Getting Data In

Discussions

Thread Info

When should I use Report or Transform on props.conf?

When should I use Report and when should I use Transform on the props.conf?

by Path Finder in

How to set host in inputs.conf?

I'm getting data in syslog format with the host set to localhost. I know what server this is coming from but don't ha...

by New Member in

how - metadata host by index and sourcetype recentTime

This search produces the most recent timestamp for every host for aa specific index | metadata type=hosts ind...

by Path Finder in

How to use inputlookup with csv file to import two multi value fields in a search?

Hello, I try to use inputlookup with a csv file to import two multi value fields in a search. The two fields are both...

by Communicator in

No Wineventlogs With Universal Forwarder 6.1.2 on Windows Server 2008 R2

I recently installed the newest UF on a server to test before rolling out to the rest of the environment. I am able t...

by Builder in

What is the difference between Splunk Enterprise and Universal Forwarder?

Hi All, I am a newbie to splunk. I have gone through a number of video tutorials on the net. Hi All, I would li...

by Engager in

Is it possible to use a HOSTNAME variable to populate a field or metadata?

Hi, I have splunk reading from a farm of syslog servers. I don't control the syslog config, so I have to live with...

by Champion in

Quick Question - CPU Search Limit on Search Head or Indexer?

We are running into max concurrent searches issues, as our deployment is getting more and more used. Is the limit bas...

by Builder in

How to configure universal forwarder or use environment variables to monitor folder in different Windows OS versions?

Using the Universal Forwarder I need to monitor a folder, so I am editing the inputs.conf file. However, in Window...

by Explorer in

Changes to transforms not working

I am trying to prune some noise from my logs. Here are my props.conf and transforms.conf. Any Idea what I am missing....

by New Member in

How to chart total number of each hostname that appear in 2 databases from csv files?

Hi Splunkers, I have built the following chart extracting hostnames from .csv files that have been exported from both...

by Contributor in

Reload realtimeoutput.conf without restarting Splunkd

Is it possible to restart the RTO app without restarting Splunkd? We have the RTO app installed on each of our indexe...

by Explorer in

Use transforms.conf to share LINE_BREAKER and TIME_ settings for indexer?

I am working on a large set of log that Splunk will monitor for a 3rd party app which has nearly 2 dozen logs to be m...

by Explorer in

How to limit date timestamp parsing view?

I have a proxy server that is double date stamping events. This is not normally an issue, but I ran into a hydridizat...

by Path Finder in

Inputs.conf configuration to monitor 2 catalina log files in same directory with different formats and sourcetypes?

Hi, I need to monitor two catalina logfiles that are in the same directory, but have different formats (and source...

by Champion in

Working with two filters for one event row

I have one drop down and one text input, I need the user to be able to by both components OR INDIVIDUAL, one optional...

by Contributor in

How to extract date from a field name in a csv file?

I'm struggling with extracting a date value from a field name in a csv file. I have a field named "Status for 2014-28...

by Builder in

How to disable a particular source temporarily?

Hi Team, One of the source throwing more logs and it is consuming more volume, so it leads to the license warning....

by Explorer in

How to setup linebreak and parse SUN IDM Server.log?

I am trying to setup a new linebreak for SUN IDM Server.log and the log outputs the following: [#|2014-07-21T11:32...

by Engager in

Is there a list of perfmon objects available to monitor for Windows using Splunk?

Hi, Is there a list somewhere that shows what perfmon objects are available to monitor for Windows, using Splunk?

by Champion in

Can you disable indexing for a heavy forwarder and use it only for parsing data?

Is it possible to disable all indexing operations in a heavy forwarder and use it exclusively for data parsing? I ...

by Engager in

Does splunk forwarder lock files when reading them?

I have a script that generates log files which are stored in an area spidered by a splunk forwarder. Whilst running m...

by Path Finder in

SNMP traps received by Splunk, send notification only if clear SNMP trap not received within 5 minutes.

All, I'm wondering if it is possible to have Splunk to monitor SNMP traps, but only to send a notification out if ...

by Engager in

Problem with network logs

I setup a data input from a network source. They are IIS logs and they reside on a networked drive. I setup the input...

by Path Finder in

How to lookup from results of another lookup

I am trying to pipe the results of one lookup to another to essentially join the data. In the search below I am tryin...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

When should I use Report or Transform on props.conf?

How to set host in inputs.conf?

how - metadata host by index and sourcetype recentTime

How to use inputlookup with csv file to import two multi value fields in a search?

No Wineventlogs With Universal Forwarder 6.1.2 on Windows Server 2008 R2

What is the difference between Splunk Enterprise and Universal Forwarder?

Is it possible to use a HOSTNAME variable to populate a field or metadata?

Quick Question - CPU Search Limit on Search Head or Indexer?

How to configure universal forwarder or use environment variables to monitor folder in different Windows OS versions?

Changes to transforms not working

How to chart total number of each hostname that appear in 2 databases from csv files?

Reload realtimeoutput.conf without restarting Splunkd

Use transforms.conf to share LINE_BREAKER and TIME_ settings for indexer?

How to limit date timestamp parsing view?

Inputs.conf configuration to monitor 2 catalina log files in same directory with different formats and sourcetypes?

Working with two filters for one event row

How to extract date from a field name in a csv file?

How to disable a particular source temporarily?

How to setup linebreak and parse SUN IDM Server.log?

Is there a list of perfmon objects available to monitor for Windows using Splunk?

Can you disable indexing for a heavy forwarder and use it only for parsing data?

Does splunk forwarder lock files when reading them?

SNMP traps received by Splunk, send notification only if clear SNMP trap not received within 5 minutes.

Problem with network logs

How to lookup from results of another lookup

Get Schooled with Splunk Education: Explore Our Latest Courses

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR