Getting Data In

Ask a Question

Discussions

Thread Info

How to fix my universal forwarders' configuration to monitor and forward syslog data?

Hello I have this schema : [syslog:received_514;forward_1514] [SplunkUF:received_1514;forward_2000] [SplunkUF2:...

by New Member in

How to audit files in Splunk monitoring security events in windows 2012 server.

Hi Splunkers, I need a help to audit some files in Microsoft Windows 2012, files like C:\Windows\System32\drivers...

by Communicator in

how to convert datetime from UTC to ET in search results

we have indexed data in UTC format and want to display in the search results stats as ET zone. Can you please provide...

by Builder in

Windows - How to monitor XML files within a sub-directory

I want to monitor XML files residing inside sub-directories. Files inside Path : D:\Roll\DIP\SessionLogs\35\1....

by Motivator in

What sourcetype should I use to index my mongo logs?

We currently have a mongodb cluster who's logs I would like to index to splunk, but there appears to be no sourcetype...

by New Member in

Using F5 BIG IP to load balance in front of indexers

Hi, When load balancing among multiple indexers, would it work if F5 BIG IP is placed in front of the indexers to rec...

by Path Finder in

How to retrieve data TOPIC / QUEUE from ActiveMQ to Splunk?

I want to know how to retrieve the data TOPIC / QUEUE from ActiveMQ to Splunk Regards !

by Explorer in

How to setup data inputs configuration for universal forwarder and receiver?

Hi All, I have installed splunkforwarder-6.0.3 on windows server and configured .conf as below. Please let me know...

by Path Finder in

how to filter event logs by type?

I've setup up event log monitoring on a few machines. I don't need to index and monitor anything but warnings and err...

by Engager in

What is the best way to match more than 3000 patterns used to classify events into multiple sourcetypes?

Hi All, We have more than 3000 patterns which are used to classify events into multiple sourcetypes. What is the b...

by Builder in

How to add input stanzas to monitor Windows application, security and system logs via command line?

After installing Splunk Universal forwarder in Windows Server ., how to add monitor stanzas for getting windows appli...

by Motivator in

How to configure SSL universal forwarder and receiver?

hey I configure an SSL forward. But I have this error : Forwarder - Error : TcpInputConfig - SSL clause not...

by New Member in

How to monitor .pfx file in splunk ?

Can we able to monitor .pfx - (Certificate file) in splunk Is there any specific sourcetype already pre-defined for i...

by Motivator in

How to customize nullqueue and indexqueue filtering with new patterns over time?

Hi, I have a scenario like this: I want to filter data using NullQueue and IndexQueue. I also have the patterns with ...

by Communicator in

How do I forward specific Splunk 5.x indexes to Splunk 6.x?

I'm trying to forward specific indexes to a test splunk box with the latest version. So, I set forwarding defaults to...

by Communicator in

How to write regex to create new events before a certain time format?

Hi, Please some help me to create new event if i find HH:MM:SS time format in logs for sourcetype perfLog. I ha...

by Communicator in

How to troubleshoot busy queues reaching near peak values of 100%?

Hi, I noticed today that a number of my queues (aggqueu, indexqueue, parsingqueue, typingqueue) are reaching near ...

by Champion in

Can I set Splunk Forwarder Memory Use Limit?

We have forwarders installed on our Domain Controllers to get the Windows event logs. Our Domain Admin is excited abo...

by Communicator in

Splunk 6 REST API - Delete Custom Dashboards

Hi, In our application, we are using the REST API to create / delete custom dashboards in splunk. For delete, w...

by Engager in

What will be the size of the indexed data if I send 50GB of raw data to Splunk?

I send daily 50 GB raw data from my machines to Splunk for indexing what will be the size of the data after it got in...

by Motivator in

Which takes precedence - frozenTimePeriodInSeconds or maxTotalDataSizeMB

Hi, Which takes precedence in indexes.conf - frozenTimePeriodInSeconds or maxTotalDataSizeMB? Also, if I set maxTo...

by Champion in

If props.conf is used on a universal forwarder, does the parsing automatically happen there?

I downloaded the Windows App TA, which has props.conf settings that go on the UF TA. I am now noticing that when I...

by Communicator in

How to clone a saved search via REST API command? Is there documentation on this?

How would I clone a saved search via the REST API? I do not see any documentation in the REST API endpoints regarding...

by Path Finder in

Why is Splunk forwarder is not forwarding events?

Hi, We have installed Splunk to forward audit logs from LDAP to server02 and are not getting any events from the s...

by New Member in

How to forward logs from one Splunk server to another Splunk server?

Can you please tell us, how to forward the logs from one splunk server to another. because we are already receiving l...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to fix my universal forwarders' configuration to monitor and forward syslog data?

How to audit files in Splunk monitoring security events in windows 2012 server.

how to convert datetime from UTC to ET in search results

Windows - How to monitor XML files within a sub-directory

What sourcetype should I use to index my mongo logs?

Using F5 BIG IP to load balance in front of indexers

How to retrieve data TOPIC / QUEUE from ActiveMQ to Splunk?

How to setup data inputs configuration for universal forwarder and receiver?

how to filter event logs by type?

What is the best way to match more than 3000 patterns used to classify events into multiple sourcetypes?

How to add input stanzas to monitor Windows application, security and system logs via command line?

How to configure SSL universal forwarder and receiver?

How to monitor .pfx file in splunk ?

How to customize nullqueue and indexqueue filtering with new patterns over time?

How do I forward specific Splunk 5.x indexes to Splunk 6.x?

How to write regex to create new events before a certain time format?

How to troubleshoot busy queues reaching near peak values of 100%?

Can I set Splunk Forwarder Memory Use Limit?

Splunk 6 REST API - Delete Custom Dashboards

What will be the size of the indexed data if I send 50GB of raw data to Splunk?

Which takes precedence - frozenTimePeriodInSeconds or maxTotalDataSizeMB

If props.conf is used on a universal forwarder, does the parsing automatically happen there?

How to clone a saved search via REST API command? Is there documentation on this?

Why is Splunk forwarder is not forwarding events?

How to forward logs from one Splunk server to another Splunk server?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

multivalue field extraction using props and transf...

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions