Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
redc

Why is my forwarder sending data from monitored files twice just a couple minutes apart?

I just set up a new forwarder on a new Linux server and set it to monitor some files. For some reason, it is sending...
by redc Builder in Getting Data In 04-17-2015
1 6
1
6
BT_Neophyte

Why is a specific log file not getting forwarded when others in the same directory do?

I'm having an issue where a specific log file is not forwarding, but others in the same directory and Splunk app are ...
by BT_Neophyte Explorer in Getting Data In 04-17-2015
0 5
0
5
cdyates

Can I reconfigure Splunk forwarders on Windows to point to a new indexer without reinstalling?

I want to point my windows forwarders to a new indexer. Do I have to reinstall to do that or can the redirect be don...
by cdyates New Member in Getting Data In 04-17-2015
0 1
0
1
careybrucem

Is it possible to get more granular on Windows system events as far as retention is concerned on the indexer?

Or am I at the mercy of the settings for index rotation settings? In other words, we have the following requirements...
by careybrucem Explorer in Getting Data In 04-17-2015
0 2
0
2
nowellca

OPSEC LEA with CheckPoint: SIC ERROR 119 - SIC Error for ssl_opsec: Client could not choose an authentication method for service ssl_opsec

We Installed OPSEC LEA on RedHat to connect to CheckPoint 75.40. The app is enabled and connected. CheckPoint shows...
by nowellca Engager in Getting Data In 04-17-2015
2 9
2
9
Tim80

Parsing CheckPoint Archive logs without "FW" tool

Hi, I have checkpoint archived logs stored in a binary format as described here : http://answers.splunk.com/answ...
by Tim80 New Member in Getting Data In 04-17-2015
0 1
0
1
ts_splunk

Splunk組み込みPython以外でUnicodeEncodeErrorが発生する

splunk cmd python xxxxxx.py と実行すると正しく実行されるPythonスクリプトがあります。 同じスクリプトを別途インストールしたPython環境ではUnicodeEncodeErrorが発生します。 Py...
by ts_splunk Path Finder in Getting Data In 04-16-2015
0 1
0
1
desi-indian

event tagging ..Multiple format lines in same log file

Hi , I am trying to do a field extraction for a log ...the issue I am facing is the field lay out remains con...
by desi-indian Path Finder in Getting Data In 04-16-2015
0 3
0
3
singhbc

How to convert date_* fields to epoch time after a join to calculate time difference?

I have a search that uses "join" which uses two sourcetypes to search the events and then joins them using a common f...
by singhbc Path Finder in Getting Data In 04-16-2015
1 6
1
6
svendewindt

How can i index the log file from a windows smtp service?

Hi, After a lot of searching, trying and bashing my head, i will drop my problem here. I would like to index the log...
by svendewindt Explorer in Getting Data In 04-16-2015
2 13
2
13
avdbsql

Is join order important ?

Could someone explain why I have this kind of difference? index=data sourcetype=st1 num=10 --> gives 2 results ind...
by avdbsql Engager in Getting Data In 04-16-2015
1 2
1
2
aak2

How to monitor the same log location from different servers with different source names?

Hi, I have the same log file locations with same file names in 3 different VMs. I want to differentiate them with so...
by aak2 New Member in Getting Data In 04-16-2015
0 1
0
1
Flynt

Scripted wtmp input rejected as Binary file

I have a script that pulls wtmp information and saves it to ASCII files but Splunk still insists that my files are bi...
by Flynt Splunk Employee Splunk Employee in Getting Data In 04-16-2015
2 3
2
3
bizza

Websphere MQ from mainframe

Hi all, I need to collect data from a IBM Websphere MQ where mainframe write messages. I read something on internet a...
by bizza Path Finder in Getting Data In 04-16-2015
0 5
0
5
garimayadav

How do I configure props.conf to break events based on the time prefix '@' character and a timestamp format of '%H:%M:%S.%3N'?

I want configuration so that events are divided on the basis of time prefix @ and timestamp configuration %H:%M:%S.%3...
by garimayadav New Member in Getting Data In 04-16-2015
0 4
0
4
Madhan45

Is there any app I can use to monitor CPU usage for 1000 Windows hosts that belong to 3 different environments?

I have 1000 hosts belonging to 3 different environments. I need to monitor CPU usage or CPU utilization for all these...
by Madhan45 Path Finder in Getting Data In 04-16-2015
0 7
0
7
photuris

Why am I unable to filter a saved search using the Splunk Python SDK?

In the main Splunk interface, I can filter down on a saved search like this: | savedsearch "my_search" | search titl...
by photuris Explorer in Getting Data In 04-16-2015
0 1
0
1
dvietze

In a Windows forwarder install, I specified a log directory to monitor. Which inputs.conf does that get written in?

During the Windows forwarder install I specified a path to monitor, and it is working, but it isn't in /splunk_home/e...
by dvietze New Member in Getting Data In 04-16-2015
0 2
0
2
landen99

How to number each line in a multiline event?

Is there a way to take a multiline event: a 1 b 2 c 2 d 4 e 5 c 6 and number each line? 1 a 1 b 2 2 c 2 d 4 3 e 5...
by landen99 Motivator in Getting Data In 04-15-2015
1 9
1
9
khalilrg4

How to send logs to multiple Windows 2008 R2 servers?

I am EXTREMELY new to Splunk and I need to send my logs to multiple log servers without bringing my Splunk to the gro...
by khalilrg4 New Member in Getting Data In 04-15-2015
0 2
0
2
srange98

Can a stand-alone indexer forward logs to an indexer cluster without being part of the cluster?

We have a remote location with a small bandwidth connection. We'd like to have an on-site indexer for all the machin...
by srange98 New Member in Getting Data In 04-15-2015
0 2
0
2
hanshen

Why does the splunkd service stop every night on my local Windows PC running Splunk 6.2.2?

I have Splunk Enterprise installed on my local PC. It's running fine, but splunkd service stops every night. It'sset ...
by hanshen Explorer in Getting Data In 04-15-2015
2 16
2
16
skoszegi

Where is the option to set the data source for apps?

Hi All, My scenario: I receive log files from a customer which I need to analyze and build reports from it. I was ab...
by skoszegi New Member in Getting Data In 04-15-2015
0 9
0
9
antonio_donatac

How to configure Splunk DB Connect connection type to dedicated rather than the default shared mode?

Hi all, I am usind the app Splunk DB Connect (version 1.0.8) to connect to a Oracle DB to fetch production data. Th...
by antonio_donatac New Member in Getting Data In 04-15-2015
0 4
0
4
nitesh218ss

Splunk DB Connect 1: Why is my inputs.conf configuration not changing the time format of timestamps (ex: 1355293814.207) for data fetched from MS SQL?

In inputs.conf file of local folder, I changed this, but the format is not being applied. index = default output.for...
by nitesh218ss Communicator in Getting Data In 04-15-2015
0 3
0
3
Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...
Top Solution Authors
View All