Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to set up Splunk to monitor logs and configure distributed search across 4 different development environments (Dev > Tst > Stg > Prod) in AWS

We have four AWS accounts to host different development environments: Dev -> Tst -> Stg -> Prod Requirements: We w...

by New Member in

How to create a Non Administrative User Account to run universal forwarders to forward Windows security logs?

Hi All, I need to install a Universal forwarder in our environment, but due to strict policies, we cannot give the...

by Path Finder in

Inputs.conf Settings for IAS Logs Takes 100% CPU

I've been pulling my hair out on this one for weeks and I'm finally to the point where I need a sanity check. I'm ...

by Explorer in

Validate third party ssl splunk2splunk communication

Hi splunkers I've configured 3rd party ssl between indexer and h.f. indexer 9997 open for tcp, 9996 for ssl. I've ...

by Motivator in

Matching Windows path in props.conf

I'm trying to set up the Splunk for A10 Networks app. It expects syslog data on UDP port 514. My data is coll...

by Explorer in

Is it possible to monitor a file in a directory with a wildcard in the path?

Hello fellow splunkers! I'm about to set up an universal forwarder monitoring a specific path on a server. On this...

by SplunkTrust in

Is it possible to create a batch data input via the REST API?

I maintain an app with a data input wizard, under the hood of which is a custom controller that can list and create n...

by SplunkTrust in

Universal Forwarder folder path monitor

What stanza do i set in the Universal Forwarder to send data to the indexers from a folder path? I want to send outp...

by Contributor in

line_breaker help

I'm struggling getting my data to break to events. A REST call gives me a csv in a long straight line, without any ch...

by Communicator in

Huge disk space discrepancy on indexers in cluster

Some background: So we are having some problems in our environment, we have a cluster of indexers and some of the ...

by Explorer in

Why did setting "maxDataSize = auto_high_volume" for an index delete all events older than a year?

I originally had this in my indexes.conf file: [myindex] homePath = $SPLUNK_DB/myindex/db coldPath = $SPLUNK_DB/my...

by Communicator in

How to find the time difference between values in the same field

Hi all, I have a field that i am calling "code_load_date" and I am running a stats command that groups them by associ...

by Path Finder in

Monitor syslog Inputs

I currently have a syslog server forwarding data to our splunk instance. I wanted to know if there were any searches ...

by Path Finder in

What is the best way to fork events into a new sourcetype that will eventually become the only sourcetype?

Basically, I want to have ONE log file populating TWO sourcetypes at the same time. Identical events in both. Eventua...

by Builder in

How do I tell if a forwarder is down?

How can you differentiate between a forwarder being down and a forwarder not having any data to send ? i.e is there a...

by Path Finder in

sending WinEventLog://Application to different indexes

I have the following requirement: <ul> <li> send WinEventLog://Application , except for one specific EventCode to one...

by Path Finder in

Active Directory inputs missing SYNC event types after 6.2.1 upgrade?

As the question above states; Since the 6.2.1 update of Splunk, our active directory inputs are no longer gatherin...

by Communicator in

Can't seem to figure out wildcards when monitoring files (inputs.conf)

I've been messing about with this for a while now and I can't seem to figure out the rhyme or reason behind how wildc...

by Communicator in

ERROR ScriptRunner

Any idea as to what causes this error: 02-19-2014 17:17:01.577 -0500 ERROR ScriptRunner - extern write error: errn...

by Engager in

Can i tcpout to multiple servers with output.conf file?

Complete newbie to Splunk, have just setup a distributed search structure (1 deployment server, 1 search head, 2 inde...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to set up Splunk to monitor logs and configure distributed search across 4 different development environments (Dev > Tst > Stg > Prod) in AWS

How to create a Non Administrative User Account to run universal forwarders to forward Windows security logs?

Inputs.conf Settings for IAS Logs Takes 100% CPU

Validate third party ssl splunk2splunk communication

Matching Windows path in props.conf

Is it possible to monitor a file in a directory with a wildcard in the path?

Is it possible to create a batch data input via the REST API?

Universal Forwarder folder path monitor

line_breaker help

Huge disk space discrepancy on indexers in cluster

Why did setting "maxDataSize = auto_high_volume" for an index delete all events older than a year?

How to find the time difference between values in the same field

Monitor syslog Inputs

What is the best way to fork events into a new sourcetype that will eventually become the only sourcetype?

How do I tell if a forwarder is down?

sending WinEventLog://Application to different indexes

Active Directory inputs missing SYNC event types after 6.2.1 upgrade?

Can't seem to figure out wildcards when monitoring files (inputs.conf)

ERROR ScriptRunner

Can i tcpout to multiple servers with output.conf file?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...