Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
Benlavender

Why are Apache logs on a Windows server not forwarding with our universal forwarder configuration?

Hello, We’re trying to configure forwarding of all the Apache logs on a Windows server using the EnterpriseForwarder...
by Benlavender Explorer in Getting Data In 11-06-2014
0 6
0
6
Mag2sub

Are there any ways to increase the performance of our forwarder's current file monitor reading syslog files at 10MB/sec?

We have a forwarder file monitor reading syslog files being churned out 10MB/sec...are there any tweaks to increase p...
by Mag2sub Path Finder in Getting Data In 11-05-2014
0 3
0
3
msantich

How to configure props.conf to recognize the exact timestamp format hh:mm.ss,sss in our data?

events from a particular source have timestamps formatted as follows: hh:mm.ss,ssss - example 02:07.21,0241 this is ...
by msantich Path Finder in Getting Data In 11-05-2014
1 2
1
2
nfieglein

How to override and change incoming source and host names with JSON source and host fields?

I have JSON fields for source and host which I would like to use to override the incoming source and host. What is th...
by nfieglein Path Finder in Getting Data In 11-05-2014
0 11
0
11
afabijan

How to retrieve JSON formatted data from a web server with authentication?

Hi there, i have a Restful API that returns data in JSON format. I would like to retrieve this data into Splunk. The ...
by afabijan Explorer in Getting Data In 11-05-2014
0 4
0
4
dseabury

How to configure props.conf and transforms.conf to select events containing a string of words?

I have scoured the 'Net, Splunk docs and the Answers and found lots of good information on setting up my indexer filt...
by dseabury Explorer in Getting Data In 11-05-2014
1 5
1
5
mmonge

Is it possible to configure a Splunk forwarder from my Splunk server?

Hi. I want to configure the splunk forwarder from my splunk server. is it possible? thanks a lot!
by mmonge Engager in Getting Data In 11-05-2014
0 1
0
1
tomeumir

Why am I getting sourcetype errors after trying to configure Splunk to parse json and proper timestamp recognition?

Hi, I am trying Splunk and try to evaluate it as a tool for managing the logs of our in-house applications. I am uplo...
by tomeumir Engager in Getting Data In 11-05-2014
1 3
1
3
j_thomas

Universal Forwarder not able to read all logs

Here is my input.conf: [monitor:///var/log] crcSalt = disabled = false index = main From this it should recursivel...
by j_thomas Explorer in Getting Data In 11-05-2014
2 24
2
24
justin_deutsch

Where do I start to look for Forwarder issues?

I have a a number of light weight forwarders pointing to a single heavy forwarder point which in turn points to a sin...
by justin_deutsch Explorer in Getting Data In 11-04-2014
2 1
2
1
thinksplunk

Filter strings of event before index

Hi, as i'm new to using Splunk, i would like to know how to filter the string "2013-09-20 16:53:00, 231 Success trans...
by thinksplunk Engager in Getting Data In 11-04-2014
0 5
0
5
jessew

Is it possible to forward filtered data from one indexer to another? If yes, how?

We have a business need that requires a filtered set of data from one indexer be shipped offsite to another indexer. ...
by jessew New Member in Getting Data In 11-04-2014
0 1
0
1
karthikTIL

How to search for a source file with a timestamp in the name?

HI, I have files everyday with timestamp automatically like report_3nov2014.csv report_4nov2014.csv report_5nov2014....
by karthikTIL Path Finder in Getting Data In 11-04-2014
1 4
1
4
bliss989

How do I setup a field extract, field transform to change sourcetype?

I am struggling with the relationship between the field extract and the field transformation with regards to sourcety...
by bliss989 Engager in Getting Data In 11-04-2014
0 2
0
2
ampledata

Splunk Cloud: Why are event timestamps not being extracted from JSON data, using the event's index time instead?

Per: http://docs.splunk.com/Documentation/Storm/Storm/User/Sourcesandsourcetypes I've tried sending JSON events to S...
by ampledata Splunk Employee Splunk Employee in Getting Data In 11-04-2014
0 3
0
3
a212830

How can I get oldest event per host from metadata

Hi, Is there a way to get the oldest event dates for certain hosts using metadata?
by a212830 Champion in Getting Data In 11-04-2014
0 3
0
3
aruncse83

How to run simple shell script on Forwarding agent and send the standard output to Splunk indexer?

Looking to run a script every minute on the splunk forwarders and would like to send the standard output to the splun...
by aruncse83 Explorer in Getting Data In 11-04-2014
0 2
0
2
rbal_splunk

AD Schema - Inaccurate in v6 for pwdLastSet badPasswordTime lastLogon lastLogonTimestamp

Issue is using 'admon' input on Windows with Splunk 6.x some of the key column for AD Schema are wrong, this seems li...
by rbal_splunk Splunk Employee Splunk Employee in Getting Data In 11-04-2014
0 3
0
3
djconroy

Can you use directory monitors in a cluster configuration?

We have tried using the Universal Forwarder for sending logs from one of our servers to our Splunk indexer cluster us...
by djconroy Path Finder in Getting Data In 11-04-2014
0 3
0
3
dmishra001

How to forward select events from one indexer to another indexer?

by dmishra001 New Member in Getting Data In 11-04-2014
0 3
0
3
mikaelbje

Internal field for originating forwarder

Is there a way to see the originating forwarder for a specfic event? I haven't found any internal/metadata fields. Th...
by mikaelbje Motivator in Getting Data In 11-04-2014
0 2
0
2
steveirogers

How to determine what is causing a Splunk indexer to consume more than 10% of the daily license?

My environment generates on average about 12GB of logs daily (out of a license for 20GB). The Splunk indexer is gene...
by steveirogers Communicator in Getting Data In 11-04-2014
0 3
0
3
akelly4

How to convert a timestamp field to epoch format?

I'm loading a file via Data Inputs into Splunk on a daily basis. When I load the file the _time field is the current ...
by akelly4 Path Finder in Getting Data In 11-03-2014
2 3
2
3
jwalzerpitt

Am I breaking any best practices doing a chmod to grant a Splunk user access to Linux log files?

I would like to configure Splunk to monitor some log files in var/log and when i go to add data and select the direct...
by jwalzerpitt Influencer in Getting Data In 11-03-2014
0 2
0
2
t9445

Why deployment server sees Linux UX univeral forwarder as the GUID even with a set ServerName?

Hello, we have what appears to be an incredibly weird scenario going on: We commonly override the serverName for dep...
by t9445 Path Finder in Getting Data In 11-03-2014
0 1
0
1
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...