Getting Data In

Discussions

Thread Info

field extraction based on "=>"

I am consuming facter data from Puppet in the format of "virtual => vmware". Each host has on average 180 unique data...

by Communicator in

Is it possible to send host grouping information from a forwarder?

In an inputs.conf I can define a forwarder's host field which I can use in searches. Identifying a single host is not...

by Explorer in

Heavy Forwarder parsing error, CPU 100% utilized

Hi, I have heavy forwarders which do the complete parsing in my setup but I see below errors in the splunkd.log an...

by Communicator in

How to configure windows event (example login access) to send to splunk?

Hi, I'm using splunk recently. How can I configure "windows events" (example login access) to send them to splunk? I...

by New Member in

is it possible to have a custom command return json to splunk?

I have a RESTful webservice which returns me a fairly complex json. I wish to pass it as-is to splunk and hope for sp...

by SplunkTrust in

How Can I Compare Fields Against Another SourceType?

I have two source types - One with a list of hosts and their software (DataIn).The other with a list of ideal ver...

by New Member in

How to edit my current configuration for correct multiline event breaking?

Hi, I have a flat file multiline log: Here is my props.conf [emailAlerts2] SHOULD_LINEMERGE=true BREAK_ONLY_BEF...

by Contributor in

Is it possible to migrate summary indexes from Splunk 4 to Splunk 6?

I know this is probably a longshot, but is it possible to create a new summary index in our splunk 4 cluster with dat...

by Contributor in

How can i list logs files indexed by indexing date?

Hi guys! I have a folder monitoring stanza (E.g: "C:|logs|client|") and I want list all indexed files from these d...

by Explorer in

Is it possible to set monitor paths dynamically without the use of wildcards?

I want to create an app that will be deployed on a few forwarders to monitor log files. Problem is with the paths of ...

by Explorer in

Strip "Original Address" text in splunk

Hi, i would like to strip the "Original Address" Text that splunk appends. How do i do this ? Original Address...

by Explorer in

Negation in Transforms.conf

Hi, I have a lot in which the below lines are coming AAA good BBB good AAA good CCC good DDD bad AAA bad I wan...

by Contributor in

REST API: Why am I hitting a limit of 100 exported results?

Hi, I am trying to get some results out of Splunk using the REST API, I have the following in my script: uri = ...

by Influencer in

How to collect metrics of vmware performance in Splunk?

Hello! Can someone advise me how I can collect metrics of perfomance of vmware vms?

by Path Finder in

Can I run Splunk on a Virtual Machine in a NetLab environment to monitor traffic, Active Directory, etc?

I will be competing in a CCDC event and was wondering if I will be able to use Splunk on a VM in a NetLab environment...

by New Member in

How do I send my own data into a Splunk Cloud Sandbox Trial?

How do you send data from a forwarder into a Splunk Cloud Sandbox trial environment?

by Splunk Employee in

Can you forward data to the sandbox server with a universal forwarder?

I have setup a sandbox and wish to test the universal forwarder to send data to the sandbox. I do not see a way to ad...

by New Member in

WIndows DNS debug log becomes deleted

On a Windows 2008 domain controller, DNS debug logging enabled, so that queries can be captured by Splunk. The DNS de...

by Explorer in

Splunk DB Connect: Why am I getting jbridge.log error "java.io.IOException: Server returned HTTP response code: 401 for URL..."?

I get the following error in jbridge.log. Can someone advice on the fix. 2015-01-13 08:21:11,348 DEBUG options=['-...

by Path Finder in

Why is Splunk dropping data from a log file with error "Dropping data without forwarding since the size is greater than 67108864, event size=95536310"?

Hello Splunk is dropping lot of data from a log file in our Prod environment. It errors out as below in _inter...

by Motivator in

Does Splunk write back to the file that it's monitoring?

Can Splunk writeback to the file that it's reading for reporting?

by New Member in

Monitoring User Activity in Active Directory

How do I monitor user account creation in AD? I need to accomplish the following: Who created the user?What pri...

by New Member in

How to configure proper line breaking for indexing ftp log files?

I have some ftp log files that I am indexing and when I search, there will be events that have 275 lines in them inst...

by Engager in

What is the correct syntax to change Database Monitor (dbmon-tail) in setup.xml?

What is the correct syntax to change Database Monitor (dbmon-tail) in setup.xml? Example: [dbmon-tail://MY_DB/m...

by Communicator in

Can I configure defaultGroup when remotely deploying a *nix universal forwarder with a static configuration?

I am deploying universal forwarders with a bash script that is based on the sample script in http://docs.splunk.com/D...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

field extraction based on "=>"

Is it possible to send host grouping information from a forwarder?

Heavy Forwarder parsing error, CPU 100% utilized

How to configure windows event (example login access) to send to splunk?

is it possible to have a custom command return json to splunk?

How Can I Compare Fields Against Another SourceType?

How to edit my current configuration for correct multiline event breaking?

Is it possible to migrate summary indexes from Splunk 4 to Splunk 6?

How can i list logs files indexed by indexing date?

Is it possible to set monitor paths dynamically without the use of wildcards?

Strip "Original Address" text in splunk

Negation in Transforms.conf

REST API: Why am I hitting a limit of 100 exported results?

How to collect metrics of vmware performance in Splunk?

Can I run Splunk on a Virtual Machine in a NetLab environment to monitor traffic, Active Directory, etc?

How do I send my own data into a Splunk Cloud Sandbox Trial?

Can you forward data to the sandbox server with a universal forwarder?

WIndows DNS debug log becomes deleted

Splunk DB Connect: Why am I getting jbridge.log error "java.io.IOException: Server returned HTTP response code: 401 for URL..."?

Why is Splunk dropping data from a log file with error "Dropping data without forwarding since the size is greater than 67108864, event size=95536310"?

Does Splunk write back to the file that it's monitoring?

Monitoring User Activity in Active Directory

How to configure proper line breaking for indexing ftp log files?

What is the correct syntax to change Database Monitor (dbmon-tail) in setup.xml?

Can I configure defaultGroup when remotely deploying a *nix universal forwarder with a static configuration?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout