Getting Data In

Discussions

Thread Info

Monitor logs on Indexers and forward to another indexer cluster

In my environment, we send everything to our indexer cluster and use data cloning using TCPROUTING on the universal f...

by Path Finder in

Original Timestamp Value/Format

Hello, I'm looking for a way to capture the original timestamp value/format from various logs. Here are some of the f...

by Builder in

AWS CWAgent are not getting to Splunk

Hi I have configured my input files as follows to get the cwagent custom metrics but metrics are not getting to Splu...

by New Member in

splunk-kubernetes-logging in Kubernetes cluster getting error_class=Net::OpenTimeout error="execution expired"

I am trying to setup splunk-kubernetes-logging. I have my daemonset running on my worker nodes, but fluentd is failin...

by New Member in

How to index Kubernetes STDOUT data in Splunk?

Need your help, Can you please tell us, how to receive Kubernetes STDOUT data in Splunk Enterprise? Kubernetes is ...

by Builder in

default.meta [views\setup]

Hello guys,Does anyone know what views\setup found in default.meta means? Also if Search & Reporting app default.m...

by Builder in

Strip control/color codes

I have log files with color codes and control characters that we'd like to strip because they clutter the search resu...

by Communicator in

splunk forwarder upgrade

Hi All i have a requirement to upgrade splunk forwarder from 7.1 to 7.3.3, I will use sccm to upgrade to 7.3.3, exper...

by New Member in

Splunk HF send only auditd, syslog, linux_secure to 3rd party syslog

I am having trouble wrapping my head around how to configure a HF to forward the sourcetypes of syslog and auditd to ...

by Explorer in

Why am I getting "ERROR UiPythonFallback - Appserver at http://127.0.0.1:8065 never started up!" on my Splunk 6.2.1 indexers?

I am new to Splunk, and noticed the web interface for my Indexers is offline. After reviewing the logs I found the...

by Engager in

How to split String sentence into one row?

Hello, I have a fields in my index named MESSAGE. [BBB] ProcessGenererIdentifiantLMKRImpl/genererIdentifiantLM...

by Explorer in

WinEventlog Input for [WinEventLog://Microsoft-Windows-Shell-Core/AppDefaults]

Hi, I try to monitor Microsoft-Windows-Shell-Core/AppDefaults directory. I tried adding it to SplunkTAwindows ...

by Influencer in

Can I add additional monitor stanzas on an indexers inputs.conf?

In my indexers inputs.conf we have the standard stanza in place for receiving inbound logs from forwarders. [splun...

by Path Finder in

logs being cutoff

Running Splunk Enterprise and Splunkforwarder, both on RHEL, and we are having issues with the front portion of some ...

by Path Finder in

Forwarder load balancing over SSL to indexer cluster ?

Currently trying to load balance data from forwarder to indexer cluster ( idx1 & idx2) over ssl . So this configur...

by Engager in

Json file is getting truncated while uploading

Hi all, when i upload a json file to splunk, the data is getting truncated and the full data is not being uploaded. B...

by Explorer in

how to get props.conf to separate unstructured data

i want to have 3 fileds in the below unstructured data. i need props.conf for the below data. 1st is always heading....

by Builder in

Help indexs /etc/resolv as sourcetype config_file?

All, I need to monitor the /etc/resolv as sourcetype config_file in my env. This is well below the 256 byte min f...

by Builder in

windows application log files.

I'm trying to configure splunk to ingest two application logfiles, not the event logs the actual application logfile ...

by New Member in

Forwarder SSL and NO-SSL Forwarding

Hi all, I've an enviroment like this: 1 Search Head Cluester ( 3 servers ) ; 1 Indexers Cluster ( 4 server ); 1 De...

by Path Finder in

Getting Data In

Discussions

Monitor logs on Indexers and forward to another indexer cluster

Original Timestamp Value/Format

AWS CWAgent are not getting to Splunk

splunk-kubernetes-logging in Kubernetes cluster getting error_class=Net::OpenTimeout error="execution expired"

How to index Kubernetes STDOUT data in Splunk?

default.meta [views\setup]

Strip control/color codes

splunk forwarder upgrade

Splunk HF send only auditd, syslog, linux_secure to 3rd party syslog

Why am I getting "ERROR UiPythonFallback - Appserver at http://127.0.0.1:8065 never started up!" on my Splunk 6.2.1 indexers?

How to split String sentence into one row?

WinEventlog Input for [WinEventLog://Microsoft-Windows-Shell-Core/AppDefaults]

Can I add additional monitor stanzas on an indexers inputs.conf?

logs being cutoff

Forwarder load balancing over SSL to indexer cluster ?

Json file is getting truncated while uploading

how to get props.conf to separate unstructured data

Help indexs /etc/resolv as sourcetype config_file?

windows application log files.

Forwarder SSL and NO-SSL Forwarding

Does anybody know how to set log retention in sysl...

Get count of top level keys from JSON?

Failed to reap viewstate

Extract-Display the Details Tab from windows event...

crushed logs master