Getting Data In

Thread Info

After installing and configuring a universal forwarder on a remote Linux machine, why am I unable to login and connect to the remote instance?

On the remote end I see this after installing/configuring Universal Forwarder: ./splunk list forward-server Splunk...

by Explorer in

What is the order of precedence when there are conflicting configs (such as timezone) at the sourcetype, host and source level?

What is the order of precedence when there is conflicting configurations (such as timezone) at sourcetype, host and s...

by Path Finder in

Local Users on Universal Forwarder and Remote CLI?

We are looking to lock down our universal forwarders on Windows servers. Our plan is for all the necessary configs to...

by Path Finder in

How to troubleshoot why I am receiving no data from my universal forwarder?

Okay... Here is my hangup. I've taken some training: -What is Splunk -Searching and Reporting -Building Objects Bu...

by New Member in

Nightly install of Universal Forwarder, random regmon crashes

We are using Citrix PVS to provision fresh XenApp servers every night, about 60 of them in total. A few dozen applica...

by Explorer in

Why is my Linux forwarder not sending data to the indexer?

Hi, One of my Linux Forwarder not sending data to indexer. Could you please assist me what is wrong in my configur...

by Path Finder in

Is it possible to run 'splunk list monitor' for a universal forwarder (deployment client) remotely?

Hi. I've got some rather complex rules (at least to me) that I'm pushing out to a remote Windows universal forwarder ...

by Builder in

Is it normal behavior for JSON labels, not just actual key/value data, to be counted against license usage and how to prevent this?

Hi friends I have a question. I have an app that formats output as json and sends it to Splunk. Real data of each ...

by Path Finder in

How to remotely install and configure a universal forwarder to point to 1 of 10 intermediate forwarders?

Is there a way to remotely install universal forwarders using a command line push that would allow multiple intermedi...

by Engager in

What is port 8089 for and can I disable it?

For PC compliance safety, I tried to disable port 8089 by modifying server.conf, but I could not log in to the web po...

by Explorer in

Why are the timestamps for events indexed in Splunk behind by 5 hours compared to the original logs?

Splunk is not showing the correct time that logs are coming in. They are behind by five hours. The time on the server...

by Contributor in

Hunk - assigning sourcetype

I create two virtual indexes within Hunk that reads from two separate HDFS directory. One is for Cisco ASA logs, and ...

by Influencer in

Timezone isn't being set correctly

I have a log file with events that look like: < Start > Timestamp: 2/27/2015 8:34:14 PM Information: Message: Refr...

by Path Finder in

How many sourcetypes are considered too many in terms of performance?

A Splunk estate I came across has hundreds of sourcetypes, mostly creating a new sourcetype per different log, regard...

by Builder in

What is the frequency with which logs are read in Splunk?

What is the frequency with which logs are read in Splunk? Does delay in seeing recent log details in Splunk related t...

by New Member in

What are recommendations for monitoring information on a Linux server?

Hi, I wish to monitor linux server info like number of CPU, processor, linux version etc in Splunk. What will be ...

by Path Finder in

How to get grand total or sum of the currency field (in excel currency format $1,234.10) to display as a result?

I uploaded a .CSV file with 30,000 events into Splunk with currency amount (excel currency format '($1,234.10)'. Usin...

by Path Finder in

Why are dependent dynamic drop-down inputs displaying epoch time values instead of the format HH:MM in Simple XML?

Hi All; 3 Drop down inputs right now are being used as a custom timepicker. The first one is used to select any of...

by Path Finder in

How will Splunk handle the clock change for leap seconds in June 2012?

See this webpage for reference - http://www.timeanddate.com/time/leapseconds.html On June 30 2012, an extra second...

by Communicator in

Things to do when you first install Splunk?

What are the things that you normally do as part of a Splunk server installation? David Carasso published a nice l...

by Legend in

Json format is not getting indexed

Hi, I am trying to analyze the json file for some reason it is not getting indexed. Here is a sample json file [ {...

by New Member in

is it safe for app-developers to use pulldown_type=true on their sourcetypes

props.conf has a boolean setting called "pulldown_type". If you set it to true, then the name of your sourcetype will...

by SplunkTrust in

Was there a change in Splunk 6.1.5 with how an indexer reads indexes.conf compared to previous versions?

In the process of migrating to an indexes app instead of fixed /opt/splunk/etc/system/local/indexes.conf, I did a sea...

by Explorer in

Timestamp extraction - Selecting 2013 instead of 2007

I am trying to extract timestamp. But instead of 2007, Splunk is extracting 2013 which is not at all in my event. Cou...

by Builder in

Can I use a REST API command to identify saved searches using a summary index?

Can use a REST API command to identify saved searches using a summary index?

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

After installing and configuring a universal forwarder on a remote Linux machine, why am I unable to login and connect to the remote instance?

What is the order of precedence when there are conflicting configs (such as timezone) at the sourcetype, host and source level?

Local Users on Universal Forwarder and Remote CLI?

How to troubleshoot why I am receiving no data from my universal forwarder?

Nightly install of Universal Forwarder, random regmon crashes

Why is my Linux forwarder not sending data to the indexer?

Is it possible to run 'splunk list monitor' for a universal forwarder (deployment client) remotely?

Is it normal behavior for JSON labels, not just actual key/value data, to be counted against license usage and how to prevent this?

How to remotely install and configure a universal forwarder to point to 1 of 10 intermediate forwarders?

What is port 8089 for and can I disable it?

Why are the timestamps for events indexed in Splunk behind by 5 hours compared to the original logs?

Hunk - assigning sourcetype

Timezone isn't being set correctly

How many sourcetypes are considered too many in terms of performance?

What is the frequency with which logs are read in Splunk?

What are recommendations for monitoring information on a Linux server?

How to get grand total or sum of the currency field (in excel currency format $1,234.10) to display as a result?

Why are dependent dynamic drop-down inputs displaying epoch time values instead of the format HH:MM in Simple XML?

How will Splunk handle the clock change for leap seconds in June 2012?

Things to do when you first install Splunk?

Json format is not getting indexed

is it safe for app-developers to use pulldown_type=true on their sourcetypes

Was there a change in Splunk 6.1.5 with how an indexer reads indexes.conf compared to previous versions?

Timestamp extraction - Selecting 2013 instead of 2007

Can I use a REST API command to identify saved searches using a summary index?

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions