Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Handshake and socket error

OS for forwarder: Windows Server 2012 Splunk + Universal Forwarder version: 6 I'm trying to get my Universal Forwa...

by Explorer in

Splunkd is not running after executing add monitor command

Hi, I installed splunk on Ubuntu 12.04 64-bit in GoGrid. I have 8 clusters (1 master, 1 search node, 3 indexers...

by Explorer in

Inputs.conf and Multiple sourcetypes

Is it possible to monitor a directory for files that will be input with different source types (assuming I'd use whit...

by Communicator in

Unable to initialize modular input

Hi, I'm new to splunk. I'm getting this error "Unable to initialize modular input "LTA" defined inside the app "LTATe...

by Explorer in

Splunk 6 query format for JSON data

We send JSON formatted data into Splunk. On upgrading to Splunk 6 I noticed that selecting the value of a JSON field ...

by Path Finder in

ASA 8.1,8.2 sample logs

Can someone help me out to get some sample ASA 8.1 & 8.2 log messages.

by Engager in

Syslog data inputs not creating new sources

I used to have 2 UDP syslog data inputs: UDP://514 going to the default index, UDP://515 going to a new index. They w...

by New Member in

How do I apply a new linemerge rule to historical data?

I'm trying to add a new linemerge rule to my props.conf. I'm currently putting it in etc/system/local/props.conf but ...

by Explorer in

Time prefix ;

I have events that end and start with : orderLock;null; 2013-11-07 05:55:38.431; Log entry...... 162405913;; 2013-...

by Path Finder in

How to forward all logs in Event Viewer?

I guess the title says it all. In general I want to know if there's any way of sending all Windows Event logs thro...

by Explorer in

why lookup with outputnew doesn't work, when configured in props.conf

Hi, I have a search with two lookups ... | lookup user_agent_filter OUTPUT botstatus | lookup ipnet_filter cidr AS i...

by Path Finder in

UDP data on 516 port on a universal forwarder not showing up on splunk indexer

Hi All, I have a splunk Indexer receiving data from Kiwi syslog installed on a Splunk Forwarder machine. it also r...

by Engager in

Splunk for Cisco Network Devices

Hi All We currently have splunk installed, and have a fleet of cisco devices feeding syslog to it. This includes: ...

by Explorer in

How to detect that a file has been indexed

I have an automated process running on a Windows server that has the Universal Forwarder installed. It drops files fo...

by Communicator in

Problem forwarding Advanced IIS Logs

I am experiencing an issue where my universal forwarder (v5.0.4) is not forwarding my IIS Advanced Logs to the indexe...

by Contributor in

Same sourcetype, but different transforms per Host

I have an issue where we have a sourcetype that we want to remove a transform (on the indexer) that drops some data (...

by Path Finder in

Only one syslog shows up on server

I have a new windows install and I can only get one syslog to show up. Any other devices I direct to send their logs ...

by New Member in

Can we Split the results based on the users and email them ?

Hi.. I am trying to find the custom script which emails the conents of the search results specific to the users. I...

by Motivator in

Universal forwarder, can a Splunk 5.0.5 forwarder forward to Splunk 6.0 indexer

Universal forwarder, can a Splunk 5.0.5 forwarder forward to Splunk 6.0 indexer?

by Revered Legend in

Search head pooling with DNS round robin - getting logged out almost immediately after logging in?

Greetings everyone. We have a moderately sized distributed deployment. We have 3 search heads pooled, and all 3 have ...

by Builder in

Getting Data In

Discussions

Handshake and socket error

Splunkd is not running after executing add monitor command

Inputs.conf and Multiple sourcetypes

Unable to initialize modular input

Splunk 6 query format for JSON data

ASA 8.1,8.2 sample logs

Syslog data inputs not creating new sources

How do I apply a new linemerge rule to historical data?

Time prefix ;

How to forward all logs in Event Viewer?

why lookup with outputnew doesn't work, when configured in props.conf

UDP data on 516 port on a universal forwarder not showing up on splunk indexer

Splunk for Cisco Network Devices

How to detect that a file has been indexed

Problem forwarding Advanced IIS Logs

Same sourcetype, but different transforms per Host

Only one syslog shows up on server

Can we Split the results based on the users and email them ?

Universal forwarder, can a Splunk 5.0.5 forwarder forward to Splunk 6.0 indexer

Search head pooling with DNS round robin - getting logged out almost immediately after logging in?

Same log different indexers and index

Duplicate Siebel log events from Universal Forward...

Okta Rate Limit "skinny_users" warnings

Timezone configuration with daylight savings time

WMI does not collect data from servers that do not...