Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Splunk universal forwarder fails to start - AIX

Hi, I installed the universal forwarder 6.1 for AIX. splunkforwarder-6.1.1-207789-AIX-powerpc.tar splunk@xx...

by Path Finder in

What is the process on the Splunk side to index syslogs through UDP?

Can anyone please explain the steps to taken on the Splunk side to get the syslogs through UDP? After configuring ...

by Builder in

Import Websense data to Splunk

Has anyone added Websense data to Splunk and would you mind sharing that process?

by New Member in

UF not sending logs from all folders monitored

Hello Splunkers. I have an issue that I've been dealing with for the past 2 days but no success in solving it. I'm...

by Communicator in

Which is the recommended way to input heavy load JSON data to Splunk?

Hi everyone, I'm developing an integration with Splunk, and right now I'm using the Splunk Java SDK with the REST API...

by Engager in

How to change which index a sourcetype is indexed to?

Hi, Currently I am using "Index1" for "sourcetype1". I want to change this "sourcetype1" to a new index "Index2"....

by Path Finder in

How to add application data into Splunk?

I have a legacy application and I want to get as much application data into Splunk as I can. I'm hoping to go well be...

by New Member in

Why am I getting "IndexError: list index out of range" trying to get the session key in a Splunk REST API call?

I am trying to get the result of a search from Splunk, but when I try to get the session key, I am getting the follow...

by Explorer in

To change the date format for events, do we modify datetime.xml on the Indexer or forwarder?

Hi, Fairly simple question, but I can't find the answer. Since we never use the illogical date format month-day-ye...

by Builder in

Why is the Host IP value from udp:514 syslog input incorrect for one device?

Hi, I'm collecting syslog events sent by different network equipment. For all devices, the host value is recorded ...

by Explorer in

Determining indexes.conf settings for all indexes combined

I've spent hours studying the documentation and articles outside of splunkbase about configuring indexing, and I'm st...

by Path Finder in

Why are inputs.conf stanzas not working properly from rsyslog host?

I have the following directories on my rsyslog forwarder (sysloghost): /var/log/remote/servacsv/2015-09-27.log /var/l...

by Path Finder in

How to receive snmp trap in window machine from the remote network device?

I have to set windows xp machine as a server which has install splunk software to receive snamp trap from other remot...

by New Member in

How to debug evt_resolve_ad_obj on a universal forwarder?

Hi, I am trying to debug evt_resolve_ad_obj not working properly? How do I enable debug to see wich Domain Co...

by Path Finder in

How to efficiently get a list of of Windows hosts WITH the Target Domain Name field?

Howdy. For quite a while we have been using this to generate a useful and pretty list of all Windows Server hosts, sh...

by Explorer in

Is there a limit to the number of whitelist/blacklist configurations for security event ID filtering?

We are trying to configure event ID filtration for security events, but even after using the below configuration, the...

by Explorer in

Multiple gzip broken pipe errors

I am seeing many errors like the below: {timestamp} INFO ArchiveProcessor - handling file=/path/to/file.gz{timesta...

by Engager in

Why is the splunkd.log reporting lots of "DistributedPeerManager - Unable to distribute to peer named...because peer has status = "Down"."?

I have a very busy search head that complains : DistributedPeerManager - Unable to distribute to peer named slxxxx...

by Path Finder in

Index selection conditional on values in the data

I've got a bunch of key-value data, something sorta like this: a=1,b=2,c=3,d=4 a=5,b=6,c=7,d=8 a=9,b=2,c=10,d=11 (...

by Path Finder in

How to add a column/field based on csv table

I have a search like: sourcetype="AAA"|table _time userid, and I have a table like userid, username, how to make the...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Splunk universal forwarder fails to start - AIX

What is the process on the Splunk side to index syslogs through UDP?

Import Websense data to Splunk

UF not sending logs from all folders monitored

Which is the recommended way to input heavy load JSON data to Splunk?

How to change which index a sourcetype is indexed to?

How to add application data into Splunk?

Why am I getting "IndexError: list index out of range" trying to get the session key in a Splunk REST API call?

To change the date format for events, do we modify datetime.xml on the Indexer or forwarder?

Why is the Host IP value from udp:514 syslog input incorrect for one device?

Determining indexes.conf settings for all indexes combined

Why are inputs.conf stanzas not working properly from rsyslog host?

How to receive snmp trap in window machine from the remote network device?

How to debug evt_resolve_ad_obj on a universal forwarder?

How to efficiently get a list of of Windows hosts WITH the Target Domain Name field?

Is there a limit to the number of whitelist/blacklist configurations for security event ID filtering?

Multiple gzip broken pipe errors

Why is the splunkd.log reporting lots of "DistributedPeerManager - Unable to distribute to peer named...because peer has status = "Down"."?

Index selection conditional on values in the data

How to add a column/field based on csv table

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

SQS-Based-S3 Input for Cloudtrail black list event...

Splunk OTEL Forwarder- Is there a values.yaml file...

How to highlight the data in the Map for regions E...

Dashboard Studio - Adding a drop down to filter re...

Splunk Cloud: HEC is not receiving data from cribl...