Getting Data In

Discussions

Thread Info

How to receive snmp trap in window machine from the remote network device?

I have to set windows xp machine as a server which has install splunk software to receive snamp trap from other remot...

by New Member in

How to debug evt_resolve_ad_obj on a universal forwarder?

Hi, I am trying to debug evt_resolve_ad_obj not working properly? How do I enable debug to see wich Domain Co...

by Path Finder in

How to efficiently get a list of of Windows hosts WITH the Target Domain Name field?

Howdy. For quite a while we have been using this to generate a useful and pretty list of all Windows Server hosts, sh...

by Explorer in

Is there a limit to the number of whitelist/blacklist configurations for security event ID filtering?

We are trying to configure event ID filtration for security events, but even after using the below configuration, the...

by Explorer in

Multiple gzip broken pipe errors

I am seeing many errors like the below: {timestamp} INFO ArchiveProcessor - handling file=/path/to/file.gz{timesta...

by Engager in

Why is the splunkd.log reporting lots of "DistributedPeerManager - Unable to distribute to peer named...because peer has status = "Down"."?

I have a very busy search head that complains : DistributedPeerManager - Unable to distribute to peer named slxxxx...

by Path Finder in

Index selection conditional on values in the data

I've got a bunch of key-value data, something sorta like this: a=1,b=2,c=3,d=4 a=5,b=6,c=7,d=8 a=9,b=2,c=10,d=11 (...

by Path Finder in

How to add a column/field based on csv table

I have a search like: sourcetype="AAA"|table _time userid, and I have a table like userid, username, how to make the...

by Explorer in

Routing to nullQueue - version 6.2

Hello All, I am attempting to filter out specific events from a given input, they're useless and I don't want to wast...

by Explorer in

How to configure Splunk to recognize logs sent in syslog CEF format?

Hi all, I've configured a Splunk Universal Forwarder to receive logs that are sent by other syslog in CEF format b...

by Path Finder in

pipe in srchFilter

I would like to apply a dedup to all searches performed by users in a certain role. Is there a way to do this with th...

by Engager in

How to monitor all windows event logs?

Is there a setting I can put in the inputs.conf file that would automatically grab all windows event logs? This would...

by Communicator in

Why is my props and transforms configuration not renaming a sourcetype as expected?

Hi, I think I have everything in place to change the sourcetype name, but something is not happening. All the othe...

by Path Finder in

圧縮ファイルをmonitoringしていると重複イベントがインデックスされる

Splunk 6.2.3を使い、複数ディレクトリ内にある複数のgzファイルをmonitoringしていますが、このSplunkインスタンスを再起動すると既にインデックス済みのgzファイルの内容がもう一度インデックスされてしまいます。回...

by Contributor in

Prepend all lines forwarded with a timestamp

Hi, We have an application log that doesn't contain timestamps, but we'd actually like to have them within the raw...

by Path Finder in

For WinEventLog://Security, how to use "renderXml=true" for some EventCodes but "renderXml=false" for others?

I know the "simplest" way is to stand up a second instance of Splunk and have completely different values for renderX...

by Esteemed Legend in

How to troubleshoot why an indexer is only receiving data from 50% of forwarders in my environment?

I spent hours trying to figure this out Friday, and it's been bugging me all weekend. So, I'm hoping the community ca...

by Path Finder in

Why is there a one hour difference between event timestamps and index time of my data?

Hi Splunksters, I am having an issue with the time the data is being indexed and the actual events being exactly o...

by Communicator in

How to delete data from syslog-ng after Splunk indexes it, and confirm the data is indexed before deletion?

Is there a way to have Splunk delete the data from a syslog-ng server after it indexes it? Would like to confirm that...

by Path Finder in

using the API to get graphs

Hello I would like to use the API to embed graphs to an external page. Is this at all possible? I looked at the ex...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to receive snmp trap in window machine from the remote network device?

How to debug evt_resolve_ad_obj on a universal forwarder?

How to efficiently get a list of of Windows hosts WITH the Target Domain Name field?

Is there a limit to the number of whitelist/blacklist configurations for security event ID filtering?

Multiple gzip broken pipe errors

Why is the splunkd.log reporting lots of "DistributedPeerManager - Unable to distribute to peer named...because peer has status = "Down"."?

Index selection conditional on values in the data

How to add a column/field based on csv table

Routing to nullQueue - version 6.2

How to configure Splunk to recognize logs sent in syslog CEF format?

pipe in srchFilter

How to monitor all windows event logs?

Why is my props and transforms configuration not renaming a sourcetype as expected?

圧縮ファイルをmonitoringしていると重複イベントがインデックスされる

Prepend all lines forwarded with a timestamp

For WinEventLog://Security, how to use "renderXml=true" for some EventCodes but "renderXml=false" for others?

How to troubleshoot why an indexer is only receiving data from 50% of forwarders in my environment?

Why is there a one hour difference between event timestamps and index time of my data?

How to delete data from syslog-ng after Splunk indexes it, and confirm the data is indexed before deletion?

using the API to get graphs

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Issue filtering events with regex and props.conf

Why am I receiving warning in Splunk log for timed...

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...