Getting Data In

Discussions

Thread Info

Unable to find the source file

hi, I have this source showing in the splunk source=/opt/splunk/var/spool/splunk/singlehost.sample.sav But when...

by Path Finder in

Renaming sourcetype and source with props and transforms

We have some VIOS servers that are special-purpose machines that aren't allowed to have a UF installed. I want to hot...

by Engager in

I can not set the timezone.

Hi. With some network devices to the server Splunk receives syslog-events. Time on these devices is set to GMT. Event...

by Engager in

TIME_PREFIX regex help

Hi, I seem to be incapable of figuring out what regex to provide in the TIME_PREFIX for my source type in order to...

by Explorer in

Problem running Custom Script

Have created a custom Perl script, added it to commands.conf - it finds the script just fine. The script outputs the ...

by Path Finder in

Setting up syslog on a wireless router

I have configured Splunk to capture syslog data on UDP:514 of my router but do not see any log data being captured, n...

by New Member in

keep some events and discard the rest

i have a huge log file with events, i need to keep around 20-30 events and discard the rest. I have used a stanza in ...

by Engager in

Index files in order of timestamp or record file timestamp as a field

I'm indexing a bunch of CSV files provided by an external vendor over ftp ( mapped or synched to my local drive ) the...

by Explorer in

How to test succesful Universal Forwarder installation?

I've installed the universal forwarder on a windows client to forward the data to my central log collecter which is a...

by New Member in

Can the universal forwarder route based on field found in the log message?

A file I am monitoring looks something like the following [timestamp] index=layer1 message="123456" [timestamp] in...

by Communicator in

Is it possible to manage Forwarders with mounted knowledge bundles?

I'm considering a Splunk cluster setup, where the Search Heads and Indexers (Peers) will be managed using mounted kno...

by New Member in

search/jobs/export does not return results with empty column headers

I using the following command to retrieve a particular macro search result. curl -k -u admin:admin https:// ...

by Engager in

Monitoring files from multiple inputs

How can I set my monitor in inputs.conf so that both of these directories are monitored- 1./var/lib/usr 2. /var/lib/n...

by Engager in

Exchange App (Lookup - Database Information) not working

I'm setting up the Exchange App, data is received in the correct indexes however I'm not seeing data in all the dashb...

by Path Finder in

How would you determine if data is pre-parsed?

We have three (Windows 2008 R2) domain controllers sending events to a single Splunk collector. We need to reduce ou...

by Explorer in

Timestamp detection fails

I try to parse out the timestamp of this line: Jun 3 17:39:09 svlog.myserver.net svdcdev 04/29/2013 09:14:37 AM ...

by Contributor in

Scripting Question

I am looking for some assistance to be able to script this lookup for windows systems tasklist /fo csv /v any i...

by Path Finder in

Extracting many "long key name" = "value" pairs from DB2's log files

Working on extracting some Key/Value pairs out of DB2's log files. I have a file like this: [...snip...] Buffe...

by Communicator in

Can you get a list of raw tcp ports being monitored from just an index name?

My app is sending events to a TCP port that Splunk is monitoring. Rather than make the port number part of the config...

by Communicator in

Converting a Huawei 450 byte binary cdr into a text file

Good Afternoon! Does anyone have perl script or other method for converting a Huawei 450 byte CDR into text for use i...

by New Member in

Getting Data In

Discussions

Unable to find the source file

Renaming sourcetype and source with props and transforms

I can not set the timezone.

TIME_PREFIX regex help

Problem running Custom Script

Setting up syslog on a wireless router

keep some events and discard the rest

Index files in order of timestamp or record file timestamp as a field

How to test succesful Universal Forwarder installation?

Can the universal forwarder route based on field found in the log message?

Is it possible to manage Forwarders with mounted knowledge bundles?

search/jobs/export does not return results with empty column headers

Monitoring files from multiple inputs

Exchange App (Lookup - Database Information) not working

How would you determine if data is pre-parsed?

Timestamp detection fails

Scripting Question

Extracting many "long key name" = "value" pairs from DB2's log files

Can you get a list of raw tcp ports being monitored from just an index name?

Converting a Huawei 450 byte binary cdr into a text file

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Query to list data inputs remote monitor from depl...

Ingesting data from blackbox

Forwarding data from Heavy forwarder to syslog ser...

WinNetMon Blacklist RemoteHostName

Re index of same file with same hash but metadata ...

Getting Data In

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >