Getting Data In

Discussions

Thread Info

How to configure Splunk to index only security events from Windows machines?

Can Splunk be configured to index only security events (failed logins, authorization changes, etc) from Windows machi...

by New Member in

Configuration to forward log files to separate indexes

Hello! I have an application that sends two different .log files to the C:\\Program Files (x86)\\Application\_Data...

by Explorer in

Why is Splunk Truncating Multi-line Events?

I'm indexing some Java application log files that use the log4j framework to output log messages. The log files are i...

by Explorer in

Add field to all events from host

Hi There, I am working on an enterprise installation. At the moment we have 1500+ hosts sending data. I'd like eac...

by Communicator in

Remove events to avoid delayed logging?

Our generated logs need to be verified for correctness. After verification, they are sent to splunk. Problem is t...

by Engager in

Splunk not applying time zone properly in clustered environment

Hi, As per Splunk documentation, Splunk applies time zone in the following order Splunk Enterprise uses any tim...

by Influencer in

filter indexing with transform

Hi, I want to only index result of this before the log flow enter the index. I want it to calculate this and then ent...

by Explorer in

Master clustering dashboard - how to get status?

On a master node, the clustering dashboard has a column called 'status' for indexers and search heads. They're either...

by Explorer in

Splunk web app not receiving message from client

Hi All, I am new to this splunk community and as such usage of splunk in general. I have a unit which is configure...

by Explorer in

Prevent escaping of special characters

Hi there, I'm reading files with fixed width fields into splunk. For extraction and masking of dedicated fields I ...

by Path Finder in

Line Break multiple access logs

I need to line break, starting at the IP and end with the time. ex: 74.100.11.60 xx.x.xxx.xxx:59726 - Unauthentica...

by Communicator in

How to send events from same path to different indexes depending on host using a single deployment?

Hello. Here's my situation. I am using the deployment server to push deployments to universal forwarders and would li...

by Builder in

Specific props.conf stanza type and supporting documentation?

I've noticed in another Splunk environment at my site that they've set up what appear to be undocumented stanzas in p...

by Contributor in

Missing columns when exporting to CSV

Hello, I have a search that returns 3 columns of data allowing us to check the first logon of the day (or last log...

by Path Finder in

Lookup field and use it as "Text Form Input Element"

Hi, is it possible to add field via lookup and use this as text form input element? I tried it out by using this x...

by Motivator in

Problems creating an UDP input: Error binding to socket in UDPInputProcessor: Permission Denied

Hello, After a new installation of universal forwarder 6.1.2 on a new RHEL6 machine we have just copied the approp...

by Path Finder in

How to get ftp files into splunk using script

Hi All, How to store ftp files into splunk using any script. any one have the script plz share me.

by Path Finder in

how much data does a particular sourcetype ingest daily

i am trying to modify the below search index=internal metrics kb series!=* "group=per_host_thruput" daysago=5 | ev...

by Path Finder in

front end

What is the front end used if the inputs are in xml format?

by Path Finder in

Ignoring events confusion

Hi Guys I have a quick and probabyly simple question, I needed to ignore an event for arguments sake lets call it ...

by Communicator in

How to configure path to log files present in remote servers?

Hi All, I recently installed splunk to analyze the logs. These logs were recorded in remote server. I want configu...

by New Member in

How to alert on noise messages while preventing indexing for most of them

We index logs from an application that is generally well behaved, but occasionally it gets into a state where it star...

by Path Finder in

unconfigured host showing up in results

when searching for a specific index and sourcetype, the results come from a host that is not configured anywhere in s...

by Path Finder in

How to exclude internal ips from a lookup file

|inputlookup internal_ip.csv gives me list of all internal IP's. I need to exclude these IP's in my below search quer...

by Explorer in

How to break multi-line event logfile so event starts when date found at beginning of a line?

Hi, I have a multi-line event logfile that I'm having issues with. I want to say that an event starts when it find...

by Champion in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to configure Splunk to index only security events from Windows machines?

Configuration to forward log files to separate indexes

Why is Splunk Truncating Multi-line Events?

Add field to all events from host

Remove events to avoid delayed logging?

Splunk not applying time zone properly in clustered environment

filter indexing with transform

Master clustering dashboard - how to get status?

Splunk web app not receiving message from client

Prevent escaping of special characters

Line Break multiple access logs

How to send events from same path to different indexes depending on host using a single deployment?

Specific props.conf stanza type and supporting documentation?

Missing columns when exporting to CSV

Lookup field and use it as "Text Form Input Element"

Problems creating an UDP input: Error binding to socket in UDPInputProcessor: Permission Denied

How to get ftp files into splunk using script

how much data does a particular sourcetype ingest daily

front end

Ignoring events confusion

How to configure path to log files present in remote servers?

How to alert on noise messages while preventing indexing for most of them

unconfigured host showing up in results

How to exclude internal ips from a lookup file

How to break multi-line event logfile so event starts when date found at beginning of a line?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

sc4s app_parsers don't seem to work

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!