Getting Data In

Discussions

Thread Info

Index issue - new logs - iis-2

Hi, I have splunk sitting on a server indexing log files from a dir \weblog When I initially added the folder a...

by Contributor in

Question about time searches

Hello splunk community, I'm brand new at using the software and I seem to run into a point that I cant find any docum...

by Path Finder in

Integration of Imperva Database Activity Monitor (DAM)?

Dear experts, would it make sense to integrate Splunk and Imperva DAM? Has anybody done it, who is willing to share h...

by Builder in

Summary Index or not?

All, We have Windows and Linux BIND DNS servers logging into one index in Splunk. Because of the way Windows logs ...

by Explorer in

Can you override host for an input?

I have an input like the below. When I search for events from that input they have host=127.0.0.1. The app sending th...

by Communicator in

Event detection within a standard window?

I need to perform a search that spans a days worth of logs looking for 5 identical events in a one hour window. Break...

by New Member in

combine search results with external data

Hello, I have csv file with geo coordinates of my internal ip's. I dont know how to combine it with google maps. c...

by Explorer in

Univeral forwarder not forwarding

I have a problem with a universal forwarder as i configured on a domain controller to use with splunk app for active ...

by Path Finder in

Using Splunk as a log forwarder itself?

I'm looking at Splunk to possibly replace a Kiwi Syslog server, however I don't see one of the features that Kiwi pro...

by New Member in

Getting Data into iseries app

I have multiple feeds coming into UDP:514, from this input I have ASA, ESA, and as400 data coming in. I have recently...

by Path Finder in

Splunk JMS Modular Input v1.2.2

I believe I have the JMS Modular Input app installed and running. How do I configure this to monitor a JMS queue on a...

by New Member in

Windows Event logs in syslog format

All our windows servers are sending security event logs to a central syslog server - they are not in Windows event lo...

by New Member in

Do I need to restart a license slave if I change license master?

If I need to move to another license master, do I have to restart my indexer?

by Splunk Employee in

Is Splunk the right tool for ESXTOP?

Hello All, I'm outputting VMware esxtop data to a csv and was wondering if splunk was the right tool to index and ...

by New Member in

Index time not same as log message time

I just setup another splunk server. Foolishly I forgot to turn on NTP and the system clock was way off. The first chu...

by Communicator in

spliting multiple feed that use udp:514

I have multiple systems reporting over UDP:514. I want to separate the iron port email, Cisco ASA's, iseries as400, a...

by Path Finder in

UF tries to open two connections at the same time on the same outbound port

On several servers, the universal forwarder tries to open up two connections at the same time on the same outbound po...

by Splunk Employee in

Monitor different sourcetype in sub-directories

I have to monitor two source types in this following directory structure \\Server\Path\{can be any name}.log == > ...

by Communicator in

scripted input to run at top of minute

Is it possible to tell Splunk to run a scripted input every 5 min at the top of the minute. Ie Script run at 11:05:00...

by Splunk Employee in

indexing, segmenting segments, pre-search

I am a splunk newbie, so some obvious explanations might need further clarification. What I have: Advanced medi...

by New Member in

Getting Data In

Discussions

Index issue - new logs - iis-2

Question about time searches

Integration of Imperva Database Activity Monitor (DAM)?

Summary Index or not?

Can you override host for an input?

Event detection within a standard window?

combine search results with external data

Univeral forwarder not forwarding

Using Splunk as a log forwarder itself?

Getting Data into iseries app

Splunk JMS Modular Input v1.2.2

Windows Event logs in syslog format

Do I need to restart a license slave if I change license master?

Is Splunk the right tool for ESXTOP?

Index time not same as log message time

spliting multiple feed that use udp:514

UF tries to open two connections at the same time on the same outbound port

Monitor different sourcetype in sub-directories

scripted input to run at top of minute

indexing, segmenting segments, pre-search

Parsoning JSON arrays

Not able to access Splunk Course Fundamentals 1

Not receiving CrowdStrike Intel Indicators events

Discard metrics

Windows msiexec install is failing...why?