Getting Data In

Discussions

Thread Info

How to get a list of servers that are reporting into Splunk via universal forwarder, WMI or both where count > 1?

i want to get a list of servers that are reporting into splunk via UF or WMI or both, i have this going for me, but i...

by Contributor in

What is the best practice for handling CRLF character replacement?

We have 2 large datafeeds into Splunk, email and SQL Trace outputs, but the CRLF characters in both feeds are creatin...

by New Member in

A possible timestamp match is outside of the acceptable time window.

im not getting any new logs into splunk after i set up a new input "file monitor". the CSV has no time stamps so splu...

by Contributor in

Why am I unable to connect my Windows universal forwarder to the Sandbox?

All - I would like to experiment with Splunk Cloud but I am having an issue getting any data into my sandbox. ...

by Path Finder in

Which forwarder do I need to install on SUSE Linux 10?

Hello guys, I have a question which need your help! I am using splunk enterprise 6.1.1 on win server 2003 (32bit). No...

by New Member in

Timestamp ascending

Hello, I have a problem concerning the timestamp of my logfiles. We want to look through a large textfile with str...

by Explorer in

How can i list the host under a tag?

Hi, I have tag of diff. host. Now i have made my search that it results in a list of hosts. How do I make that searc...

by Communicator in

How monitor logs on a UNC path?

Hello, I've been given the task of finding out how we can setup Splunk to monitor logs on a UNC path. What are the...

by Explorer in

How to set Execute rights for shell scripts on Windows Forwarder Management?

Hi all, I'm using Forwarder Management on a Splunk instance running on Windows. I've created an app to get some da...

by Builder in

After installing a universal forwarder, why am I only receiving splunkd logs, not Windows event logs?

hey, I'm trying to get windows event logs (security , application ..etc.. ) to my Splunk server. I installed S...

by Communicator in

How do I split UDP:514 traffic for VMware and Cisco so they both have their respective indexes

Scenario: (DEV environment) I have one indexer and one universal forwarder. I have both the indexer and the forwar...

by Explorer in

How to configure inputs.conf to forward PingFederate (.evtx) IIS logs in Splunk?

Hello Everyone, I need to forward IIS logs from one of my hosts, so wrote inputs.conf in deployment server and dep...

by Path Finder in

Is it possible to set up Windows Event Viewer forwarding from one server to multiple indexes?

Is it possible to set up Windows Event Viewer forwarding from one server to multiple Splunk indexes? We're in a sh...

by New Member in

How To Get Datetime Difference?

Hello guys, can anyone help me to get the lenght of each operation? I have start datetime and end datetime, both are ...

by Contributor in

What is recommended to monitor multiple files in the same directory and assign them each different sourcetypes?

We have the opportunity to pull our EZproxy logs from the vendor via SFTP. During my testing in development, I upload...

by Motivator in

How to configure props.conf and transforms.conf to filter events with LogLevel=INFO to nullQueue?

Hi guys. I have a JBoss ServerLog that contains events with the following LogLevels: INFO WARNING ERROR SEVERE ...

by Path Finder in

Cooked connection to ip timed out

We already have universal forwarders set up on multiple servers that are working fine. I have installed a new univers...

by New Member in

Skipped Indexing

What does this message mean and how does one resolve it. Has appeared now for several days. Using at best 1% of disk ...

by Explorer in

Is it possible to upgrade a Splunk forwarder by providing the *.exe file via the deployment server?

Hi, As per the documentation, Splunk Forwarder must be upgraded directly from the host itself or using a deploymen...

by Communicator in

Why am I getting duplicate Windows event log entries for the same record, but different hosts, sources and sourcetypes?

I get two entries in splunk for the same record (RecordNumber=10993503). One with host name as FQDN and source type a...

by Path Finder in

Getting Data In

Discussions

How to get a list of servers that are reporting into Splunk via universal forwarder, WMI or both where count > 1?

What is the best practice for handling CRLF character replacement?

A possible timestamp match is outside of the acceptable time window.

Why am I unable to connect my Windows universal forwarder to the Sandbox?

Which forwarder do I need to install on SUSE Linux 10?

Timestamp ascending

How can i list the host under a tag?

How monitor logs on a UNC path?

How to set Execute rights for shell scripts on Windows Forwarder Management?

After installing a universal forwarder, why am I only receiving splunkd logs, not Windows event logs?

How do I split UDP:514 traffic for VMware and Cisco so they both have their respective indexes

How to configure inputs.conf to forward PingFederate (.evtx) IIS logs in Splunk?

Is it possible to set up Windows Event Viewer forwarding from one server to multiple indexes?

How To Get Datetime Difference?

What is recommended to monitor multiple files in the same directory and assign them each different sourcetypes?

How to configure props.conf and transforms.conf to filter events with LogLevel=INFO to nullQueue?

Cooked connection to ip timed out

Skipped Indexing

Is it possible to upgrade a Splunk forwarder by providing the *.exe file via the deployment server?

Why am I getting duplicate Windows event log entries for the same record, but different hosts, sources and sourcetypes?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Using tokens in Base and Chain searches in Dashboa...

Splunk IPFIX from NSX-T

Need to drop logs in Syslog-ng

Get logs from Windows Subsystem for Linux

Splunk Connect for Kubernetes - what are the fluen...

Getting Data In

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>