Getting Data In

Discussions

Thread Info

Is there any way to guarantee my Forwarder collecting all data?

Hi all. We are using Splunk Enterprise version of 6.1.3. Is there any way to guarantee my Forwarder collecting all da...

by Engager in

Inputs.conf to monitor in given time range only

Hi, I have a situation: The logs are getting generated 24x7, but the client wants to monitor only during offline h...

by Communicator in

Can I stream the splunk resultset back to splunk for indexing, without storing it in a file?

I want to index the splunk resultset for future use. Do I always have to store it in a file?

by Contributor in

Best way to index .csv files with some common fields

Hi I have a series of .csv files (1 for each month) where the first 100 fields are the same, but after that there are...

by Engager in

Forwarder Data not showing in indexes

Recently I upgraded our Splunk installation from the 5 version to the new 6.0 version. The installation is pretty ...

by New Member in

How to forward all events to a single index, but filter out all splunkd sourcetype events that contain "INFO"?

We are currently using props.conf and transforms.conf to combine all non-internal ingest into a single index on our h...

by Explorer in

Capability to upload data files via the gui for a user?

I need to assign a capability to an existing Splunk user, so that they can upload files to their own index themselves...

by Explorer in

How to configure inputs.conf on a Universal Forwarder to only read the current day's file that contains the date?

I'm trying to configure inputs.conf to only read the current days file that contains the date. The file name changes ...

by Engager in

help with xml input

HI, I need some help with an xml input being sent via a tcp port. Here's an example of the input: <ver...

by Champion in

ignore specific parts of a log entry with props.conf and transforms.conf?

Hi Splunkers! Thank you so much for your help in advance! I'm trying to ignore specific fields within a syslog ...

by Explorer in

After removing an index, how or where can I find the related input for removal?

In a QA environment, for testing purposes, I used the search head to create a new index (tim_test), and then added a ...

by Path Finder in

Can I use the same index name in Hunk and Splunk

Hi, We are trying out Hunk. The goal is to keep shorter-term data in Splunk and longer-term data in Hunk. Is there...

by Champion in

How to configure universal forwarders on Windows servers to forward logs to a certain index on a Linux server?

We have a Linux-based Splunk enterprise server (free version) I installed the universal forwarder on a few windows se...

by Explorer in

How to direct incoming data on universal forwarder to desired index ?

My Setup I've an index by the name mobile_client1_venue1 that gets data from mobile client application that sends...

by Path Finder in

How to send dbquery results to an indexer from a forwarder?

how to send dbquery results to indexer for indexing from forwarder. |dbquery dtParts limit=300000 "SELECT * from...

by Contributor in

Why is some data being indexed as separate entries while monitoring csv log files?

I have a console app which reads data from table storage, and writes it out onto a csv file. I monitor each of the ou...

by Engager in

Mandrill Webhooks CIM mapping

I am importing Mandrill webhook data into Splunk, the format is described here: http://help.mandrill.com/entries/5830...

by Explorer in

Find the Difference between Timestamps

In Splunk I'm tracking web service calls which have a request/response pairs. So for example we have a Get Delivery S...

by SplunkTrust in

Are there any resources that explain in detail how Splunk works to monitor files on a universal forwarder?

I am trying to find a resource that explains how Splunk works to monitor files. I am familiar with the set up of inpu...

by Path Finder in

LINEMERGE / props.conf issues on XML

Greetings, I'm receiving XML files and noticed that the first half (around 257 lines) is a single event, but every...

by Path Finder in

One choice, multiple values

Hi! I'm trying to build a dashboard that searches two different indexes/sourcetypes using values from a dropdown. ...

by Path Finder in

Splunk isn't working like it used to. Why?

I have one Splunk server working with one client. Currently when I search for Splunk logs (in the GUI with the source...

by New Member in

Why isn't Splunk working with a new forwarder client?

I have Splunk working on one server (an indexer) with one other server as its client (with the Universal forwarder). ...

by New Member in

DB Connect Input - Query works but Input does not

Oh hai Splunkers! So I'm trying to extract a DB table for indexing into Splunk. I have successfully set up an ODBC...

by Builder in

winEventLogs and perfmon data inputs _TCP_ROUTING

I am using the _TCP_ROUTING attribute in my inputs.conf. When used with a winEventLogs and perfmon stanza it seems to...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is there any way to guarantee my Forwarder collecting all data?

Inputs.conf to monitor in given time range only

Can I stream the splunk resultset back to splunk for indexing, without storing it in a file?

Best way to index .csv files with some common fields

Forwarder Data not showing in indexes

How to forward all events to a single index, but filter out all splunkd sourcetype events that contain "INFO"?

Capability to upload data files via the gui for a user?

How to configure inputs.conf on a Universal Forwarder to only read the current day's file that contains the date?

help with xml input

ignore specific parts of a log entry with props.conf and transforms.conf?

After removing an index, how or where can I find the related input for removal?

Can I use the same index name in Hunk and Splunk

How to configure universal forwarders on Windows servers to forward logs to a certain index on a Linux server?

How to direct incoming data on universal forwarder to desired index ?

How to send dbquery results to an indexer from a forwarder?

Why is some data being indexed as separate entries while monitoring csv log files?

Mandrill Webhooks CIM mapping

Find the Difference between Timestamps

Are there any resources that explain in detail how Splunk works to monitor files on a universal forwarder?

LINEMERGE / props.conf issues on XML

One choice, multiple values

Splunk isn't working like it used to. Why?

Why isn't Splunk working with a new forwarder client?

DB Connect Input - Query works but Input does not

winEventLogs and perfmon data inputs _TCP_ROUTING

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures