_record_too_long" when logging into my Indexers?

Hi splunkers, I recently found a problem while logging in on one of my splunk instances. Everything is ok with my ...

by Communicator in

Why can't I browse mapped drives under "Add Data" -> "Files and Directories"?

Installed Splunk Light on Windows 2012 R2 Server. Mapped windows 2003 server network drive. Under Add Data -> Files a...

by New Member in

How to edit my search to filter and only return duplicate DHCP MAC addresses?

Hi, I am trying to create a search that will output any duplicate mac address for potential MAC spoofing so far...

by Path Finder in

What does the technical term "indexing on the server" mean?

Does indexing mean forwarding the data?

by Contributor in

How can i append the values of one field to another field?

I have two different fields, but they have the same type of value for eg. "host". So How can I join two fields to hav...

by Communicator in

Why is my Splunk Light instance not showing any forwarders configured as deployment clients?

I have installed Splunk Light on a server and installed the Windows Forwarding agent on a separate server to forward ...

by New Member in

Is it possible to use Splunk as a static data store with a single log entry per line?

We have a process that extracts data from a SQL Server in CSV format. We want the Splunk agent to pick up that dat...

by Engager in

Monitoring an incrementing file name in a directory with a lot of different log files, how do I monitor just that file name?

A system that I am watching generates log files and rotates them such that the filenumbers increase, every X rows. Cu...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Is it possible that the Splunk forwarder caches old events and resends the data again and again?

If I have a monitored log file with lines that are overwritten rather than appended, will this cause any problems to indexing?

Will the increase of logging to metrics.log impact performance on an indexer?

Can I continue to delete files on Splunk Free Edition

How to remove index-time field extractions from an index, but still keep the _raw data?

French Syslog

Is there any risk in load balancing universal forwarder outputs with dedicated LB hardware?

How to troubleshoot error "TcpOutputFd - Connection to xxx host failed." on the forwarder?

Why am I getting error "HttpPubSubConnection - Received message for an unsubscribed channel: ..." on my universal forwarder?

Has anyone tried to get Cisco ScanSafe data into SPlunk?

How to extract age from a birthday field before the year of our Splord 1970?

How to search for multiple fields in a source files?

DateParserVerbose - what is splunkd.log telling me?

An external script saves "host" values in a csv, but names the field after the first result. How do I get the file to name the field "host" to run an inputlookup?

We are thinking of using directory recursion to collect logs from various servers, but what's the overhead on the system?

Running Splunk Enterprise on Windows 2008 R2, how do I index local security logs?

What is the best way to edit inputs.conf to pull logs from multiple paths into one sourcetype?

Why am I getting https error "ssl_error_rx_record_too_long" when logging into my Indexers?

Why can't I browse mapped drives under "Add Data" -> "Files and Directories"?

How to edit my search to filter and only return duplicate DHCP MAC addresses?

What does the technical term "indexing on the server" mean?

How can i append the values of one field to another field?

Why is my Splunk Light instance not showing any forwarders configured as deployment clients?

Is it possible to use Splunk as a static data store with a single log entry per line?

Monitoring an incrementing file name in a directory with a lot of different log files, how do I monitor just that file name?

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

s3 - Multiple directories data to be ingested into...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions