Getting Data In

Discussions

Thread Info

HOW TO USE LINE_BREAKER 3?

Hello, I have logs with some events. My events start from:"main: number of bytes received: " and finish to:"msgsnd_w_...

by New Member in

help with CSV inputs - utf16-le and header input problems

I have a utf-16 CSV file with a 0xFFFE byte order mark and the csv field names in the first line. I have defined t...

by Super Champion in

Identifying an asset over multiple sourcetype events

Hi Splunk Answers, First post here, go easy on me! We're running Splunk ES and I would like to create a correlation s...

by Path Finder in

filtering syslog from only one host

I have multiple hosts sending syslog information to splunk via its listener. However, one of these hosts, I'd like to...

by Explorer in

Logs dont show upp i "real time"

I recive some hosts from firewalls/Wireless controllers and they show up when you search for *. Recently i have some ...

by Path Finder in

props.conf source file/directory

Following the documentation http://www.splunk.com/base/Documentation/latest/admin/Forwarddatatothird-partysystems I'v...

by Explorer in

Sub Query ? on Syslog results

I have some data (cleaned syslog) that we are using the Top function to see top Destination IP addresses in some log ...

by New Member in

What is the best way to monitor a web page containing links to xml to index RSS feeds in Splunk?

I want to monitor a web page containing links to xml for rss feeds to be indexed into Splunk in real-time. Let's use ...

by Motivator in

Can Splunk behave like a batch job or Windows service which will check for a file at ftp location every hour and index that file?

Can Splunk behave like a batch job or like windows service which will check for file at ftp location every hour and i...

by Explorer in

No HTTP response from Splunk when sending data

All, I'm trying to curl data to my Splunk indexer. The data is getting there, but I'm never receiving a response f...

by Contributor in

Universal Forwarder only sends monitored log file once per restart...

I have a universal forwarder installed on my Print Server (Windows 2012 R2). I used WinPrintMon but it is giving some...

by Builder in

Hong Kong Timezone HKT not being recognised ?

If I index an event with 2015-05-20 19:10:01.132 HKT This is an event in Hong Kong Time Zone The timezone wil...

by Splunk Employee in

Log file - small subset of entries lacks timestamp - how to fix at index time?

Hey guys, I'm having a bit of a hard time with a few events in our game's log files. I would've changed the loggi...

by New Member in

Record Event Break

It does not look like Splunk is breaking my XML correctly. I’d like to break it before each ‘<record version=’ tag in...

by New Member in

Fields with spaces

Hello, I've got a problem with 2008 eventlogs returns by universal forwarder. My win 2008 R2 is a french version a...

by New Member in

how do i install a Universal Forwarder in silent installation and configuring in same time inputs.conf ?

Hi, I want to use silent instillation of splunk forwarder on a windows server. The splunk server architecture is...

by Path Finder in

Rolled over issue with same header

I have couple of files in a directory as below Out.log Out_15.05.20_14.32.33.log Out_15.05.21_07.06.45.log Out_15....

by Path Finder in

Can I forward only success logs of security log for windows using universal forwarder?

Once we forward security logs for windows event log using Universal forwarder from each servers to splunk server, Can...

by New Member in

Combining input.conf files for the same app in different data centers

Currently I deploy an app for Oracle log files on servers located in DC1 as such: deploy svr> /opt/splunk/etc/deploym...

by Path Finder in

How does the user:group get set for a deployed app to the universal forwarder?

When I deploy an app to my universal forwarder, it has root:root ownership. Is there any way to set that to another u...

by Explorer in

Getting Data In

Discussions

HOW TO USE LINE_BREAKER 3?

help with CSV inputs - utf16-le and header input problems

Identifying an asset over multiple sourcetype events

filtering syslog from only one host

Logs dont show upp i "real time"

props.conf source file/directory

Sub Query ? on Syslog results

What is the best way to monitor a web page containing links to xml to index RSS feeds in Splunk?

Can Splunk behave like a batch job or Windows service which will check for a file at ftp location every hour and index that file?

No HTTP response from Splunk when sending data

Universal Forwarder only sends monitored log file once per restart...

Hong Kong Timezone HKT not being recognised ?

Log file - small subset of entries lacks timestamp - how to fix at index time?

Record Event Break

Fields with spaces

how do i install a Universal Forwarder in silent installation and configuring in same time inputs.conf ?

Rolled over issue with same header

Can I forward only success logs of security log for windows using universal forwarder?

Combining input.conf files for the same app in different data centers

How does the user:group get set for a deployed app to the universal forwarder?

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

How to use source file modification time instead o...

Forwarding data into indexer

Wildcard ... not working in my stanza

Trouble indexing 'File Meta-Data' on Windows volum...

Java error from within DBConnect

Getting Data In

Discussions

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >