Getting Data In

Discussions

Thread Info

Key value pairs vs. JSON format and multiple key value pairs

Hello, I am a new user to splunk and logging in general. So, appreciate your patience if my questions are fairly s...

by Engager in

extremely slow Search head on windows 2008 R2 standard

Hi, is anyone out there having a Slow search and missed alerts on Search head. we have installed search head on 64 bi...

by New Member in

Controlling Forwarders, and "spam" into Splunk

We have a very large environment.. and with Splunk charging by the GB/day, we obviously have an interest in controlli...

by Communicator in

Truncate on a SplunkUniversalForwarder

One of my sources coming from a universal forwarder needs to have have it's truncate option set to 0. I have edited t...

by Explorer in

Deleting data inputs

Hi, I am new to splunk and when i add datainputs i was not known about the timestamp issue and later i explored it. w...

by Explorer in

Splunk syslog event count too low compared to kiwi syslog server on Windows platform

I have configured approx. 100 access points to send syslog events to both Splunk and to a kiwi syslog server I have s...

by New Member in

Under what situation would one monitor a rolled log file?

I've heard that Splunk recommends monitoring of rolled log files (eg. file.log.1, file.log.2, etc) under certain situ...

by Champion in

Starting point of index

Hello, i would like to add a monitor for EventLog:Security. This EventLog contains many entries, and if i add it d...

by New Member in

HowTo pull logs into trusted network from a forwarder located in DMZ

Hello, I search a way to get realtime logs from DMZ-Zone into a Trusted Network, where the Indexer is located. A Fo...

by Explorer in

WinEventLog filtering on indexer

Hello there, I have currently deployed Splunk in our network using SplunkLightForwarders and one central indexing ...

by Path Finder in

WinEventLog Security Regex

Hi Everyone, I have windows security event filter setup and working on my indexer. However I want to filter on thr...

by Explorer in

Replace before importing the data in splunk

by Contributor in

How to add host name in event ?

I am forwarding data from indexer to heavy forwarder How I can append host name in event (_raw) in indxer that will b...

by Builder in

JSON/Syslog and SPATH

Hi, I have JSON data being indexed from a syslog file i.e Nov 2 23:04:47 host1 /usr/local/bin/audit.rb[24503]:...

by Path Finder in

multiple delimeter in transforms.conf is not working

by Contributor in

Data Base Retention Adjustment

Hi All I want to set my Splunk server to keep logs active for 30 days then compress those logs, save it in another...

by New Member in

Specific index forwarding to external index tier

Hello, We have a requirement that certain indexes(SSO and SSOSummary for this example) in our index cluster send t...

by Contributor in

Scripted input stream mode

Hi, I've been looking at the documentation i.e http://docs.splunk.com/Documentation/Splunk/4.3.2/Developer/Scripte...

by Path Finder in

Indexer volume unbalanced

It seems like our indexers do not properly get distributed load in our cluster according to our volume report alerts,...

by Contributor in

md5, crcSalt, gzip, oh my!

Hello Splunkers - I'm having trouble figuring out how to make the following work. I get usage files from a...

by Engager in

Getting Data In

Discussions

Key value pairs vs. JSON format and multiple key value pairs

extremely slow Search head on windows 2008 R2 standard

Controlling Forwarders, and "spam" into Splunk

Truncate on a SplunkUniversalForwarder

Deleting data inputs

Splunk syslog event count too low compared to kiwi syslog server on Windows platform

Under what situation would one monitor a rolled log file?

Starting point of index

HowTo pull logs into trusted network from a forwarder located in DMZ

WinEventLog filtering on indexer

WinEventLog Security Regex

Replace before importing the data in splunk

How to add host name in event ?

JSON/Syslog and SPATH

multiple delimeter in transforms.conf is not working

Data Base Retention Adjustment

Specific index forwarding to external index tier

Scripted input stream mode

Indexer volume unbalanced

md5, crcSalt, gzip, oh my!

Getting Data from OpenVMS into Splunk Cloud

when to use http event collector api to create ven...

Splunk cloud and Microsoft Infrastructure

How to match join on certain conditions within the...

Prevent duplicates from generic S3 input