Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
zbumpers

Why am I getting an absolute path error on the first monitor entry in my inputs.conf file on Windows?

I am getting an "is not absolute. This is a configuration error and may not work / break things. Change this path t...
by zbumpers New Member in Getting Data In 02-20-2015
0 2
0
2
broccliman

Splunk 6.2.1 with Splunk PowerShell Resource Kit: How to automate the creation of an index using New-SplunkIndex?

Using Splunk Enterprise 6.2.1 along with the latest version of the splunk-reskit-powershell toolkit, I (and others on...
by broccliman Explorer in Getting Data In 02-20-2015
1 4
1
4
paulelms

Why is my props.conf should_linemerge=false configuration being ignored for json objects?

Hello! Sorry for my bad english. My props.conf file: [testudp] SHOULD_LINEMERGE = false I have several json objec...
by paulelms Explorer in Getting Data In 02-20-2015
1 5
1
5
wafae

How can I configure rsyslog to send data to Splunk Entreprise ?

by wafae New Member in Getting Data In 02-20-2015
0 1
0
1
hartfoml

Distributed Search: Why can't I connect a Splunk 6.2 search head to 4.3 indexers?

I created a new development search head from a different splunk instances. I changed the name of the new dev server ...
by hartfoml Motivator in Getting Data In 02-20-2015
0 6
0
6
kspoton

retrofit with splunk logging

Current application just writes the logs to local log file. What is the quick way to integrate Splunk so that logs ge...
by kspoton New Member in Getting Data In 02-19-2015
0 1
0
1
mikehodges01

btprobe and re-indexing data

I'm getting ready to finalize a Splunk install and roll it out for use... during my testing phase I added a bunch of ...
by mikehodges01 Explorer in Getting Data In 02-19-2015
3 4
3
4
chengka

How do I index files which do not grow, just change?

I currently write status files and collect them into Splunk using monitor statements and Universal Forwarders. Prett...
by chengka Explorer in Getting Data In 02-19-2015
1 1
1
1
srinathd

How to extract timestamp( is in bold text ) from the below event inside a file. Attached the source file. Each file content is considered as single event. currently it is taking file modification time as timestamp of the event. how to prevent this.

How to extract timestamp( is in bold text ) from the below event inside a file. Attached the source file. Each file c...
by srinathd Contributor in Getting Data In 02-19-2015
0 3
0
3
arber

How to create a tag for multiple fields?

Hi, im trying to create tags based on two fields that i have in my logs. 1- sourcetype 2- path The idea is that we ...
by arber Communicator in Getting Data In 02-19-2015
1 2
1
2
a212830

Will a universal-forwarder monitor a newly created subdirectory while it's already running, or do I need to restart the forwarder?

Hi, Will a universal forwarder pick up a newly created subdirectory after it's already running? For example, I'm ...
by a212830 Champion in Getting Data In 02-18-2015
0 3
0
3
john_miller1

How to condense data from 4 non-clustered indexers that are set up as VMs into a single dedicated hardware server?

I currently have 4 indexers setup as VMs. Each indexer has dedicated LUNs for their data. I'm trying to find a way ...
by john_miller1 Explorer in Getting Data In 02-18-2015
0 3
0
3
UnivLyon2

best way to concentrate logs, filter, then forward them to different indexes

I'm trying to create on my network a "syslog" server that would act as a hub to concentrate logs from various sources...
by UnivLyon2 Explorer in Getting Data In 02-18-2015
1 2
1
2
05500

Why can't we get Windows event logs to our Splunk 4.2.2 instance using a 6.2.1 universal forwarder?

Our environment Splunk version 4.2.2 Universal forwarder version 6.2.1 We have already used Splunk from a few years ...
by 05500 New Member in Getting Data In 02-18-2015
0 3
0
3
abhisawa

Restructure existing Fields

I have available json as following {<!-- --> "Foo1": {<!-- --> "Bar1": {<!-- --> "Key1": "Value1", "Key2...
by abhisawa Explorer in Getting Data In 02-17-2015
0 1
0
1
pmdba

DB Connect: After patching our Red Hat Enterprise Linux 6 OS and updating java.conf file, why are we receiving HTTP 401 errors?

We recently patched our operating system (Red Hat Enterprise Linux 6) and the Java JRE path changed. When we updated ...
by pmdba Builder in Getting Data In 02-17-2015
0 18
0
18
nspatel

Splunk Time Based Retention

Hi Everyone, I am trying to have Splunk Auto delete data older then a year. My /opt/splunk/etc/system/local/inputs....
by nspatel Explorer in Getting Data In 02-17-2015
2 3
2
3
stu6000

Configuring splunk forwarder. Have duplicate usernames over multiple linux hosts. How to identify unique source?

I am pulling data from several linux hosts, each host has several users, and i am collecting data from each users llo...
by stu6000 New Member in Getting Data In 02-16-2015
0 1
0
1
BP9906

Splunk v6.0.x - LineBreakingProcessor - remote_searches.log

07-16-2014 10:45:21.533 -0700 WARN LineBreakingProcessor - Truncating line because limit of 10000 bytes has been exc...
by BP9906 Builder in Getting Data In 02-16-2015
2 6
2
6
joshd

Splunk for Cisco IPS - events being broken up into multiple events

Hello, I noticed with the latest version of the app "Splunk for Cisco IPS" that events from my IPS are being broken u...
by joshd Builder in Getting Data In 02-16-2015
0 5
0
5
MoniGreeth

Data cloning - is it a exact clone

Hi All, In splunk documentation it is mentioned as follows, "Data cloning To perform data cloning, specify multiple...
by MoniGreeth Engager in Getting Data In 02-16-2015
1 3
1
3
ic_101

Why is my Splunk Heavy Forwarder still indexing events

Hi, I have set up a Splunk Heavy Forwarder (v6.1.1) that collects events from a number of Windows and Linux servers ...
by ic_101 Explorer in Getting Data In 02-16-2015
2 6
2
6
twhitbeck

What log4j ConversionPattern should I use to match splunk log4j sourcetype?

I have a webapp running in Tomcat. I'm using Log4j for my logging, and whenever I load the .log file in Splunk it is ...
by twhitbeck Engager in Getting Data In 02-15-2015
3 2
3
2
fcastro86

Asteriks and inputs.conf

Hello, I have the following path /foo/bar[1-n]/logs/ I have several bar folders (bar1,bar2 ... bar1337 ) and inside ...
by fcastro86 New Member in Getting Data In 02-15-2015
0 3
0
3
hlarimer

How to send syslog data to a specific index based on a string in the log?

I have syslog data coming to a distributed environment. I am trying to send the data to a specific index based on a ...
by hlarimer Communicator in Getting Data In 02-14-2015
0 6
0
6
Get Updates on the Splunk Community!

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Developer Spotlight with Mika Borner

From Hackathon Winner to Enterprise Leader    Mika Borner, CEO and Founder of Datapunctum AG, has been ...

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...
Top Solution Authors
View All