Getting Data In

Community Activity

What is a search to find a users logging into windows? index=main sourcetype="WinEventLog:Security" EventCode=4624 \|stats count by Account_Name by mcronkrite Splunk Employee in Getting Data In 11-22-2014 0 1	0	1
How does compression work and what should I expect to see in volume of data as it is stored in an index in SPLUNK 6.1.2 and 6.2? I am trying to understand what I should expect to see regarding the volume of data I ingest into SPLUNK and its volum... by garryclarke Path Finder in Getting Data In 11-22-2014 0 1	0	1
How do I alias the hostname and FQDN as the same machine? I'm getting events that show sources as the hosts, but Splunk is indicating that the simple hostname and the FQDN are... by cdyates New Member in Getting Data In 11-22-2014 0 1	0	1
UF config works on CentOS/RedHat, but not on Ubuntu server Looking for suggestions for the obvious that I might have overlooked as to why a UF config distributed by Deployment ... by grijhwani Motivator in Getting Data In 11-22-2014 0 5	0	5
Purge queue on forwarder / indexer down I had one of my indexers go down a couple weeks back. Since then each of my forwarders is trying to send events to t... by nocostk Communicator in Getting Data In 11-21-2014 4 4	4	4
Is there a way to see current connections on IIS servers? Hello, I am trying to create a dashboard or a search to be able to view the current connections on our IIS servers. ... by eziemer New Member in Getting Data In 11-21-2014 0 11	0	11
Can you upgrade forwarders to Splunk 6.2 without upgrading indexers running 6.1? Say you are running a 6.1 indexer. Can you upgrade the forwarders to 6.2 versions without upgrading the indexer? by sysadm1n New Member in Getting Data In 11-21-2014 0 1	0	1
How to write a monitor stanza in inputs.conf to add a path for .xml files? i need to add the path below to my inputs.conf file and it has a lot of .xml files `/ibuapps/sales/2014-11-11//.xml... by brod_geico Path Finder in Getting Data In 11-21-2014 0 3	0	3
How to configure inputs.conf to blacklist Windows Event Logs on indexer? Hi, I below is the inputs.conf which i have configured on my indexer, but it is not blocking anything. is this is co... by kpavan Path Finder in Getting Data In 11-21-2014 0 6	0	6
Recommended load balancer for indexer Hi splunkers, I just want to ask for any recommended or even tested loadbalancer upon forwarding logs to 3 indexers.... by sympatiko Communicator in Getting Data In 11-21-2014 0 7	0	7
Is there any ways to limit network traffic between Search Head and Peers ? Hi Splunkers, I know about we are able to limit network traffic between Peer （a.k.a. Indexer ）and Universal Forward... by sunrise Contributor in Getting Data In 11-21-2014 1 5	1	5
How to troubleshoot error on Splunk 6 universal forwarder "TcpOutputProc - Forwarding to indexer group GSOC blocked for 9500 seconds."? how to fix this error , "WARN TcpOutputProc - Forwarding to indexer group GSOC blocked for 9500 seconds". I cant rec... by tiny3001 Path Finder in Getting Data In 11-21-2014 0 1	0	1
Is it possible to send Fortigate logs to multiple indexers via forwarders? Hi, Good day splunkers. Is it the possible to forward Fortigate logs to multiple indexers via forwarders?, I already... by sympatiko Communicator in Getting Data In 11-21-2014 0 1	0	1
Access Control: Is it possible to create views based on index name and/or sourcetype that we can set permissions for individually? Hi all, I've got a new set of logs from one of our development teams for some in-house applications. They have writt... by javiergn Super Champion in Getting Data In 11-20-2014 1 7	1	7
How to configure props.conf to filter out events with CTRL-M (^M)? Hi, It seems log file contains CTRL-M character will cause duplicate parsing in splunk indexer so I would like to fil... by shangshin Builder in Getting Data In 11-20-2014 0 10	0	10
How to monitor and report the amount of data indexed per host? How can I use Splunk to tell me how much data per day each host is forwarding to Splunk? Basically, I need a report t... by feickertmd Communicator in Getting Data In 11-20-2014 0 4	0	4
Conf files — splitting long lines I am trying to split some really long lines we have put in our .conf files using the traditional Unix way of escaping... by MikhailArefiev Explorer in Getting Data In 11-19-2014 0 5	0	5
Why am I getting "ERROR TcpInputProc - Received unexpected 1380997408 byte message" forwarding my fortigate logs to Splunk? Hi, I'm just new with splunk. I'm getting this error upon forwarding my fortigate logs to splunk. How can I set splu... by sympatiko Communicator in Getting Data In 11-19-2014 0 4	0	4
Does splunk store the datetime each specific event was indexed ? Sometimes, when troubleshooting inputs on large installations (deployment apps, several layers of forwarders, etc), i... by ruiaires Path Finder in Getting Data In 11-19-2014 0 1	0	1
How to write regex to identify and use current timestamp for event if the timestamp field in data is missing? Hi all, I want the "date" field to be used as timestamp. However, in some of the events this field is missing and so... by saileec Engager in Getting Data In 11-19-2014 0 3	0	3
Command-line syntax to deploy universal forwarder with SSL certificates? Based on the documentation provided, the proper command-line arguments to be used when deploying certificates is CERT... by vonStauf Explorer in Getting Data In 11-19-2014 1 1	1	1
How to remove sources from disk via CLI? Hello, We’re looking to remove data from one of our indexes, preferably using the clean operator from the CLI. We h... by Benlavender Explorer in Getting Data In 11-19-2014 0 1	0	1
Why am I getting "Connection to host=:9997 failed" after configuring a universal forwarder on Linux? I have configured a universal forwarder on one of our Linux systems. When i check the logs it shows Connection to ho... by nitheeshp86 New Member in Getting Data In 11-19-2014 0 1	0	1
Why am I getting errors failing to parse a Unix timestamp with my current configuration? I have unix timestamp in my data file . review/time: 1182816000 review/summary: Periwinkle... To parse this timesta... by akshaybahetii New Member in Getting Data In 11-18-2014 0 7	0	7
Error while Redirect 514 to 9997 Hi guys, I have a source that send log via syslog push tcp 514. The configuration is working well on my SPlunk test ... by bgaignon Path Finder in Getting Data In 11-18-2014 0 7	0	7

