Getting Data In

Thread Info

How to archive specific logs

If I find something worth keeping I would like to be able to archive the specific event logs that I want and save the...

by Path Finder in

Can we use REST API call to re-authenticate search peers?

It's very pain to re-enter username/password when we have almost 100 search peers.

by Communicator in

Is there an easy way to remotely enable/disable input stanzas on a universal forwarder?

It would be nice to just click a button in a dashboard, or use a custom search command to be talk to the universal fo...

by Communicator in

Why am I not seeing the logs in splunk GUI after configuring it in deployment servers?

I have configured the logs in the inputs.conf and added the servers in the serverclass.conf. Preliminary testing done...

by Explorer in

Why are forwarders not load balancing properly between 2 indexers and how to make configuration changes to fix this?

I have 2 indexers setup and have the forwarders set to both of them in outputs.conf. It was my understanding that the...

by Communicator in

Index input script json results -> Issue The json is not broken correctly when indexed by splunk

I have a set of input scripts that are working as expected. The problem I am facing is that I need to index the resul...

by Motivator in

This volume configuration will not manage space used by this index

I have indexes configured with volumes and started to see this warning after upgrade to 6.* 10-16-2013 18:18:20.95...

by Splunk Employee in

What are other options for getting data into Splunk without a forwarder?

I have some computing antiques running Unix; I need to monitor some files on them, and get them into Splunk. I rea...

by Contributor in

Is there a default retention period for an index residing in a thawed path and how is it applied?

After I restore the archived data in thawed path and rebuild the index - Splunk recognizes the data. What is the l...

by Motivator in

What is a search to find a users logging into windows?

index=main sourcetype="WinEventLog:Security" EventCode=4624 |stats count by Account_Name

by Splunk Employee in

How does compression work and what should I expect to see in volume of data as it is stored in an index in SPLUNK 6.1.2 and 6.2?

I am trying to understand what I should expect to see regarding the volume of data I ingest into SPLUNK and its volum...

by Path Finder in

How do I alias the hostname and FQDN as the same machine?

I'm getting events that show sources as the hosts, but Splunk is indicating that the simple hostname and the FQDN are...

by New Member in

UF config works on CentOS/RedHat, but not on Ubuntu server

Looking for suggestions for the obvious that I might have overlooked as to why a UF config distributed by Deployment ...

by Motivator in

Purge queue on forwarder / indexer down

I had one of my indexers go down a couple weeks back. Since then each of my forwarders is trying to send events to th...

by Communicator in

Is there a way to see current connections on IIS servers?

Hello, I am trying to create a dashboard or a search to be able to view the current connections on our IIS servers...

by New Member in

Can you upgrade forwarders to Splunk 6.2 without upgrading indexers running 6.1?

Say you are running a 6.1 indexer. Can you upgrade the forwarders to 6.2 versions without upgrading the indexer?

by New Member in

How to write a monitor stanza in inputs.conf to add a path for *.xml files?

i need to add the path below to my inputs.conf file and it has a lot of .xml files `/ibuapps/sales/2014-11-11//*.xml...

by Path Finder in

How to configure inputs.conf to blacklist Windows Event Logs on indexer?

Hi, I below is the inputs.conf which i have configured on my indexer, but it is not blocking anything. is this is ...

by Path Finder in

Recommended load balancer for indexer

Hi splunkers, I just want to ask for any recommended or even tested loadbalancer upon forwarding logs to 3 indexer...

by Communicator in

Is there any ways to limit network traffic between Search Head and Peers ?

Hi Splunkers, I know about we are able to limit network traffic between Peer （a.k.a. Indexer ）and Universal Forwa...

by Contributor in

How to troubleshoot error on Splunk 6 universal forwarder "TcpOutputProc - Forwarding to indexer group GSOC blocked for 9500 seconds."?

how to fix this error , "WARN TcpOutputProc - Forwarding to indexer group GSOC blocked for 9500 seconds". I cant rece...

by Path Finder in

Is it possible to send Fortigate logs to multiple indexers via forwarders?

Hi, Good day splunkers. Is it the possible to forward Fortigate logs to multiple indexers via forwarders?, I alrea...

by Communicator in

Access Control: Is it possible to create views based on index name and/or sourcetype that we can set permissions for individually?

Hi all, I've got a new set of logs from one of our development teams for some in-house applications. They have wri...

by Super Champion in

How to configure props.conf to filter out events with CTRL-M (^M)?

Hi, It seems log file contains CTRL-M character will cause duplicate parsing in splunk indexer so I would like to fil...

by Builder in

How to monitor and report the amount of data indexed per host?

How can I use Splunk to tell me how much data per day each host is forwarding to Splunk? Basically, I need a report t...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to archive specific logs

Can we use REST API call to re-authenticate search peers?

Is there an easy way to remotely enable/disable input stanzas on a universal forwarder?

Why am I not seeing the logs in splunk GUI after configuring it in deployment servers?

Why are forwarders not load balancing properly between 2 indexers and how to make configuration changes to fix this?

Index input script json results -> Issue The json is not broken correctly when indexed by splunk

This volume configuration will not manage space used by this index

What are other options for getting data into Splunk without a forwarder?

Is there a default retention period for an index residing in a thawed path and how is it applied?

What is a search to find a users logging into windows?

How does compression work and what should I expect to see in volume of data as it is stored in an index in SPLUNK 6.1.2 and 6.2?

How do I alias the hostname and FQDN as the same machine?

UF config works on CentOS/RedHat, but not on Ubuntu server

Purge queue on forwarder / indexer down

Is there a way to see current connections on IIS servers?

Can you upgrade forwarders to Splunk 6.2 without upgrading indexers running 6.1?

How to write a monitor stanza in inputs.conf to add a path for *.xml files?

How to configure inputs.conf to blacklist Windows Event Logs on indexer?

Recommended load balancer for indexer

Is there any ways to limit network traffic between Search Head and Peers ?

How to troubleshoot error on Splunk 6 universal forwarder "TcpOutputProc - Forwarding to indexer group GSOC blocked for 9500 seconds."?

Is it possible to send Fortigate logs to multiple indexers via forwarders?

Access Control: Is it possible to create views based on index name and/or sourcetype that we can set permissions for individually?

How to configure props.conf to filter out events with CTRL-M (^M)?

How to monitor and report the amount of data indexed per host?

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions