Getting Data In

Community Activity

Splunk Architecture for Production Hi, We have 140 production servers, where we are planning to install universal forwarders. Further we need to do pr... by meenal901 Communicator in Getting Data In 08-22-2014 0 2	0	2
Why do I always get an error trying to connect Splunk DB Connect to Informix database? Hi, I am trying to connect Splunk Db Connect to informix database but I always get an error when I am saving the co... by hxa27 Path Finder in Getting Data In 08-21-2014 1 3	1	3
How to forward _internal events to indexer, but keep them locally on deployment server? I am working with the following architecture: Search HeadMultiple IndexersDeployment Server / License Master We rec... by areber04 Explorer in Getting Data In 08-21-2014 2 1	2	1
Is it possible to use an indexer's IP address for output on universal forwarder, but display the host name on the indexer? Hi, Is there a way to use the IP address of the indexer on the universal forwarder but have the name of the host dis... by splunkmasterfle Path Finder in Getting Data In 08-21-2014 0 1	0	1
How to deploy Splunk default certificates in syslog-ng ? We have generated default certs in Splunk for forwarder and its working fine with Splunk Universal forwarder. Can you... by dhavamanis Builder in Getting Data In 08-21-2014 0 1	0	1
How to import text file results of a powershell script when app is opened? I have a powershell script that outputs a text file. What I want to do is have that powershell script run once a day... by slashnburn Path Finder in Getting Data In 08-21-2014 0 1	0	1
Scripted Input: Cannot open file from /myapp/local Hello all, I have a perl script which is located in /myapp/bin and a configuration file in /myapp/local. I have adde... by vincenteous Communicator in Getting Data In 08-21-2014 0 3	0	3
Monitor in inputs.conf only indexes some files but not others with no discernible pattern I have a pretty standard monitor stanza defined on my web servers with the intention of indexing the config files [m... by neiljpeterson Communicator in Getting Data In 08-21-2014 0 2	0	2
How to configure scripted inputs and check if they are running? I have followed some documentation on adding inputs to from scripts, and have the following: A batch script, which c... by slashnburn Path Finder in Getting Data In 08-21-2014 0 5	0	5
disable port 443 on indexer Is it possible to disable port 443 on indexers? If so how? Is there a CL or is it through the UI? by smudge797 Path Finder in Getting Data In 08-21-2014 0 3	0	3
Why am I getting error message 'invalid key in stanza' after installing a universal forwarder? Hi All, When I installed the splunk universal forwarder on my linux server and restarted the splunk service, there r... by ford1863 New Member in Getting Data In 08-21-2014 0 2	0	2
How to configure forwarder to filter and forward data to a third party system? We need to forward data to a third party system. I would need to forward all data with sourcetype as *_syslog to the ... by premg Engager in Getting Data In 08-19-2014 0 1	0	1
Filter condition based on multiple events Hi There, I have a search that outputs table data that looks like this: Customer Service_Name User Customer-12... by mahesh_ravji1 Explorer in Getting Data In 08-19-2014 1 2	1	2
Can I specify different authentication mechanisms for the Web UI and Admin port? I'm trying to support LDAP on the web UI and a custom authentication script for the admin port (rest api). Is it p... by juniormint Communicator in Getting Data In 08-19-2014 0 2	0	2
Distributed Architecture: If data is sent to two heavy forwarders, how do you prevent duplicate logs? Hi, We are moving to a distributed architecture with 1 search head, 1 indexer and 2 heavy forwarders. The idea is t... by Alteek Explorer in Getting Data In 08-19-2014 1 2	1	2
How to configure inputs.conf and outputs.conf for full Splunk instance and a universal forwarder? Hello Experts, I have two laptops A & B both on same network. I have Installed Splunk free version on Laptop A and i... by Raghav2384 Motivator in Getting Data In 08-18-2014 0 3	0	3
IOError: [Errno 30] Read-only file system - No .lock Hello, There is another thread with the same title and it looks like the same problem however there is no .lock afte... by jcollins77 Explorer in Getting Data In 08-18-2014 0 3	0	3
How to parse JSON with JSON array to identify fields? Could someone guide me through to parse JSON within JSON array? I have tried many different variations with spath com... by ziyod2005 Explorer in Getting Data In 08-18-2014 0 2	0	2
How do I configure timestamp extraction where day may be one or two digits I have a timestamp of form [10/15/11 11:55:08:992 PDT] . . . log entry text . . . I expect I can try the following s... by clmiller Engager in Getting Data In 08-18-2014 1 3	1	3
Trigger HTTP call for every event received at Real time I have an use case in which for every event/data-input that reaches the Splunk server, certain fields need to be pars... by thebosshere Explorer in Getting Data In 08-18-2014 1 4	1	4
How to apply two levels of filtering during parsing in heavy forwarder? I have data on which i want to apply 2 level of filtering before indexing Let the complete data set be called A Leve... by meenal901 Communicator in Getting Data In 08-18-2014 0 1	0	1
Event latency due to Intermittent forwarder & indexer timed out issues Our site has 20+ indexers and 5000+ forwarders. The indexers and forwarders are on splunk 6.0.x. We are suspecting ... by splunkIT Splunk Employee in Getting Data In 08-15-2014 1 2	1	2
How to check Splunk forwarder versions on multiple hosts? I want to check the Splunk forwarder versions of about 70-90 hosts. Is there any way to do this? Is it possible from ... by shilpijain Explorer in Getting Data In 08-15-2014 1 4	1	4
extract date with characters between I try to transform a date string, into a date, to enable splunk to sort it. Here is a sample : 2013-01-17T09:35:49Z ... by sbsbb Builder in Getting Data In 08-15-2014 0 5	0	5
Can the splunk forwarder and the splunk instance reside on the same server and partition with out conflict? I have an instance of splunk installed and the universal forwarder installed on the same partition? Does Splunk suppo... by mad4wknds Path Finder in Getting Data In 08-14-2014 0 2	0	2

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Getting Data In

Splunk Architecture for Production

Why do I always get an error trying to connect Splunk DB Connect to Informix database?

How to forward _internal events to indexer, but keep them locally on deployment server?

Is it possible to use an indexer's IP address for output on universal forwarder, but display the host name on the indexer?

How to deploy Splunk default certificates in syslog-ng ?

How to import text file results of a powershell script when app is opened?

Scripted Input: Cannot open file from /myapp/local

Monitor in inputs.conf only indexes some files but not others with no discernible pattern

How to configure scripted inputs and check if they are running?

disable port 443 on indexer

Why am I getting error message 'invalid key in stanza' after installing a universal forwarder?

How to configure forwarder to filter and forward data to a third party system?

Filter condition based on multiple events

Can I specify different authentication mechanisms for the Web UI and Admin port?

Distributed Architecture: If data is sent to two heavy forwarders, how do you prevent duplicate logs?

How to configure inputs.conf and outputs.conf for full Splunk instance and a universal forwarder?

IOError: [Errno 30] Read-only file system - No .lock

How to parse JSON with JSON array to identify fields?

How do I configure timestamp extraction where day may be one or two digits

Trigger HTTP call for every event received at Real time

How to apply two levels of filtering during parsing in heavy forwarder?

Event latency due to Intermittent forwarder & indexer timed out issues

How to check Splunk forwarder versions on multiple hosts?

extract date with characters between

Can the splunk forwarder and the splunk instance reside on the same server and partition with out conflict?

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation