Getting Data In

Discussions

Thread Info

Best way to index a file for once-off analysis

What is the best way to index a file (user application file) or two for a one time analysis? Should I create a new in...

by Contributor in

How to index data ?

In Splunk, I am running a query in search bar and its returning results. In reply to one of the question , I was rep...

by New Member in

How configure Splunk to get the correct timestamp from SQL data files?

Hi, I am using Splunk to get data files from SQL queries. One of the fields in the document corresponds to the da...

by Engager in

How to blacklist Windows security events?

Hi All, We are running splunk-6.0.3-204106 version, now we are seeing high Splunk license usage from Windows Secur...

by Path Finder in

Why Splunk Web UI shows "Check space and other issues that may cause indexer to block" and "Rawdata may be corrupted"?

Dear Support, I have 2 messages on the Splunk web interface: "skipped indexing of internal audit events will keep ...

by New Member in

How to separate and get indexed logs coming from two different hosts

Hi Splunkers, I getting two types of logs: 1>fireeye 2>dlp on the same port(514). two logs are being indexed to main ...

by SplunkTrust in

How to find the difference between 2 times in date time format?

HI, I have two fields A and B with time format as 1/07/2014 3:41:12 PM. Please let me know how to find difference bet...

by Path Finder in

Is it possible to have fail-over rather than load balancing on to heavy forwarders?

While architecting the splunk implementation we are caught up in to a scenario wherein we are trying to achieve fail-...

by Path Finder in

How to configure universal forwarder to forward events from a specific log file in a monitored directory to a separate index?

I have a Windows computer where I need to configure the Splunk Universal Forwarder in the following way: One large...

by Communicator in

How to upgrade universal forwarders from 4.0 to 6.1.3 for AIX and Windows?

If we would like to upgrade our universal forwarders to 6.1.3, is it ok to keep our current indexer as version 5.0.5....

by Explorer in

How to configure inputs.conf on forwarder to collect Active Request and Request per second Perfmon data?

I have a forwarder on an IIS web server and I want to get some info on the Active Request and Request per sec. So...

by Path Finder in

Why did our heavy forwarder start indexing locally and how to disable this?

Hello All I have a new environment where we have a bunch of nix webservers in a DMZ. We installed universal forwar...

by Contributor in

Do Splunk inputs dedicated to universal forwarders need reverse DNS configured?

We have around 230 PCs servers spelunking to a single splunk server across a firewall. Many of these clients are n...

by Engager in

How to configure props.conf to remove any line NOT containing a certain string?

Hi. All I want is the props.conf equivalent of this delete action from sed: '/pattern/!d' That is it... ju...

by Path Finder in

list host, source by forwarder

How do i get a list comprising the fields host, source for each forwarder. Background: the admins of the machines ...

by SplunkTrust in

Questions about user-seed.conf

I have few questions regarding to user-seed.conf http://docs.splunk.com/Documentation/Splunk/latest/Admin/User-seedco...

by Communicator in

How to store lots of metadata that would be the same for each event?

We measure 50 values every 5 seconds during each hour long experiment. We do these experiments many times under diffe...

by New Member in

How to configure parameter for TailingProcessor to automatically retry reading a file after failing?

It took a while to copy the large logfile over the slow network, and it looks like the TailingProcessor gave up after...

by Path Finder in

What's the trick to get unarchive_cmd to work for a custom archive format?

I've been attempting to get the unarchive_cmd to work with no success. I decided to abandon my ultimate goal for the ...

by Super Champion in

How to change IDS logs to JSON format and index in Splunk?

Hi, I trying to index ids logs into splunk server however the log is not in good format. How can i reformat the log i...

by Engager in

Do I need to create a transforms.conf file in addition to props.conf to disable truncate for a specific sourcetype?

I have created a props.conf file to allow for logging an event of 16,000 characters. If I am reading the documentatio...

by New Member in

How to override the sourcetype of events within the same source based on the event format?

I'm trying to override the sourcetype of events within the same source (for now, a file uploaded once and indexed - o...

by Explorer in

How to fix perfmon errors "Object specified...in conf file is not valid"?

how to fix this error: ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-per...

by Explorer in

Is it possible to run a 6.1.3 universal forwarder with an AIX 5.3?

Hello, I'm wondering if is possible to run the universal forwarder with an AIX 5.3. The download page says that on...

by Explorer in

Is there a way to send data to Splunk over SSL from a third-party device without using a forwarder?

I'm trying to get Splunk to accept communication from a third-party device over SSL. The documentation is oriented to...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Best way to index a file for once-off analysis

How to index data ?

How configure Splunk to get the correct timestamp from SQL data files?

How to blacklist Windows security events?

Why Splunk Web UI shows "Check space and other issues that may cause indexer to block" and "Rawdata may be corrupted"?

How to separate and get indexed logs coming from two different hosts

How to find the difference between 2 times in date time format?

Is it possible to have fail-over rather than load balancing on to heavy forwarders?

How to configure universal forwarder to forward events from a specific log file in a monitored directory to a separate index?

How to upgrade universal forwarders from 4.0 to 6.1.3 for AIX and Windows?

How to configure inputs.conf on forwarder to collect Active Request and Request per second Perfmon data?

Why did our heavy forwarder start indexing locally and how to disable this?

Do Splunk inputs dedicated to universal forwarders need reverse DNS configured?

How to configure props.conf to remove any line NOT containing a certain string?

list host, source by forwarder

Questions about user-seed.conf

How to store lots of metadata that would be the same for each event?

How to configure parameter for TailingProcessor to automatically retry reading a file after failing?

What's the trick to get unarchive_cmd to work for a custom archive format?

How to change IDS logs to JSON format and index in Splunk?

Do I need to create a transforms.conf file in addition to props.conf to disable truncate for a specific sourcetype?

How to override the sourcetype of events within the same source based on the event format?

How to fix perfmon errors "Object specified...in conf file is not valid"?

Is it possible to run a 6.1.3 universal forwarder with an AIX 5.3?

Is there a way to send data to Splunk over SSL from a third-party device without using a forwarder?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!

DB Connect SQL Procedures

Possible lineabreaker issue with lastlog in Splunk...

Splunk HF Stops Receiving Fortigate WAF Logs via S...

_TCP_ROUTING with clustered indexers system logs

JSON Data extraction issues with Comma