Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
djconroy

Can a universal forwarder make use of multiple CPUs?

I have 4 universal forwarders set up in a DMZ that receive events from other universal forwarders in the field and re...
by djconroy Path Finder in Getting Data In 01-08-2015
0 4
0
4
appzen

What documentation can I use as reference to set up forwarding data from my Tomcat servers to my local instance?

I am new to Splunk and I am trying to find the right documentation to get started. My goal is to get the logs from ca...
by appzen Path Finder in Getting Data In 01-08-2015
0 1
0
1
djconroy

How to track successful inbound connections to a universal forwarder?

I have a group of Universal forwarders deployed in our DMZ to relay logs from UF's in the field to our indexing clust...
by djconroy Path Finder in Getting Data In 01-08-2015
0 2
0
2
CrownIT

How to filter out any Meraki access point messages from being indexed in Splunk?

Hello everyone. I am new to SPlunk and syslog in general, but have gotten pretty far in the past week. I've got a B...
by CrownIT New Member in Getting Data In 01-08-2015
0 1
0
1
rbw78

Filter events before indexing

Hello, I'm consulting the documentation regarding filtering events before they get indexed but i have issue to under...
by rbw78 Communicator in Getting Data In 01-08-2015
0 6
0
6
dmhlakaza

ERROR ExecProcessor - message from "C:\SplunkUniversalForwarder\bin\splunk-winevtlog.exe" WinRegistryApi - RegKey::open - RegOpenKeyExW returned error 2: The system cannot find the file specified.

by dmhlakaza Explorer in Getting Data In 01-08-2015
0 1
0
1
a212830

How to remove headers from a custom app log file?

Hi, I'd like to remove some headers from a custom app logfile. I've tried some configs, but can't get it to work. ...
by a212830 Champion in Getting Data In 01-08-2015
1 3
1
3
vashidu

How to send syslog to sandbox?

How can i send syslog from my cisco asa to the splunk sandbox?
by vashidu New Member in Getting Data In 01-08-2015
0 9
0
9
harishshetty

Can I access the REST Sandbox REST API in the Online Sandbox?

My curl requests to online sandbox are timing out. curl -u admin:foobar -k <sandbox_domain>:8089/servicesNS/admin/se...
by harishshetty Engager in Getting Data In 01-08-2015
2 2
2
2
rsimmons

Failed to parse epoch timestamp for Checkpoint Opsec

Splunk isn’t recognizing the date from the opsec.logs since the date is being sent in a localized format
by rsimmons Splunk Employee Splunk Employee in Getting Data In 01-08-2015
0 1
0
1
jhernandez_splu

Modular Input: Do we need to parse a "name" stanza if I have defined in my spec that my named stanza is default?

I have been working on a modular input and been struggling with the way you read input stanza data from splunk all ex...
by jhernandez_splu Splunk Employee Splunk Employee in Getting Data In 01-07-2015
4 2
4
2
lbogle

Is it possible to disable encryption (SSL) between a search head and indexers?

Hello Splunkers, I would like to disable SSL between our Search Head and our indexers which are distributed in locati...
by lbogle Contributor in Getting Data In 01-07-2015
0 1
0
1
a212830

how to provide a status of a forwarder to a customer

Hi, I have some customers who do not have access to their servers and would like the ability to validate that the fo...
by a212830 Champion in Getting Data In 01-07-2015
0 10
0
10
stefanlasiewski

Why does Splunk not recognize standard fields in my Apache data forwarded by syslog?

I have over 100 Apache webservers which forward their logs to a syslog-ng server, which then forwards the data a TCP ...
by stefanlasiewski Contributor in Getting Data In 01-07-2015
1 12
1
12
Splunkster45

Find Transactions that overlap a certain timestamp

I've been able to use the transaction command to group logins and logouts of users. What's the best way to find the t...
by Splunkster45 Communicator in Getting Data In 01-07-2015
1 2
1
2
edwardrose

Why is my host_segment monitor configuration not working properly?

Ok I read the documentation about using host_segment but it does not seem to be working properly Here is my stanza: ...
by edwardrose Contributor in Getting Data In 01-07-2015
0 11
0
11
rene847

How to get all configuration files in my deployment in a file?

Hi all, I would like to know how to get all configuration files in my deployment in a file (for each Splunk instance)...
by rene847 Path Finder in Getting Data In 01-07-2015
1 3
1
3
cphair

How do I rename xml fields in props.conf?

I have a file of XML-like events that look like this: <Event Field1=foo Field2=bar Field3=baz > <Data Field4=wh...
by cphair Builder in Getting Data In 01-07-2015
0 4
0
4
dimitryz

UDP routing on indexer

Hi All , One of our clients wats to use single Splunk instance (indexer) for both receiving and sending data. They r...
by dimitryz Path Finder in Getting Data In 01-07-2015
0 1
0
1
CJOS

Is there any way to guarantee my Forwarder collecting all data?

Hi all. We are using Splunk Enterprise version of 6.1.3. Is there any way to guarantee my Forwarder collecting all da...
by CJOS Engager in Getting Data In 01-07-2015
2 3
2
3
meenal901

Inputs.conf to monitor in given time range only

Hi, I have a situation: The logs are getting generated 24x7, but the client wants to monitor only during offline hou...
by meenal901 Communicator in Getting Data In 01-07-2015
0 4
0
4
pramit46

Can I stream the splunk resultset back to splunk for indexing, without storing it in a file?

I want to index the splunk resultset for future use. Do I always have to store it in a file?
by pramit46 Contributor in Getting Data In 01-07-2015
1 2
1
2
simonbuskens

Best way to index .csv files with some common fields

Hi I have a series of .csv files (1 for each month) where the first 100 fields are the same, but after that there are...
by simonbuskens Engager in Getting Data In 01-06-2015
1 6
1
6
auragrp

Forwarder Data not showing in indexes

Recently I upgraded our Splunk installation from the 5 version to the new 6.0 version. The installation is pretty va...
by auragrp New Member in Getting Data In 01-06-2015
0 9
0
9
mwilson788

How to forward all events to a single index, but filter out all splunkd sourcetype events that contain "INFO"?

We are currently using props.conf and transforms.conf to combine all non-internal ingest into a single index on our h...
by mwilson788 Explorer in Getting Data In 01-06-2015
0 10
0
10
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...