Getting Data In

Discussions

Thread Info

Need script to send logs to netcool

I'm using the below query as MuS suggested, *swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex...

by Path Finder in

How to pull out a header before indexing?

I am attempting to index some SSRS logs. Each log file has a header at the beginning of the file. I would like to pul...

by Path Finder in

How to edit my eventstats search to keep only non-unique events?

Hey there, I currently have a query that compares a field to two sources. What I want is to be able to only keep f...

by Path Finder in

Why isn't my LINE_BREAKER configuration breaking my multiline event as expected?

I have a simple multiline log (which I can control and change if needed). As recommended I could use LINE_BREAKER so ...

by Path Finder in

What are the best practices for huge log directory with files that are overwritten with each entry?

We are using Informatica software. The logs produced are dumped into 1 directory. Currently there are 1000+ log files...

by Influencer in

What are the key answers for a success and failure REST POST Call?

Hi, I am using the REST interface to re authenticate the search peers on a Splunk search head. I am sending a c...

by Explorer in

How to reindex old data residing in one index into a new index?

I corrected an error in an index where data was being consumed by 2 indexes. I created a new index (IndexB) and the d...

by Path Finder in

How to route data from a universal forwarder and a local machine to two different indexes if they share the same directory path?

I have data on a local machine in the following directory path: d:\log files\app name I have data on a server wit...

by Path Finder in

Splunk Installer was unable to create Splunk Services

I was trying to upgrade splunk from 4.1.7 to 4.2 on one of my machines. This machine was only being used as a forward...

by Explorer in

How to index only a lower directory on a path shared by another index?

I have a couple of indexes that are pulling the same data. One index pulls local data and one is pulling data from a ...

by Path Finder in

How to configure Apache to proxy Splunk Javascript JDK requests from outside Splunk Web?

How can I configure Apache to work as a Proxy for connecting to Splunk Web from outside? http://dev.splunk.com/vie...

by Communicator in

effective way to parse similar pattern

I have log which is printing value of an API in this manner getCall=144:144:1:144:144 where I am parsing the value l...

by Path Finder in

How do I capture a stream of syslog data from 2 heavy forwarders into one index without duplication?

I want to have two heavy forwarders set up to receive the same syslog data at the same time. If one fails the other w...

by New Member in

Why am I receiving "error code 1" trying to run a PHP script with the script command?

Maybe I'm blowing smoke, but as I understand it, you can use PHP scripts with the "script" command. This is preferabl...

by Builder in

Where do you configure the location of log files? Is it inputs.conf on the forwarder?

Hi, I am brand new to Splunk. I've read up on what I can in the past few days and need some help clarifying some thin...

by Explorer in

Is it possible to configure a Heavy Forwarder to send data to Indexers AND to a 3rd party server?

In short I have a heavy forwarder that is receiving a bunch of data from a syslog feed. The forwarder will then send ...

by New Member in

How to configure inputs.conf and outputs.conf on the Heavy Forwarder to route data received from universal forwarders to the indexers?

Hello All - We currently have a distributed architecture that's laid out in the following manner : UF ---> Indexer...

by Explorer in

How to forward data from Universal Forwarder into online sandbox instance

Here are the steps to configure your Universal Forwarder to forward events to your online sandbox instance: Enable...

by Splunk Employee in

How to map data from raw logs to key/value pairs to be searched in Splunk?

I have splunk forwarder setup to forward cloudfront logs on S3, say following is the example of raw logs: 2015-01-...

by Path Finder in

How to configure search head to forward internal data to the indexer and how to view indexer's indexes on search head's "Indexes" page?

We have a slightly odd architecture as we have a single search head, a single indexer and multiple forwarders (for th...

by Contributor in

Is the default behavior for the Splunk Universal Forwarder on Solaris to prompt for credentials on startup?

We are preparing to roll out the Universal Forwarder to a pilot group of 50 Solaris servers before deploying to the e...

by Explorer in

Troubleshooting Splunk Queues (Typing Queue)

My Typing Queue is currently blocking and causing backups. I believe I have the order right udpin/splunktcpin, parsin...

by Path Finder in

What are the options for parsing JSON data at index and search-time and are there any key constraints to be aware of?

Splunk Gurus - I've yet not absorbed JSON data in my setup, but I'm anticipating many sources in near future gene...

by Path Finder in

Help with input monitoring

Hi, I need to monitor some logs where I need to wildcard part of the hostname into the path. Is that possible: ...

by Champion in

Convert NT Epoch Time with props.conf

I'm using db connect to access our SQL SCCM database which stores timestamps as NT EPOCH. I want to use props.conf to...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Need script to send logs to netcool

How to pull out a header before indexing?

How to edit my eventstats search to keep only non-unique events?

Why isn't my LINE_BREAKER configuration breaking my multiline event as expected?

What are the best practices for huge log directory with files that are overwritten with each entry?

What are the key answers for a success and failure REST POST Call?

How to reindex old data residing in one index into a new index?

How to route data from a universal forwarder and a local machine to two different indexes if they share the same directory path?

Splunk Installer was unable to create Splunk Services

How to index only a lower directory on a path shared by another index?

How to configure Apache to proxy Splunk Javascript JDK requests from outside Splunk Web?

effective way to parse similar pattern

How do I capture a stream of syslog data from 2 heavy forwarders into one index without duplication?

Why am I receiving "error code 1" trying to run a PHP script with the script command?

Where do you configure the location of log files? Is it inputs.conf on the forwarder?

Is it possible to configure a Heavy Forwarder to send data to Indexers AND to a 3rd party server?

How to configure inputs.conf and outputs.conf on the Heavy Forwarder to route data received from universal forwarders to the indexers?

How to forward data from Universal Forwarder into online sandbox instance

How to map data from raw logs to key/value pairs to be searched in Splunk?

How to configure search head to forward internal data to the indexer and how to view indexer's indexes on search head's "Indexes" page?

Is the default behavior for the Splunk Universal Forwarder on Solaris to prompt for credentials on startup?

Troubleshooting Splunk Queues (Typing Queue)

What are the options for parsing JSON data at index and search-time and are there any key constraints to be aware of?

Help with input monitoring

Convert NT Epoch Time with props.conf

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions