Getting Data In

Discussions

Thread Info

Is thawedPath in indexes.conf recommended?

Hi Splunkers, I just want to ask if it is required in indexes.conf to specify the thawedPath? Thanks, Eddel

by Communicator in

Why are new events resulting from mvexpand picking up special characters when exporting to CSV and how to avoid this?

This is a strange one, I have a data source which has multiple values in two separate fields so I use the makemv and ...

by Path Finder in

Stricter search gives me more results...what?

I have a query that looks like this index=*ind* ((source=*src1.log field=NAME) OR (source=*src1.log field=STRING))...

by Path Finder in

Why is my props.conf configuration not parsing JBoss GC logs properly?

Hi guys, I'm trying to parse GC logs from JBoss which look like this: {Heap before GC invocations=1 (full 0): ...

by Explorer in

How do I send logs from a SSL VPN device to Splunk Heavy Forwarder?

I would like to configure a SSL VPN device to send the logs over to the Splunk Heavy Forwarder on udp/514. How do I c...

by Loves-to-Learn Lots in

Why does Splunk sometimes insert the a blank line in forwarded log4net logs?

I have the following log punch by log4net DATE : 02-10-2015 05:06:37 URL : http://localhost/229/processTy...

by New Member in

Events being cut when Linecount > 206. How to increase this limit?

For a web service call, my event has a linecount=220. But when looking at the response in Splunk, it is cutting the e...

by SplunkTrust in

Universal Forwarder - Timezone by sourcetype not working?

Just starting out with Splunk recently, still using the free version for now. My Splunk head, indexer & deployment se...

by New Member in

How to set a correct line breaks in my props.conf

The first picture is my original logs The second picture is my logs in the splunk Now,we can see the ...

by Communicator in

Why SEDCMD configured in props.conf is working during Data Preview but not during SEARCH?

Hello, I have configured a SEDCMD in props.conf to remove a few unwanted lines of logs. During data preview, the S...

by Super Champion in

Can Splunk strptime() work with the date before 1970-01-01 in epoch format?

Sometime I have a timestamp like -633945600.000 in my data. I found a previous post where someone said Splunk only su...

by Explorer in

UF persistentQueue tcp,UF persistentQueueSize tcp://8088

We have an application that sends it's data to the UF on tcp port 8088. When the indexers are down we want the UF to ...

by Path Finder in

WMI not working on one system

I have installed the UF on 4 systems, but one is giving me the following error... 03-02-2012 10:46:33.860 -0500 ER...

by Contributor in

How splunk calculate license?

Hi, I just want to ask how the enterprise license will be calculated by splunk. I have a 5gb license. My current s...

by Communicator in

Splunk not receiving syslog events, but telnet works

I've got splunk working properly on a CentOS 6.5 box. I have another CentOS box client, and I can telnet to the port ...

by New Member in

How to create a new key-value pair name and value based on text within a log?

I would like to create a whole new KV Pair, and based on the text from within a log, give it a specific value. Exa...

by Path Finder in

Should I use an ellipsis or * in my inputs.conf monitor stanza?

I have an IIS server and the path to the files I want to monitor looks like this: d:/web/logfiles/W3SVC1 d:/web/l...

by Contributor in

How to configure data base inputs?

I want to enable a data base inputs which I disabled before and take the logs from that day only. How to configure th...

by New Member in

Can cflowd format be Splunked?

Hello. A customer is getting external firewall logs from a vendor in "cflowd format". Can cflowd format be Splunked?...

by Engager in

Extracting event date/time from record with multiple date/times

I have a data input with the following format for which I am struggling to extract the correct data for the SPLUNK ev...

by Path Finder in

How to get Windows .NET perfmon inputs working?

I am attempting to enable several Windows perfmon inputs with mixed success. Inputs such as CPU, LogicalDisk, Memory,...

by Path Finder in

How to monitor change in scripted input?

How do you make sure to send logs from a scripted input only when the output is changed? Lets say the script is do...

by Builder in

re-index windows event logs

I would like to force the re-indexing of events in a local Windows Event Log channel, let's say "Security". I have tr...

by Contributor in

Is it possible to monitor whether there are any files in a folder without indexing them?

Hi, Is it possible to monitor whether there are any files in a folder without indexing them? thks

by Path Finder in

Why is my monitor with a whitelist not picking up files?

Hi, I have a monitor and a whitelist that aren't picking up my required files, and I'm not sure why. Here's my ...

by Champion in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Is thawedPath in indexes.conf recommended?

Why are new events resulting from mvexpand picking up special characters when exporting to CSV and how to avoid this?

Stricter search gives me more results...what?

Why is my props.conf configuration not parsing JBoss GC logs properly?

How do I send logs from a SSL VPN device to Splunk Heavy Forwarder?

Why does Splunk sometimes insert the a blank line in forwarded log4net logs?

Events being cut when Linecount > 206. How to increase this limit?

Universal Forwarder - Timezone by sourcetype not working?

How to set a correct line breaks in my props.conf

Why SEDCMD configured in props.conf is working during Data Preview but not during SEARCH?

Can Splunk strptime() work with the date before 1970-01-01 in epoch format?

UF persistentQueue tcp,UF persistentQueueSize tcp://8088

WMI not working on one system

How splunk calculate license?

Splunk not receiving syslog events, but telnet works

How to create a new key-value pair name and value based on text within a log?

Should I use an ellipsis or * in my inputs.conf monitor stanza?

How to configure data base inputs?

Can cflowd format be Splunked?

Extracting event date/time from record with multiple date/times

How to get Windows .NET perfmon inputs working?

How to monitor change in scripted input?

re-index windows event logs

Is it possible to monitor whether there are any files in a folder without indexing them?

Why is my monitor with a whitelist not picking up files?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions