Getting Data In

Discussions

Thread Info

Splunk Universal/Heavy Forwarder with compression has low CPU utilisation

I'm planning a Splunk deployment that will involve 2 indexers, 1 search head and 4 forwarders spread across various n...

by Explorer in

Deletion of indexed logs

if i use "| delete" the data are still stored in the indexers. is there anyway to physically remove them?

by Communicator in

Universal Forwarders and indexing

From a Windows box where the Universal Forwarder is installed, we're picking up a CSV extract (table.csv) every 24 ho...

by Builder in

Another "Linebreak not working" question

My developers have an unorthodox format for their logs. The only timestamp on a multi-line log entry is at the very e...

by Explorer in

multiple monitor for same directory

I am attempting to read different types of log into various sources. But all the logs belong in the same directory an...

by Communicator in

Whitelist/blacklist multiple files in same directory

ive been reading the documentation and am stumped at this part: If you create a blacklist line for each file...

by Communicator in

SplunkForwarder inputs.conf - pick one log file if exists, else pick another

Is there a way to configure SplunkForwarder inputs.conf to do the following? The goal is to monitor a few director...

by Path Finder in

Limit/Filter data indexed based on sourcetype volume

Is there a way to limit the number of events indexed for a given sourcetype within a given amount of time? For exa...

by Explorer in

Received unrecognized signature --splunk-cooked-mode-v3--

Hi, I just upgraded two Splunk LWF 4.1.4 to Splunk UF 4.2.1 , other Splunk instances ( middle forwarders and indexers...

by Communicator in

Splunk server Vs Windows agent

Hello, Splunk server in linux and agent in windows. 1)How to check from client or server cofig files ? 2)I cre...

by New Member in

Parse apache access log in transforms.conf

I noticed there are 2 default sourcetype for apache log. However, we are using a different format in out apache web s...

by Contributor in

How to create sourcetype for different type of files in a same folder

hi, Logs is the foldername which I am having two types of files which having same format of data.Since splunk not ...

by Communicator in

How do I find out what prop file is catching my data?

This is a weird one. I uploaded some data one time and I set the sourcetype to "MyStuff" and dropped it into my test ...

by Engager in

Splunk Forwarder

Hi I am trying to evaluate Splunk to monitor log (simple txt format) from directory. I am able to setup everything i...

by Builder in

Storage question

Where does the indexed data gets stored? Do they somehow get reduplicated when the logs are indexed? i.e. I'm plan...

by Communicator in

New line appears in event as "\n" -- how can I replace them with a new line?

I'm working with Nessus vulnerability scanner results such as the following: results|192.168.1|192.168.1.100|gener...

by Communicator in

getting host from file name?

Hi, I have a bunch of files within a directory that I am monitoring. The host is not contained within the data, bu...

by Champion in

Modify event types via API (curl)

I'm trying to script something out to create an event type and then set the permissions on it. I've got the creation ...

by Communicator in

Search with join where comparing event time

I'm trying to detect when a server goes from an error state to operational on our load balancers for an email alert. ...

by Path Finder in

Resource Monitoring

Good day, I want to be able to monitor CPU, Physical and Virtual memory usage of an individual windows service on ...

by Communicator in

Getting Data In

Discussions

Splunk Universal/Heavy Forwarder with compression has low CPU utilisation

Deletion of indexed logs

Universal Forwarders and indexing

Another "Linebreak not working" question

multiple monitor for same directory

Whitelist/blacklist multiple files in same directory

SplunkForwarder inputs.conf - pick one log file if exists, else pick another

Limit/Filter data indexed based on sourcetype volume

Received unrecognized signature --splunk-cooked-mode-v3--

Splunk server Vs Windows agent

Parse apache access log in transforms.conf

How to create sourcetype for different type of files in a same folder

How do I find out what prop file is catching my data?

Splunk Forwarder

Storage question

New line appears in event as "\n" -- how can I replace them with a new line?

getting host from file name?

Modify event types via API (curl)

Search with join where comparing event time

Resource Monitoring

DataParserVerbose - Accepted time format has chang...

how to extract json fields in a mixed type log out...

Cisco CNAE problems with script data input

Best Practice for Adding a Transforms on Indexers

(Caused by ProxyError('Cannot connect to proxy.', ...