Getting Data In

Discussions

Thread Info

How to configure a forwarder to blacklist specific events for an EventCode that contain a certain process name in the message?

I am trying to set up the custom config for forwarding only specific Splunk logs. I am testing filtering out specific...

by Engager in

Why is inline conversion of XML string using XMLKV not working?

I have the following search which extracts the inner XML pieces. I'm trying to re-parse the resulting strings into XM...

by New Member in

Can a Splunk 6.3 heavy forwarder send data to a 6.1 indexer, and can I use index parallelization on the HF to forward this data?

Hi, I have a multi-part question. First, can a 6.3 Heavy Forwarder sent to a 6.1 indexer? And second, can I use th...

by Champion in

OS Compatibility: Can a Splunk universal forwarder be installed on a machine running SCO UNIXWARE 7.1.4?

I've been asked to install a Splunk Universal Forwarder on an machine running: SCO UNIXWARE 7.1.4 I can't find any...

by Communicator in

After stopping the forwarder on an AIX server, why are we not retrieving events from files after starting it up again?

I had a forwarder on an AIX server sending a number of log files to my Splunk Indexer and all was working well. Th...

by Engager in

How and why did all events but one get deleted from an index?

Hey folks, I'm new to Splunk and I am currently reading the "Big Data Analytics Using Splunk" Book published by ap...

by Path Finder in

Is it best practice to collect data from network drives using a heavy forwarder? I'm seeing performance issues.

Hello and good morning, I have a heavy forwarder that takes inputs from several network drives and it's working fi...

by Influencer in

Is there a way to use sedcmd in props.conf to mask firstName, lastName, and birthDate values in my data?

I'm trying to mask birthDate and firstname. For example my Splunk results yields something like.... <firstName>jam...

by Path Finder in

Why are events coming in over source:tcp-ssl not assigned a hostname?

Dear Splunkers Recently we reconfigured our remote syslog clients to deliver their logs over source:tcp-ssl instea...

by Engager in

Is it possible for Windows event logs to be flagged up on the Active Directory and passed to a Splunk server via universal forwarder?

I have been assigned with the task of implementing Splunk on my company network. I have Syslog communication with my ...

by Path Finder in

epoch _time conversion

Hello, I'm trying to retrieve a readable time value from a time stamp, so I ran this command: eval "Time of mos...

by Communicator in

Most recent set of events

Hello, Some time ago I was looking for a way to search for events grouped around a date but I think it was an over...

by Communicator in

Can I configure a universal forwarder to send syslog messages to a syslog server?

Could some one help me out here.. Can I configure a Universal forwarder to send the syslog messages to a (non splu...

by New Member in

How to define a field delimiter "|#|" that contains multiple symbols?

Hi sir/madam, We have some files that fields are separated by |#|. How can we define the field delimiter? We have ...

by Explorer in

How to extract the date from CSV to use as the _time field?

Date Time Sail Date Ship_Code Duration Activity_Code Book_Type Cabin # Channel Id Location Code 20151023 000001 1511...

by Engager in

Why do soft deleted sources return after indexer restart?

Why do soft deleted sources return after indexer restart? This has happened to us every time. We are performing a hig...

by Contributor in

How do I add a form to my dashboard that has a combination of a text and drop-down input for filtering?

I want to add an input form to take an input from text as well as drop-down. thanks in advance.

by New Member in

Why are our Splunk Forwarders each logging "ERROR DiskMon - None such on disk: /opt/splunkforwarder/var/run/splunk/dispatch" 144 times a day?

We are seeing these errors in the forwarders splunkd.log from every Splunk forwarder we have 144 times per 24hr perio...

by Explorer in

How to connect with and retrieve logs from Azure Active Directory?

Hi to everyone I need to get logs from Azure AD (Active Directory for Microsoft Azure). Do you know how to do this...

by Communicator in

Is there a way to find out how much data each indexer has for an index?

We have some TA's that we're suspicious are loading data disproportionately and we'd like to know if the indexers hav...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to configure a forwarder to blacklist specific events for an EventCode that contain a certain process name in the message?

Why is inline conversion of XML string using XMLKV not working?

Can a Splunk 6.3 heavy forwarder send data to a 6.1 indexer, and can I use index parallelization on the HF to forward this data?

OS Compatibility: Can a Splunk universal forwarder be installed on a machine running SCO UNIXWARE 7.1.4?

After stopping the forwarder on an AIX server, why are we not retrieving events from files after starting it up again?

How and why did all events but one get deleted from an index?

Is it best practice to collect data from network drives using a heavy forwarder? I'm seeing performance issues.

Is there a way to use sedcmd in props.conf to mask firstName, lastName, and birthDate values in my data?

Why are events coming in over source:tcp-ssl not assigned a hostname?

Is it possible for Windows event logs to be flagged up on the Active Directory and passed to a Splunk server via universal forwarder?

epoch _time conversion

Most recent set of events

Can I configure a universal forwarder to send syslog messages to a syslog server?

How to define a field delimiter "|#|" that contains multiple symbols?

How to extract the date from CSV to use as the _time field?

Why do soft deleted sources return after indexer restart?

How do I add a form to my dashboard that has a combination of a text and drop-down input for filtering?

Why are our Splunk Forwarders each logging "ERROR DiskMon - None such on disk: /opt/splunkforwarder/var/run/splunk/dispatch" 144 times a day?

How to connect with and retrieve logs from Azure Active Directory?

Is there a way to find out how much data each indexer has for an index?

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

HTTP Event Collector Connection Actively Refused a...

Behaviour of app.conf with deployment server

Ingest Actions error

Splunk OTEL Collector throwing Timeout and Authent...

HEC stopped working