Getting Data In

Discussions

Thread Info

splunk search server event logs from my PC without forwarders?

Hi, from my workstation PC, can I install Splunk and then search event logs on my domain controllers and windows serv...

by New Member in

Forward Server Active Check

Is there a way to check and see if a forward is actively forwarding? For example, at one point splunk add forward-...

by Explorer in

How do I know if universal forwarder has finished reading and complteted forwarding data to indexers?

Hi, I have been looking for information about REST API point to know if UF has completed reading the file and send...

by Motivator in

Extracting multiple occurrences of a field from a syslog-ng statistics message.

Hi, I am trying to extract multiple occurrences of two fields from the statistics message that is generated by sys...

by Explorer in

Structuring nested data

Hi all, I have an application that needs to write some data that may be several levels deep and I'm struggling to ...

by Explorer in

To which source the _geo field belongs to??

Hi All, Please let me know to which source or sourcetype the _geo field belongs to? I want this for second search que...

by Path Finder in

time difference issues

I need to be able to calculate the time difference between two dates and everytime i try anything...it returns blank ...

by Explorer in

Windows Events filtering

Hi All, Trying to filter on Win Sec events, dropping events that don't have particular eventids and Account Name c...

by New Member in

indexing a file uploaded with same filename

Hi, scenario: a log uploader application helps in uploading logs to a directory. let it be splunkdata/timeofupload/yo...

by Builder in

Anonymize data using regex transform

Hi Splunk experts, I am using regex transform to mask data in splunk. But splunk only masks first occurence of string...

by Communicator in

TIME_FORMAT ignored

Hi, I'm trying to set timestamp recognition for a sourcetype, in order to avoid recognising timestamp in the event...

by Builder in

active directory monitoring is generating too many audit events in WinEventLog:Security

I just turned on a splunk forwarder with the active directory monitoring on my AD server. Since the windows logs WinE...

by Splunk Employee in

Monitor Files via UNC outside of the Domain

I need to come up with a way to monitor files via UNC (I know this is not the preferred way) for ~140 servers that ar...

by Motivator in

Data replication across two indexers

I have currently one Splunk server who works as indexer and searcher. I want to add second server which will be a mir...

by Path Finder in

App deployment in Splunk 5.0 clustering from a master node

Is it possible to deploy an app from the Splunk master node /master-app/cluster/local to all the peer nodes ?

by Communicator in

Getting Data From TCP Port - I need to provide a Token in Order to Make The Connection

I have a requirement where in order for the remote machine to send data over the TCP connection to Splunk, it needs S...

by New Member in

routing window system logs to a different index

Hey there, I have a windows forwarder sending the servers's application, system and security logs to the indexers....

by Path Finder in

NetFlow Integrator 3.1.0 with splunk 5.0.2 can't start

Hello, I'm new in splunk. Splunk with syslog works correct now. I try test netflow from cisco asa. I set netflow i...

by New Member in

How to force the host with syslog sourcetype

This is a common issue with the syslog sourceytype. By default it behave differently from the other inputs, the host ...

by Splunk Employee in

props. conf file help

Using [monitor://path] Stanza i need to monitor a folder which contains binary data. When i set the props.conf as, ...

by Contributor in

Getting Data In

Discussions

splunk search server event logs from my PC without forwarders?

Forward Server Active Check

How do I know if universal forwarder has finished reading and complteted forwarding data to indexers?

Extracting multiple occurrences of a field from a syslog-ng statistics message.

Structuring nested data

To which source the _geo field belongs to??

time difference issues

Windows Events filtering

indexing a file uploaded with same filename

Anonymize data using regex transform

TIME_FORMAT ignored

active directory monitoring is generating too many audit events in WinEventLog:Security

Monitor Files via UNC outside of the Domain

Data replication across two indexers

App deployment in Splunk 5.0 clustering from a master node

Getting Data From TCP Port - I need to provide a Token in Order to Make The Connection

routing window system logs to a different index

NetFlow Integrator 3.1.0 with splunk 5.0.2 can't start

How to force the host with syslog sourcetype

props. conf file help

Zoom logs and Timestamps

Windows Registry monitoring works for local host n...

Get data from WMI to splunk forwarder

Sourcefile name changes at index time - intermitte...

Troubleshoot the Splunk Add-on for Microsoft Cloud...