Getting Data In

Ask a Question

Discussions

Thread Info

Dynamic sourcetype setup

Hi There, Just wondering whether it is possible to define ONE sourcetype for below csv log files. So that we do n...

by Explorer in

How to configure Splunk to read XML files correctly?

I got a problem getting splunk to read my XML files correctly. Example on one of my XML files: http://imgur.com/RT...

by Engager in

Where do Report extractions go

Hi, I have some access logs and want to use the provided out-of-the-box field extractions (access-extractions). I ...

by Champion in

How do you remove a stale pid file on a Splunk 4.2.5 forwarder

by Engager in

Automatically Get Lookup Table with Universal Forwarder

Hello Splunk Verse, I was wondering if anyone could help solve a configuration challenge? My system admin's are wa...

by Contributor in

How to use inputlookup file.csv to filter out results from a search

here is my current search that im running index=test outbound "/22" cisco_dsthost!=10.0.0.1| RENAME cisco_dsthost AS ...

by Contributor in

Index and Forward data into another splunk instance

I have an existing splunk instance on run version 6. I want to forward a copy of one data type into another splunk in...

by New Member in

Windows 2012 Applications and Services Logs no getting forwarded

Hi, I have added the following lines to the inputs.conf on the universal forwarder. But those events are not getti...

by Explorer in

How can I instruct Splunk to ignore the time fields in a JSON string

I have an input that has a JSON format: { "a" : 0, "b" : 0, "time" : 1418397877, "timezone" : "-05:00" } Proble...

by Explorer in

How best to test data input to determine source type?

I am writing logs to a local file and was wondering what the best way to determine what the proper source type should...

by Influencer in

Edited inputs.conf file, where can I find the log files or can I bring up the results through command line

Hi, I am using Splunk on Ubuntu and edited the inputs.conf file to look at an IP address which I hope is working. ...

by Engager in

Weblogic 10.x logs for datasource

Hi All, I'm trying to add weblogic 10.3 log files to indexer and I'm struggling to get the timestamp parsed correc...

by New Member in

adding rolling.logs to splunk windows

I need to input below file to splunk D:\Debug\Log\Forms\Rollingfile and D:\Debug\Log\Forms\Rollingfile.log2...

by Path Finder in

Why are only some (91 out of 1300) JSON files from the same folder location being indexed?

Splunk Version 6.1.2 and Splunk 6.2.0 I have created a Data Inputs folder with roughly 1300 small JSON files in it. W...

by New Member in

When one indexer in cluster exceeds disk quota, what can be done to keep it from becoming unsearchable?

I have a 6 indexer cluster (rep factor 3), all 6 indexers are about to fill up on disk space. I added 6 more peers to...

by Explorer in

Help with wildcard inputs issues

Hi, I have some new inputs configured with wildcards and whitelists, but they aren't pulling in the data. The ...

by Champion in

monitor a directory with yesterday date (and avoid monitoring directories with today date..)

hi everybody i have to monitor a server with some directories ordered by date. I have to index automatically every...

by Explorer in

Best App or View for Cisco Syslog & Firewall Data?

All, I noticed that there are a number of different Apps available for Cisco devices. I'd like to hear from the co...

by Engager in

Is there a way to make xml events easier to read

Hi, I'm getting an xml feed which is ugly. Very busy, lots of info... Are there any options to apply that will ...

by Champion in

Help to troubleshoot FIN_WAIT2 tcp state

Can you please tell us, when we will get FIN_WAIT2 tcp state for TCP-SSL receiving in splunk.

by Builder in

Managers need limited access to Splunk in order to see their employee's activity

Hi, We've got multiple user-related sourcetypes for things like internet browsing or file activity. All of these h...

by Super Champion in

Add Data > Upload: Why is the index list incomplete under Input Settings on Splunk 6.2?

While uploading a file, when I attempt to select an index from the dropdown menu in the Input Settings, an incomplete...

by Engager in

Syslog splunk on netasq u70 v9 ?

Hi everyone, just started with splunk. I installed it on a windows pro, but cant understand how it works : i d lik...

by New Member in

Upgrading and migrating 32bit/64bit and 6.1 to 6.2 ends up with "Setup Wizard ended prematurely"

Hi, I am trying to upgrade and migrate in the same time and that might be the problem, but which one is to be done fi...

by Explorer in

DB Connect and Lookup Caching

Hi, Im looking into using the DB Connect app to provide a db lookup source. I noticed that there are settings in the ...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Dynamic sourcetype setup

How to configure Splunk to read XML files correctly?

Where do Report extractions go

How do you remove a stale pid file on a Splunk 4.2.5 forwarder

Automatically Get Lookup Table with Universal Forwarder

How to use inputlookup file.csv to filter out results from a search

Index and Forward data into another splunk instance

Windows 2012 Applications and Services Logs no getting forwarded

How can I instruct Splunk to ignore the time fields in a JSON string

How best to test data input to determine source type?

Edited inputs.conf file, where can I find the log files or can I bring up the results through command line

Weblogic 10.x logs for datasource

adding rolling.logs to splunk windows

Why are only some (91 out of 1300) JSON files from the same folder location being indexed?

When one indexer in cluster exceeds disk quota, what can be done to keep it from becoming unsearchable?

Help with wildcard inputs issues

monitor a directory with yesterday date (and avoid monitoring directories with today date..)

Best App or View for Cisco Syslog & Firewall Data?

Is there a way to make xml events easier to read

Help to troubleshoot FIN_WAIT2 tcp state

Managers need limited access to Splunk in order to see their employee's activity

Add Data > Upload: Why is the index list incomplete under Input Settings on Splunk 6.2?

Syslog splunk on netasq u70 v9 ?

Upgrading and migrating 32bit/64bit and 6.1 to 6.2 ends up with "Setup Wizard ended prematurely"

DB Connect and Lookup Caching

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

UF

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout