Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why is my props.conf should_linemerge=false configuration being ignored for json objects?

Hello! Sorry for my bad english. My props.conf file: [testudp] SHOULD_LINEMERGE = false I have several json...

by Explorer in

How can I configure rsyslog to send data to Splunk Entreprise ?

by New Member in

Distributed Search: Why can't I connect a Splunk 6.2 search head to 4.3 indexers?

I created a new development search head from a different splunk instances. I changed the name of the new dev server i...

by Motivator in

retrofit with splunk logging

Current application just writes the logs to local log file. What is the quick way to integrate Splunk so that logs ge...

by New Member in

btprobe and re-indexing data

I'm getting ready to finalize a Splunk install and roll it out for use... during my testing phase I added a bunch of ...

by Explorer in

How do I index files which do not grow, just change?

I currently write status files and collect them into Splunk using monitor statements and Universal Forwarders. Pretty...

by Explorer in

How to extract timestamp( is in bold text ) from the below event inside a file. Attached the source file. Each file content is considered as single event. currently it is taking file modification time as timestamp of the event. how to prevent this.

How to extract timestamp( is in bold text ) from the below event inside a file. Attached the source file. Each file c...

by Contributor in

How to create a tag for multiple fields?

Hi, im trying to create tags based on two fields that i have in my logs. 1- sourcetype 2- path The idea is that...

by Communicator in

Will a universal-forwarder monitor a newly created subdirectory while it's already running, or do I need to restart the forwarder?

Hi, Will a universal forwarder pick up a newly created subdirectory after it's already running? For example, I...

by Champion in

How to condense data from 4 non-clustered indexers that are set up as VMs into a single dedicated hardware server?

I currently have 4 indexers setup as VMs. Each indexer has dedicated LUNs for their data. I'm trying to find a way to...

by Explorer in

best way to concentrate logs, filter, then forward them to different indexes

I'm trying to create on my network a "syslog" server that would act as a hub to concentrate logs from various sources...

by Explorer in

Why can't we get Windows event logs to our Splunk 4.2.2 instance using a 6.2.1 universal forwarder?

Our environment Splunk version 4.2.2 Universal forwarder version 6.2.1 We have already used Splunk from a few year...

by New Member in

Restructure existing Fields

I have available json as following { "Foo1": { "Bar1": { "Key1": "Value1", "K...

by Explorer in

Splunk Time Based Retention

Hi Everyone, I am trying to have Splunk Auto delete data older then a year. My /opt/splunk/etc/system/local/inp...

by Explorer in

how to reset the password using REST API

kindly suggest how to reset the password of splunk user using REST API

by New Member in

Configuring splunk forwarder. Have duplicate usernames over multiple linux hosts. How to identify unique source?

I am pulling data from several linux hosts, each host has several users, and i am collecting data from each users llo...

by New Member in

Splunk v6.0.x - LineBreakingProcessor - remote_searches.log

07-16-2014 10:45:21.533 -0700 WARN LineBreakingProcessor - Truncating line because limit of 10000 bytes has been exce...

by Builder in

Splunk for Cisco IPS - events being broken up into multiple events

Hello, I noticed with the latest version of the app "Splunk for Cisco IPS" that events from my IPS are being broken u...

by SplunkTrust in

Data cloning - is it a exact clone

Hi All, In splunk documentation it is mentioned as follows, "Data cloning To perform data cloning, specify mult...

by Engager in

Why is my Splunk Heavy Forwarder still indexing events

Hi, I have set up a Splunk Heavy Forwarder (v6.1.1) that collects events from a number of Windows and Linux server...

by Explorer in

Getting Data In

Discussions

Why is my props.conf should_linemerge=false configuration being ignored for json objects?

How can I configure rsyslog to send data to Splunk Entreprise ?

Distributed Search: Why can't I connect a Splunk 6.2 search head to 4.3 indexers?

retrofit with splunk logging

btprobe and re-indexing data

How do I index files which do not grow, just change?

How to extract timestamp( is in bold text ) from the below event inside a file. Attached the source file. Each file content is considered as single event. currently it is taking file modification time as timestamp of the event. how to prevent this.

How to create a tag for multiple fields?

Will a universal-forwarder monitor a newly created subdirectory while it's already running, or do I need to restart the forwarder?

How to condense data from 4 non-clustered indexers that are set up as VMs into a single dedicated hardware server?

best way to concentrate logs, filter, then forward them to different indexes

Why can't we get Windows event logs to our Splunk 4.2.2 instance using a 6.2.1 universal forwarder?

Restructure existing Fields

Splunk Time Based Retention

how to reset the password using REST API

Configuring splunk forwarder. Have duplicate usernames over multiple linux hosts. How to identify unique source?

Splunk v6.0.x - LineBreakingProcessor - remote_searches.log

Splunk for Cisco IPS - events being broken up into multiple events

Data cloning - is it a exact clone

Why is my Splunk Heavy Forwarder still indexing events

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

Pulsar vs Kafka

Specific DNS queries from Splunk Stream to nullQue...

How is WinHostMon data gathered?

how to configure log4net with nested JSON?

Splunk Add-on Builder: Global Account settings

Getting Data In

Discussions

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >