Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
xdaxdb

Why am I getting unexpected behavior specifying files as data inputs versus directories?

I am not getting expected behavior when specifying inputs. All my logs are in a folder called "/syslog/" 1.3M -rw-r...
by xdaxdb Explorer in Getting Data In 10-23-2014
0 11
0
11
riodutchie

Define python binary for universal forwarder 5.0.5?

I'm working in an environment where we have the universal forwarder (5.0.5 - old I know) installed on all our systems...
by riodutchie Explorer in Getting Data In 10-23-2014
0 7
0
7
bbiandov

Why does Splunk forwarder not report on any default monitored directories?

I noticed that a new install of splunkforwarder automatically monitors the following directories: Monitored Director...
by bbiandov Path Finder in Getting Data In 10-23-2014
1 2
1
2
ulrich_track

Non-matching timestamps and wrong breaks on timestamp

I have a log file with a timestamp at the beginning of an event in the format YYYY-MM-DD HH:MM:SS.mmm. The automatic ...
by ulrich_track Path Finder in Getting Data In 10-23-2014
0 2
0
2
rnr

What happens when a log file gets renamed and later compressed?

Hi, I've looked though similar questions about log rotation and also the most related documentation topic here http:...
by rnr Path Finder in Getting Data In 10-23-2014
1 5
1
5
sonicZ

"DateParserVerbose - Failed to parse timestamp" Error: Can TIME_FORMAT accept multiple formats?

I am getting these errors, even though i think i have the timestamp parsed correctly based on other splunk answers. ...
by sonicZ Contributor in Getting Data In 10-22-2014
0 1
0
1
dgravesa1

How to convert time format of 2014-10-22 15:32:00 to 10/22/2014 15:32:00

by dgravesa1 New Member in Getting Data In 10-22-2014
0 2
0
2
Ant1D

Can SSL configuration be applied on Splunk Universal Forwarders?

Can SSL configuration be applied on Splunk Universal Forwarders? My understanding is that it was only available on Sp...
by Ant1D Motivator in Getting Data In 10-22-2014
1 4
1
4
BT_Neophyte

Why is my auditd log data not appearing in Splunk and don't see any errors in splunkd.log on forwarder or indexers?

I've set up forwarding many times, but for some reason cannot get my auditd log to properly appear in Splunk. I'm ban...
by BT_Neophyte Explorer in Getting Data In 10-22-2014
0 2
0
2
srinathd

How to convert time format of 20090930 to 30-Sep-2009?

I want to get the time in this format 2009-Sep-30 from 20090930
by srinathd Contributor in Getting Data In 10-22-2014
0 1
0
1
khuongdp

How to configure inputs.conf to setup two separate monitoring rules?

I have these 2 group: [monitor:///pack/jboss/server/edu01_*/logs/server.log] sourcetype = server_log index = myindex...
by khuongdp New Member in Getting Data In 10-22-2014
0 2
0
2
gekoner

How to forward data from one Splunk indexer to another indexer?

I have created an outputs.conf on my Indexer. With the following stanza. [output] defaultGroup = indexerB [indexAnd...
by gekoner Communicator in Getting Data In 10-21-2014
0 1
0
1
smudge797

How to configure props.conf for Splunk to recognize all timestamps in these logs?

Splunk is not recognizing the timestamps in these logs. Some are picked up but others are grouped together into a si...
by smudge797 Path Finder in Getting Data In 10-21-2014
0 3
0
3
mehhos

How to configure a heavy forwarder to filter out data before sending logs to the indexer?

Hi, I like to filter out "%ASA-4-106023" before sending log to splunk indexer, Below are my config: inputs.conf [m...
by mehhos Engager in Getting Data In 10-21-2014
0 2
0
2
psharkey

How to troubleshoot why events of the same sourcetype are being indexed in two indexes?

I have Splunk Universal Forwarders installed on my Windows Domain Controllers. Up until 5 weeks ago, sourcetype=Activ...
by psharkey Explorer in Getting Data In 10-21-2014
1 1
1
1
jodros

Performance Tuning Suggestions for TCP Syslog Running on Server 2012

I know this is not a Splunk specific question, however I have asked a similar question in the past about tuning for U...
by jodros Builder in Getting Data In 10-21-2014
0 1
0
1
jmc82

Can an input be enabled or disabled based on another input?

I have a dashboard containing a checkbox with some values. These values are OR'd together in my search string. For ex...
by jmc82 Explorer in Getting Data In 10-21-2014
2 1
2
1
fernandoandre

tcp and persistent queues

After reading this and this I'm not sure about the use of persistent queues on Splunk. In particular, in one implem...
by fernandoandre Communicator in Getting Data In 10-21-2014
1 2
1
2
sjnorman

Universal Forwarder Not Monitoring Directory

I am having issues setting up a UNIX universal forwarder to monitor IBM IHS http log files -- it does not appear to b...
by sjnorman Explorer in Getting Data In 10-20-2014
0 3
0
3
jbouch03

How to configure LINE_BREAKER to split a multiline event?

alt textI have a log file that writes everything in one line. I'm try to count the number of events in the logfile bu...
by jbouch03 Path Finder in Getting Data In 10-20-2014
0 3
0
3
ltrand

Does anyone have a good search to help track and report the weekly upgrade progress for universal forwarder agents?

I was wondering if anyone has a good search that can help track the weekly upgrade progress for UF agents? With the ...
by ltrand Contributor in Getting Data In 10-20-2014
1 1
1
1
soniaraj13

how to avoid duplicate data when a file is created with the same name which was delete earlier.

Hi, I see duplicate data getting ingested when a file which was already ingested is being recreated upon a system fa...
by soniaraj13 New Member in Getting Data In 10-20-2014
0 1
0
1
David

Leveraging spath with arbitrary JSON fields

I have a datasource that looks like this: { "results": { "serverone": { "time": 2, "results": 3...
by David Splunk Employee Splunk Employee in Getting Data In 10-19-2014
0 1
0
1
royimad

Monitoring logs sent by email to splunk

Hello Splunkies, I was wondering if splunk could monitor a logs sent by email to splunk server. if yes how this coul...
by royimad Builder in Getting Data In 10-18-2014
0 2
0
2
rsawant

How to index Oracle dynamic performance views (v_$transaction, v_$session etc) in Splunk?

I want to index the dynamic performance views that are available in SYS of Oracle Database on Splunk. These views inc...
by rsawant Explorer in Getting Data In 10-17-2014
1 5
1
5
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

How Edge Processor's Durable Queue Works

Edge Processor sits in one of the most consequential places in any Splunk pipeline: between your data sources ...
Top Solution Authors
View All