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Getting Data In

What is a search to find a users logging into windows?

How does compression work and what should I expect to see in volume of data as it is stored in an index in SPLUNK 6.1.2 and 6.2?

How do I alias the hostname and FQDN as the same machine?

UF config works on CentOS/RedHat, but not on Ubuntu server

Purge queue on forwarder / indexer down

Is there a way to see current connections on IIS servers?

Can you upgrade forwarders to Splunk 6.2 without upgrading indexers running 6.1?

How to write a monitor stanza in inputs.conf to add a path for *.xml files?

How to configure inputs.conf to blacklist Windows Event Logs on indexer?

Recommended load balancer for indexer

Is there any ways to limit network traffic between Search Head and Peers ?

How to troubleshoot error on Splunk 6 universal forwarder "TcpOutputProc - Forwarding to indexer group GSOC blocked for 9500 seconds."?

Is it possible to send Fortigate logs to multiple indexers via forwarders?

Access Control: Is it possible to create views based on index name and/or sourcetype that we can set permissions for individually?

How to configure props.conf to filter out events with CTRL-M (^M)?

How to monitor and report the amount of data indexed per host?

Conf files — splitting long lines

Why am I getting "ERROR TcpInputProc - Received unexpected 1380997408 byte message" forwarding my fortigate logs to Splunk?

Does splunk store the datetime each specific event was indexed ?

How to write regex to identify and use current timestamp for event if the timestamp field in data is missing?

Command-line syntax to deploy universal forwarder with SSL certificates?

How to remove sources from disk via CLI?

Why am I getting "Connection to host=:9997 failed" after configuring a universal forwarder on Linux?

Why am I getting errors failing to parse a Unix timestamp with my current configuration?

Error while Redirect 514 to 9997

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation