Getting Data In

Community Activity

Can you upgrade forwarders to Splunk 6.2 without upgrading indexers running 6.1? Say you are running a 6.1 indexer. Can you upgrade the forwarders to 6.2 versions without upgrading the indexer? by sysadm1n New Member in Getting Data In 11-21-2014 0 1	0	1
How to write a monitor stanza in inputs.conf to add a path for .xml files? i need to add the path below to my inputs.conf file and it has a lot of .xml files `/ibuapps/sales/2014-11-11//.xml... by brod_geico Path Finder in Getting Data In 11-21-2014 0 3	0	3
How to configure inputs.conf to blacklist Windows Event Logs on indexer? Hi, I below is the inputs.conf which i have configured on my indexer, but it is not blocking anything. is this is co... by kpavan Path Finder in Getting Data In 11-21-2014 0 6	0	6
Recommended load balancer for indexer Hi splunkers, I just want to ask for any recommended or even tested loadbalancer upon forwarding logs to 3 indexers.... by sympatiko Communicator in Getting Data In 11-21-2014 0 7	0	7
Is there any ways to limit network traffic between Search Head and Peers ? Hi Splunkers, I know about we are able to limit network traffic between Peer （a.k.a. Indexer ）and Universal Forward... by sunrise Contributor in Getting Data In 11-21-2014 1 5	1	5
How to troubleshoot error on Splunk 6 universal forwarder "TcpOutputProc - Forwarding to indexer group GSOC blocked for 9500 seconds."? how to fix this error , "WARN TcpOutputProc - Forwarding to indexer group GSOC blocked for 9500 seconds". I cant rec... by tiny3001 Path Finder in Getting Data In 11-21-2014 0 1	0	1
Is it possible to send Fortigate logs to multiple indexers via forwarders? Hi, Good day splunkers. Is it the possible to forward Fortigate logs to multiple indexers via forwarders?, I already... by sympatiko Communicator in Getting Data In 11-21-2014 0 1	0	1
Access Control: Is it possible to create views based on index name and/or sourcetype that we can set permissions for individually? Hi all, I've got a new set of logs from one of our development teams for some in-house applications. They have writt... by javiergn Super Champion in Getting Data In 11-20-2014 1 7	1	7
How to configure props.conf to filter out events with CTRL-M (^M)? Hi, It seems log file contains CTRL-M character will cause duplicate parsing in splunk indexer so I would like to fil... by shangshin Builder in Getting Data In 11-20-2014 0 10	0	10
How to monitor and report the amount of data indexed per host? How can I use Splunk to tell me how much data per day each host is forwarding to Splunk? Basically, I need a report t... by feickertmd Communicator in Getting Data In 11-20-2014 0 4	0	4
Conf files — splitting long lines I am trying to split some really long lines we have put in our .conf files using the traditional Unix way of escaping... by MikhailArefiev Explorer in Getting Data In 11-19-2014 0 5	0	5
Why am I getting "ERROR TcpInputProc - Received unexpected 1380997408 byte message" forwarding my fortigate logs to Splunk? Hi, I'm just new with splunk. I'm getting this error upon forwarding my fortigate logs to splunk. How can I set splu... by sympatiko Communicator in Getting Data In 11-19-2014 0 4	0	4
Does splunk store the datetime each specific event was indexed ? Sometimes, when troubleshooting inputs on large installations (deployment apps, several layers of forwarders, etc), i... by ruiaires Path Finder in Getting Data In 11-19-2014 0 1	0	1
How to write regex to identify and use current timestamp for event if the timestamp field in data is missing? Hi all, I want the "date" field to be used as timestamp. However, in some of the events this field is missing and so... by saileec Engager in Getting Data In 11-19-2014 0 3	0	3
Command-line syntax to deploy universal forwarder with SSL certificates? Based on the documentation provided, the proper command-line arguments to be used when deploying certificates is CERT... by vonStauf Explorer in Getting Data In 11-19-2014 1 1	1	1
How to remove sources from disk via CLI? Hello, We’re looking to remove data from one of our indexes, preferably using the clean operator from the CLI. We h... by Benlavender Explorer in Getting Data In 11-19-2014 0 1	0	1
Why am I getting "Connection to host=:9997 failed" after configuring a universal forwarder on Linux? I have configured a universal forwarder on one of our Linux systems. When i check the logs it shows Connection to ho... by nitheeshp86 New Member in Getting Data In 11-19-2014 0 1	0	1
Why am I getting errors failing to parse a Unix timestamp with my current configuration? I have unix timestamp in my data file . review/time: 1182816000 review/summary: Periwinkle... To parse this timesta... by akshaybahetii New Member in Getting Data In 11-18-2014 0 7	0	7
Error while Redirect 514 to 9997 Hi guys, I have a source that send log via syslog push tcp 514. The configuration is working well on my SPlunk test ... by bgaignon Path Finder in Getting Data In 11-18-2014 0 7	0	7
What happens when distributed search is enabled and one of the indexers goes down? Hello, I've read Splunk documentation on that matter but I'm not able to find my answer. Does anyone know how Splunk... by gnoellbn Explorer in Getting Data In 11-18-2014 0 2	0	2
Is there a way to create an additional index based on a discovered field? I went through the Exploring Splunk book which states that the data is indexed w.r.t. _time, host , source & sourceTy... by mohitab Path Finder in Getting Data In 11-17-2014 0 7	0	7
How to troubleshoot why 90 data data retention configuration is not being applied? I want to freeze all data older than 90 days. My /opt/splunk/etc/system/local/indexes.conf file looks like this [de... by rblalock New Member in Getting Data In 11-17-2014 0 2	0	2
How to configure data inputs to forward files from storage instead of local drives? Hi, i want to forward files from the storage instead of from the local drives, what would be the solution? thks by newbiesplunk Path Finder in Getting Data In 11-17-2014 0 2	0	2
How to configure apache access logs generated in access.log_timestamp format in inputs.conf ? Hi , We have apache access logs generated in below format . access.log_2014.11.11 , access.log_2014.11.12 , ac... by danishdanish1 New Member in Getting Data In 11-17-2014 0 1	0	1
Cant find data added through inputs.conf I tried adding the data through inputs.conf. I am trying to add sample log file from my system to the splunk server. ... by vaishnavi07 Explorer in Getting Data In 11-17-2014 0 20	0	20

