Getting Data In

Ask a Question

Discussions

Thread Info

Not able to install splunk universal forwarder with error code: -1073741795 in windows server 2003 std

Hi Support team, When i tried to install splunk unversal forwarder in windows server 2003 std 32 bit, it occurred ...

by Explorer in

How can I configure splunk to read dates in dd/mm/yyyy format?

how do i get splunk to read the date as dd/mm/yyyy, it is currently reading mm/dd/yyyy

by New Member in

Can we send data from forwarder to F5 URL on port 80 which will redirect data to indexer at port 9997?

I have multiple forwarders which are sending data to one indexer at port 9997, I want to transfer data from forwarder...

by Explorer in

How to total the buckets that will roll from cold to frozen when changing frozenTimePeriodinSecs

I'm running out of space in my cold bucket volume, and want to reduce the default frozenTimePeriodInSecs to force a b...

by Path Finder in

Can symlink cause Splunk to index files twice?

Due to some inconsistencies in how some of our servers use Symbolic Links (symlinks), we need to understand how Splun...

by Path Finder in

WinEventLogChannel - saveCheckpointStr : Unable to write checkpoint with a null string

Hi, there are lots of ERROR messages in splunkd.log (version 4.2.3 , play as LightForwarder) and this Splunk LWF s...

by Communicator in

Data Input: Timestamps are read incorrectly for half of file.

I am currently trying to read in data from a .csv that has a timestamp column. When I upload the file and go to previ...

by Engager in

Not able to read

Could you please help me in getting file?

by Explorer in

Windows 2008R2 Universal Forwarder "Could not send data". How to configure outputs.conf?

Hi, I'm new to Splunk and I'm trying to set up a Universal Forwarder to forward some data to our Splunk server. Th...

by New Member in

Forwarding and Indexing backlog

We experienced communication issues between the forwarders and the splunk server, say on the 2nd of November. Everyth...

by Explorer in

Issues of 'ignoreOlderThan' in inputs.conf setting

Hi,guys,in my scenario,a universal forwarder(UF vertion 4.3.2 for aix) monitores about 700 small files, the cpu usage...

by Explorer in

splunk to monitor password protected files

Hi, I am trying to configure splunk to monitor zip files. All the files inside the zip files are password protected a...

by New Member in

How much splunk memory use should I expect while monitoring a directory with many entries?

If I remove the only input stanza I have on a forwarder and restart Splunk the memory usage is 2GB. How can a forward...

by Path Finder in

Why am I getting checksum errors on certain hosts and how to troubleshoot this?

I'm trying to create a dashboard for missing universal Forwarders. I tried using _internal logs, but for a few of the...

by Communicator in

|delete hang indefinetely

Issue : I am trying to "delete" bunch of events from the index by using "| delete" command. The search without "| de...

by Splunk Employee in

how to assign csv file column value as event timestamp?

We have csv file dump and its contains the user profile data with column Account_Creation_Date (sample data : "2008-0...

by Builder in

How to configure multi-value parameters for a Modular Input?

I'm building a Modular Input and I need to accept an arbitrary number of values for a given parameter. The SDKs seem ...

by Path Finder in

Is there a way to use XML / spath for files that aren't pure XML?

I'm using Splunk 6.1.3 (build 220630) on RH 6.5, and I've read much about parsing XML into Splunk. Nonetheless, I thi...

by Explorer in

How to add fields from one index to another with the same sourcetype?

I want to add fields from one Index to another, with the same sourcetype "stash" In Index A there are fields like ...

by New Member in

What's the maximum data throughput per second can a single indexer handle?

Hi, we met a tough issue , there's a system generate more than 10MB/s log to forwarder to index server at a special p...

by Explorer in

Estimating size of blockSignature index

Is there any data available on estimating how big an indexer's blockSignature database may become, based the blockSig...

by SplunkTrust in

How to index XML data in Splunk without row. prefix?

My XML is as follows: <row> <Id>1</Id> <PostId>7</PostId> <UserId>2</UserId> <VoteTypeId>2</VoteTy...

by New Member in

Why am I getting error "Path does not exist" when I try to add the apache2 log file /var/log/apache2/access.log?

Dear Splunkers, I get an error message "Path does not exist" when I try to add the apache2 logfile /var/log/apache2/a...

by New Member in

heavy-forwarder configuration

Hello! I need help to configuration a heavy-forvarder. My data contain event of 9 types: datetime1,type1,val1,v...

by Communicator in

how to use crcSalt to index similar folders

I have a centralized server with all my logs per instance /var/log/database/hostA/report.log /var/log/database/...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Not able to install splunk universal forwarder with error code: -1073741795 in windows server 2003 std

How can I configure splunk to read dates in dd/mm/yyyy format?

Can we send data from forwarder to F5 URL on port 80 which will redirect data to indexer at port 9997?

How to total the buckets that will roll from cold to frozen when changing frozenTimePeriodinSecs

Can symlink cause Splunk to index files twice?

WinEventLogChannel - saveCheckpointStr : Unable to write checkpoint with a null string

Data Input: Timestamps are read incorrectly for half of file.

Not able to read

Windows 2008R2 Universal Forwarder "Could not send data". How to configure outputs.conf?

Forwarding and Indexing backlog

Issues of 'ignoreOlderThan' in inputs.conf setting

splunk to monitor password protected files

How much splunk memory use should I expect while monitoring a directory with many entries?

Why am I getting checksum errors on certain hosts and how to troubleshoot this?

|delete hang indefinetely

how to assign csv file column value as event timestamp?

How to configure multi-value parameters for a Modular Input?

Is there a way to use XML / spath for files that aren't pure XML?

How to add fields from one index to another with the same sourcetype?

What's the maximum data throughput per second can a single indexer handle?

Estimating size of blockSignature index

How to index XML data in Splunk without row. prefix?

Why am I getting error "Path does not exist" when I try to add the apache2 log file /var/log/apache2/access.log?

heavy-forwarder configuration

how to use crcSalt to index similar folders

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

Get Schooled with Splunk Education: Explore Our Latest Courses

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR