Getting Data In

Discussions

Thread Info

How to configure universal forwarder to forward events from a specific log file in a monitored directory to a separate index?

I have a Windows computer where I need to configure the Splunk Universal Forwarder in the following way: One large...

by Communicator in

How to upgrade universal forwarders from 4.0 to 6.1.3 for AIX and Windows?

If we would like to upgrade our universal forwarders to 6.1.3, is it ok to keep our current indexer as version 5.0.5....

by Explorer in

How to configure inputs.conf on forwarder to collect Active Request and Request per second Perfmon data?

I have a forwarder on an IIS web server and I want to get some info on the Active Request and Request per sec. So...

by Path Finder in

Why did our heavy forwarder start indexing locally and how to disable this?

Hello All I have a new environment where we have a bunch of nix webservers in a DMZ. We installed universal forwar...

by Contributor in

Do Splunk inputs dedicated to universal forwarders need reverse DNS configured?

We have around 230 PCs servers spelunking to a single splunk server across a firewall. Many of these clients are n...

by Engager in

How to configure props.conf to remove any line NOT containing a certain string?

Hi. All I want is the props.conf equivalent of this delete action from sed: '/pattern/!d' That is it... ju...

by Path Finder in

list host, source by forwarder

How do i get a list comprising the fields host, source for each forwarder. Background: the admins of the machines ...

by SplunkTrust in

Questions about user-seed.conf

I have few questions regarding to user-seed.conf http://docs.splunk.com/Documentation/Splunk/latest/Admin/User-seedco...

by Communicator in

How to store lots of metadata that would be the same for each event?

We measure 50 values every 5 seconds during each hour long experiment. We do these experiments many times under diffe...

by New Member in

How to configure parameter for TailingProcessor to automatically retry reading a file after failing?

It took a while to copy the large logfile over the slow network, and it looks like the TailingProcessor gave up after...

by Path Finder in

What's the trick to get unarchive_cmd to work for a custom archive format?

I've been attempting to get the unarchive_cmd to work with no success. I decided to abandon my ultimate goal for the ...

by Super Champion in

How to change IDS logs to JSON format and index in Splunk?

Hi, I trying to index ids logs into splunk server however the log is not in good format. How can i reformat the log i...

by Engager in

Do I need to create a transforms.conf file in addition to props.conf to disable truncate for a specific sourcetype?

I have created a props.conf file to allow for logging an event of 16,000 characters. If I am reading the documentatio...

by New Member in

How to override the sourcetype of events within the same source based on the event format?

I'm trying to override the sourcetype of events within the same source (for now, a file uploaded once and indexed - o...

by Explorer in

How to fix perfmon errors "Object specified...in conf file is not valid"?

how to fix this error: ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-per...

by Explorer in

Is it possible to run a 6.1.3 universal forwarder with an AIX 5.3?

Hello, I'm wondering if is possible to run the universal forwarder with an AIX 5.3. The download page says that on...

by Explorer in

Is there a way to send data to Splunk over SSL from a third-party device without using a forwarder?

I'm trying to get Splunk to accept communication from a third-party device over SSL. The documentation is oriented to...

by Communicator in

Splunk SDK: Is there a way to set the time of an event created from Submit?

I'm currently in the process of sending data to the Splunk server through the C# SDK. The time for every event sen...

by Path Finder in

Splunk Universal Forwarder stopped working

On one of our Universal Forwarders the splunkd service stopped running. I was able to restart it and it is now workin...

by Contributor in

Interpreting errors after deleting Splunk log files

I'm reinstalling some UFs in my VM network. I'm using a suggestion posted in http://answers.splunk.com/answers/86950/...

by Explorer in

Firewall indexing latency: How to track when syslog is read by file monitor when the log is seen in search GUI?

I can find the latency for firewall log indexing like this index=Firewall | eval diff_sec=(_indextime - _time)| wh...

by Motivator in

Is it possible to modify a log that has already been indexed?

Hi? Is it possible to modify a record that has already been indexed? Or failing that, delete it and write another wi...

by Contributor in

props.conf time_format appears to be ignored even though data preview works correctly

Hello, I've been banging my head against a wall trying to figure out this problem and haven't been able to make any p...

by Engager in

Splunk 5 as VM and using Nimble Storage for shared storage

Hello everyone, Does anyone use or know anyone using Splunk 5 in this topology: 2 Splunk indexers (clustered & rep...

by Path Finder in

Is it possible to manage all saved searches in a custom app?

https://localhost/8089/servicesNS/-/search/saved/searches Is this possible, manage all saved searches displayed in...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to configure universal forwarder to forward events from a specific log file in a monitored directory to a separate index?

How to upgrade universal forwarders from 4.0 to 6.1.3 for AIX and Windows?

How to configure inputs.conf on forwarder to collect Active Request and Request per second Perfmon data?

Why did our heavy forwarder start indexing locally and how to disable this?

Do Splunk inputs dedicated to universal forwarders need reverse DNS configured?

How to configure props.conf to remove any line NOT containing a certain string?

list host, source by forwarder

Questions about user-seed.conf

How to store lots of metadata that would be the same for each event?

How to configure parameter for TailingProcessor to automatically retry reading a file after failing?

What's the trick to get unarchive_cmd to work for a custom archive format?

How to change IDS logs to JSON format and index in Splunk?

Do I need to create a transforms.conf file in addition to props.conf to disable truncate for a specific sourcetype?

How to override the sourcetype of events within the same source based on the event format?

How to fix perfmon errors "Object specified...in conf file is not valid"?

Is it possible to run a 6.1.3 universal forwarder with an AIX 5.3?

Is there a way to send data to Splunk over SSL from a third-party device without using a forwarder?

Splunk SDK: Is there a way to set the time of an event created from Submit?

Splunk Universal Forwarder stopped working

Interpreting errors after deleting Splunk log files

Firewall indexing latency: How to track when syslog is read by file monitor when the log is seen in search GUI?

Is it possible to modify a log that has already been indexed?

props.conf time_format appears to be ignored even though data preview works correctly

Splunk 5 as VM and using Nimble Storage for shared storage

Is it possible to manage all saved searches in a custom app?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Edge Processor Destination not showing up in Pipel...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!