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

Getting Data In

Can you upgrade forwarders to Splunk 6.2 without upgrading indexers running 6.1?

How to write a monitor stanza in inputs.conf to add a path for *.xml files?

How to configure inputs.conf to blacklist Windows Event Logs on indexer?

Recommended load balancer for indexer

Is there any ways to limit network traffic between Search Head and Peers ?

How to troubleshoot error on Splunk 6 universal forwarder "TcpOutputProc - Forwarding to indexer group GSOC blocked for 9500 seconds."?

Is it possible to send Fortigate logs to multiple indexers via forwarders?

Access Control: Is it possible to create views based on index name and/or sourcetype that we can set permissions for individually?

How to configure props.conf to filter out events with CTRL-M (^M)?

How to monitor and report the amount of data indexed per host?

Conf files — splitting long lines

Why am I getting "ERROR TcpInputProc - Received unexpected 1380997408 byte message" forwarding my fortigate logs to Splunk?

Does splunk store the datetime each specific event was indexed ?

How to write regex to identify and use current timestamp for event if the timestamp field in data is missing?

Command-line syntax to deploy universal forwarder with SSL certificates?

How to remove sources from disk via CLI?

Why am I getting "Connection to host=:9997 failed" after configuring a universal forwarder on Linux?

Why am I getting errors failing to parse a Unix timestamp with my current configuration?

Error while Redirect 514 to 9997

What happens when distributed search is enabled and one of the indexers goes down?

Is there a way to create an additional index based on a discovered field?

How to troubleshoot why 90 data data retention configuration is not being applied?

How to configure data inputs to forward files from storage instead of local drives?

How to configure apache access logs generated in access.log_timestamp format in inputs.conf ?

Cant find data added through inputs.conf

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation