Getting Data In

Ask a Question

Discussions

Thread Info

Does Splunk write back to the file that it's monitoring?

Can Splunk writeback to the file that it's reading for reporting?

by New Member in

Monitoring User Activity in Active Directory

How do I monitor user account creation in AD? I need to accomplish the following: Who created the user?What pri...

by New Member in

How to configure proper line breaking for indexing ftp log files?

I have some ftp log files that I am indexing and when I search, there will be events that have 275 lines in them inst...

by Engager in

What is the correct syntax to change Database Monitor (dbmon-tail) in setup.xml?

What is the correct syntax to change Database Monitor (dbmon-tail) in setup.xml? Example: [dbmon-tail://MY_DB/m...

by Communicator in

Can I configure defaultGroup when remotely deploying a *nix universal forwarder with a static configuration?

I am deploying universal forwarders with a bash script that is based on the sample script in http://docs.splunk.com/D...

by Explorer in

How to index XML files in a directory location?

Hi, I am new to Splunk. i was able to get data indexed for regular lg files., but we have some Ora audit XML files...

by New Member in

What am I missing to get a successful connection between my Universal Forwarder and the sandbox?

I followed the tutorial very carefully on setting up the forwarder on my two Tomcat servers. Now I am trying to verif...

by Path Finder in

How do you make a Search Head talk to an Indexer?

Yeah, I realize this is a really ridiculous question, but I just can't seem to find the answer -- which I assume is r...

by Communicator in

Why are servers connecting to my deployment server, but not the indexers?

I have created and deployed the following serverclass.conf stanza: [serverClass:dt-exdata] whitelist.0 = dt1exdata...

by Communicator in

Sonicwall syslogs and Splunk

Does anyone out there use Splunk to collect Sonicwall Syslogs? We only have the 2GB splunk license and in hardly touc...

by Engager in

Indexing only partial events

Hello, I have 1000s files that I am indexing but I only need first 3 fields to be indexed in each event, is there an ...

by Explorer in

TimePicker to work in EST timezone and not in GMT

I have a scenario where in the splunk servers(Search Heads & Indexers) the server time is set as UTC But when a us...

by Contributor in

using wildcard to index logs monitor config in inputs.conf fails

Hi folks. We are currently trying to pick up some log files by using a wildcard settings in our inputs.conf file. We ...

by Explorer in

Poor indexing rate in indexer

In SoS app, it is found that the indexing rate is limited to about 200Kb/s.

by Splunk Employee in

Why am getting error "There are currently no forwarders configured as deployment clients to this instance" on my Sandbox after installing a universal forwarder on my server?

I installed the universal forwarder to my server, specified by sandbox host-url and port 9997 in the command "./splun...

by Path Finder in

How to "add oneshot" to a cluster of indexers

I want to import a large set of files, one time, into a cluster. Reading the documentation here: http://docs.splunk.c...

by Engager in

How to get Splunk to recognize the date for data in a CSV file, not the creation time of the data entry?

Hi, I am new to splunk and hence, just to experiment with the tool I added some bank statement data into splunk in th...

by Communicator in

How can I create custom indexed fields for Splunk DB Connect database inputs?

Currently using a pair of custom indexed fields for qualifying some of our data. For normal inputs this works great u...

by Splunk Employee in

Default delimiters for key value extraction

I have been sending key value data like the following to Splunk: metric1=1.0 metric2=22 metric3="Some string" ...

by Builder in

With my index configuration for archive data, is it safe to move this folder elsewhere due to size and will the archive job continue as it hits the configured settings?

Hi Guys I have my Index archive data as per the below index config: [default] frozenTimePeriodInSecs = 6289920...

by Communicator in

How can I collect remote logs from member servers using a universal forwarder installed on a domain controller?

hi all, I have installed a Universal Forwarder on a Domain controller (using domain creds - service account). ...

by Explorer in

Splunk Universal Forwarder using 2GB of RAM?

Hi guys, I've just installed the Universal Forwarder on my NAS server(Windows Server 2008 R2) and I have configure...

by Path Finder in

How to set a new field at index-time based on matching event pattern?

I am trying to parse a complicated log for malware data model. I want to set a new field: action="allowed" or acti...

by Communicator in

How to detect regular activity from logs.

Hi, splunk community. I would like to detect regular activity with specific URL (or host) from HTTP Proxy logs. In...

by Explorer in

Splunk Universal Forwarder only forwards one csv log

Hello, I am having an issue with the universal forwarder, where only one csv log gets sent to the index. We have mult...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Does Splunk write back to the file that it's monitoring?

Monitoring User Activity in Active Directory

How to configure proper line breaking for indexing ftp log files?

What is the correct syntax to change Database Monitor (dbmon-tail) in setup.xml?

Can I configure defaultGroup when remotely deploying a *nix universal forwarder with a static configuration?

How to index XML files in a directory location?

What am I missing to get a successful connection between my Universal Forwarder and the sandbox?

How do you make a Search Head talk to an Indexer?

Why are servers connecting to my deployment server, but not the indexers?

Sonicwall syslogs and Splunk

Indexing only partial events

TimePicker to work in EST timezone and not in GMT

using wildcard to index logs monitor config in inputs.conf fails

Poor indexing rate in indexer

Why am getting error "There are currently no forwarders configured as deployment clients to this instance" on my Sandbox after installing a universal forwarder on my server?

How to "add oneshot" to a cluster of indexers

How to get Splunk to recognize the date for data in a CSV file, not the creation time of the data entry?

How can I create custom indexed fields for Splunk DB Connect database inputs?

Default delimiters for key value extraction

With my index configuration for archive data, is it safe to move this folder elsewhere due to size and will the archive job continue as it hits the configured settings?

How can I collect remote logs from member servers using a universal forwarder installed on a domain controller?

Splunk Universal Forwarder using 2GB of RAM?

How to set a new field at index-time based on matching event pattern?

How to detect regular activity from logs.

Splunk Universal Forwarder only forwards one csv log

Reduce and Transform Your Firewall Data with Splunk Data Management

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions