Getting Data In

Discussions

Thread Info

Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

I upgraded from 6.0 to 6.1 this morning and received the following message in a window titled "Force ACLs": Splunk...

by Motivator in

Windows eventlog can not be collected by Universal Forwarder

I have some windows machine to collect their eventlog, most of them works fine, but several of them can not send data...

by Explorer in

changes to config files

Hi.. I was used to using splunk as a single instance in my laptop. I am new to forwarders and indexes. I have log dat...

by Explorer in

Windows props.conf source stanza - Can't use the embedded Python interpreter

Hi, I have developed an App "Nmon performance Monitor for Unix and Linux Systems" (http://apps.splunk.com/app/1753...

by Influencer in

Convert Epoch timestamp

I am trying to convert epoch timestamp of stopTime into %m/%d/%Y %H:%M:%S , but I am getting 12/31/9999 23:59:59 ...

by Builder in

I'm receiving "Indexing quota exceeded" even my daily logs are about 300MB size

I'm receiving daily alert about Splunk license even my daily logs volume is under 500MB - about 300MB. Any ideas? ...

by New Member in

How to receive and index VMware logs using a Splunk 4.2.2 Windows universal forwarder and a Splunk 4.2.2 Linux indexer?

*Environment Index server: Splunk version is 4.2.2 on Linux Forwarder: VMware with vCenter on Windows Server 2008 (Un...

by New Member in

Filtering portions of log using heavy forwarder

by Motivator in

Domain Controller almost killed because of SID translation functionality

We recently deployed the following config to 500 Windows Universal Forwarders: [WinEventLog://Security] disabled =...

by Communicator in

How does Splunk use wildcards for inputs in the backend?

/var/log/…/apache.log matches the files in Splunk, but through either python or unix CLI, I am unable to perform the ...

by Contributor in

Getting error "Can't access "/etc/hostconfig": No such file or directory" How to enable universal forwarder on mac OSX to boot at startup?

I'm running Mac OSX 10.10 Yosemite. I have installed both the Universal Forwarder 6.1.4 and 6.2. Neither will enable ...

by Path Finder in

How to run and Display output of a perl script in splunk ?

Hi, I have a complex perl script which provides the distribution of response time and success/failure for our endp...

by Contributor in

Scripting with Splunk

I'm trying to setup Splunk so it pulls the IP, hostname, and original install date off of all servers that have the s...

by Path Finder in

Masking account numbers

Hello we are trying to mask an account#'s last 5 digits. I have added this to props.conf [annon] TRANSFORMS-anonym...

by Explorer in

Splunk DB Connect: Why am I getting an error trying to select a column for my dbmon-tail input?

Hello, I am trying to setup a tailing query using Splunk DB Connect app. My query is: select * from table W...

by Communicator in

How do I install Splunk on Windows without system admin access?

Hi I am unable to install Splunk on my local machine for development purposes. I do not have access to an admin ac...

by New Member in

How much license do I need if I'm using a heavy forwarder to send data only to a syslog server, not to an indexer?

Hi guys, I'm using a heavy forwarder to send data to a syslog server. If I don't send data to an indexer and only ...

by New Member in

How to troubleshoot why I can see network traffic, but no data is being indexed in Splunk from our Cisco FWSM?

Hi All, I have been having issues with getting logs into splunk from our cisco fwsm. When I open up wireshark I ca...

by Path Finder in

Where in Splunk_Home on the forwarder do I make the configuration to change a target index?

I have several web services which need to be in the same index. Currently they are going to 2 different indexes.. ...

by SplunkTrust in

What is the best way to update an index in Splunk to reflect a change in data pulled via a script from a database?

What is the best possible way to update an index in Splunk? Here is my usecase: Two lines are getting forwarded to...

by New Member in

How to configure a forwarder to regularly pick up data from a CSV file on a Linux server?

I have log and other data in a linux server. I am parsing the data using awk code and converting it into csv files. T...

by Explorer in

Setting tag values through REST API

Is it possible create tags and set tag values through the REST API?

by Engager in

Are there any issues with Splunk reading and indexing gzip files via a universal forwarder?

Hi, I've heard comments against configuring Splunk to read gzipped files, horror stories of it not always noticin...

by Path Finder in

Form Input - Add submit button for each panel

Hi, I would like to add a seperate submit button for each panel of a form. At the moment there is only one button ...

by Motivator in

Why can't I find the screen with the form for "file upload" to add data to my Splunk Cloud trial?

Hi, I'm new to Splunk. I signed up for the Cloud trial. When I first logged in I was presented with a "file upload" f...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

Windows eventlog can not be collected by Universal Forwarder

changes to config files

Windows props.conf source stanza - Can't use the embedded Python interpreter

Convert Epoch timestamp

I'm receiving "Indexing quota exceeded" even my daily logs are about 300MB size

How to receive and index VMware logs using a Splunk 4.2.2 Windows universal forwarder and a Splunk 4.2.2 Linux indexer?

Filtering portions of log using heavy forwarder

Domain Controller almost killed because of SID translation functionality

How does Splunk use wildcards for inputs in the backend?

Getting error "Can't access "/etc/hostconfig": No such file or directory" How to enable universal forwarder on mac OSX to boot at startup?

How to run and Display output of a perl script in splunk ?

Scripting with Splunk

Masking account numbers

Splunk DB Connect: Why am I getting an error trying to select a column for my dbmon-tail input?

How do I install Splunk on Windows without system admin access?

How much license do I need if I'm using a heavy forwarder to send data only to a syslog server, not to an indexer?

How to troubleshoot why I can see network traffic, but no data is being indexed in Splunk from our Cisco FWSM?

Where in Splunk_Home on the forwarder do I make the configuration to change a target index?

What is the best way to update an index in Splunk to reflect a change in data pulled via a script from a database?

How to configure a forwarder to regularly pick up data from a CSV file on a Linux server?

Setting tag values through REST API

Are there any issues with Splunk reading and indexing gzip files via a universal forwarder?

Form Input - Add submit button for each panel

Why can't I find the screen with the form for "file upload" to add data to my Splunk Cloud trial?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions