Getting Data In

Thread Info

LINEMERGE / props.conf issues on XML

Greetings, I'm receiving XML files and noticed that the first half (around 257 lines) is a single event, but every...

by Path Finder in

One choice, multiple values

Hi! I'm trying to build a dashboard that searches two different indexes/sourcetypes using values from a dropdown. ...

by Path Finder in

Splunk isn't working like it used to. Why?

I have one Splunk server working with one client. Currently when I search for Splunk logs (in the GUI with the source...

by New Member in

Why isn't Splunk working with a new forwarder client?

I have Splunk working on one server (an indexer) with one other server as its client (with the Universal forwarder). ...

by New Member in

DB Connect Input - Query works but Input does not

Oh hai Splunkers! So I'm trying to extract a DB table for indexing into Splunk. I have successfully set up an ODBC...

by Builder in

winEventLogs and perfmon data inputs _TCP_ROUTING

I am using the _TCP_ROUTING attribute in my inputs.conf. When used with a winEventLogs and perfmon stanza it seems to...

by Motivator in

I want to black hole 'last message repeated xxx times' from my syslog output BEFORE it gets to the indexer

This message is fairly repetitive (10's of thousands a month) in one of our systems and it's just taking up space in ...

by Explorer in

Why is my new RHEL 6 server is not indexing data?

Test Environment consists of: 1 UF 6.2.0 on RHEL 6 sending to Splunk 6.2.1 on RHEL 6 server. On the UF "splunk list f...

by New Member in

Is it possible to use a Splunk Deployment Server to push out Python 2.7 to the forwarder?

As the splunk forwarder is missing python and relies on the OS python, could we not create an app "python2.7" on the ...

by Path Finder in

Can not re-index file after delete

I deleted all records by using the command - sourcetype=cws_app_log|delete The records deleted successfully. However...

by Explorer in

Can we use Splunk to monitor AIX server performance like cpu, memory and IO usage?

by Path Finder in

I upgraded to 6.1 and now Splunk is crashing while reading my disk_objects.log file. Why?

It's crashing on the maintailingthread while reading the disk_objects.log. This is on Windows and the crash looks lik...

by Splunk Employee in

How to push out a configuration change to Windows universal forwarders' outputs.conf to point to a different index using a deployment server?

I have a Splunk enterprise indexer with about 900 windows servers on a particular index. I created a new index which ...

by Path Finder in

How do I install Splunk indexer on minimal Linux distro?

We need to deploy Splunk with a very small audit footprint. We've tried to build a basic Linux distro but Splunk woul...

by Splunk Employee in

How to change key value pair auto extraction if you are getting stash sourcetype using collect command?

The stash source type that you get when you use the collect command appears to have key value pair auto extraction of...

by Influencer in

Windows Account Activity Reporting

I'm looking at creating a dashboard where I can generate standardized reports based on behaviors. To get started, I j...

by Contributor in

force UF to reindex remotedly

Hello! Our Customers' environment is a large pool of windows/linux servers with logs of many forms. Sometimes when c...

by Explorer in

Why am I getting "Splunk Enterprise setup wizard ended prematurely..." trying to upgrade to Splunk 6.2 on Windows 7 64 bit?

I'm trying to upgrade splunk to the version 6.2 on windows 7 64 bits, it performed a "rollback action" during which I...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

LINEMERGE / props.conf issues on XML

One choice, multiple values

Splunk isn't working like it used to. Why?

Why isn't Splunk working with a new forwarder client?

DB Connect Input - Query works but Input does not

winEventLogs and perfmon data inputs _TCP_ROUTING

I want to black hole 'last message repeated xxx times' from my syslog output BEFORE it gets to the indexer

Why is my new RHEL 6 server is not indexing data?

Is it possible to use a Splunk Deployment Server to push out Python 2.7 to the forwarder?

Can not re-index file after delete

Can we use Splunk to monitor AIX server performance like cpu, memory and IO usage?

I upgraded to 6.1 and now Splunk is crashing while reading my disk_objects.log file. Why?

How to push out a configuration change to Windows universal forwarders' outputs.conf to point to a different index using a deployment server?

How do I install Splunk indexer on minimal Linux distro?

How to change key value pair auto extraction if you are getting stash sourcetype using collect command?

Windows Account Activity Reporting

force UF to reindex remotedly

Why am I getting "Splunk Enterprise setup wizard ended prematurely..." trying to upgrade to Splunk 6.2 on Windows 7 64 bit?

DB Connect: Why am I missing some DB entries via dbmon-tail using a rising column with duplicate timestamps?

Rest call for KV Store

Active Directory Password Expiry

universal forwarder の設定方法について

Can my app log via TCP or SSL straight to indexer?

How can we get the logs generated only in an indicated period?

Why Splunk forwarder monitor is not working when monitoring a log file that is updated every second?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Getting Data In

Are you a member of the Splunk Community?

Discussions