Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

SplunkForwarder inputs.conf - pick one log file if exists, else pick another

Is there a way to configure SplunkForwarder inputs.conf to do the following? The goal is to monitor a few director...

by Path Finder in

Limit/Filter data indexed based on sourcetype volume

Is there a way to limit the number of events indexed for a given sourcetype within a given amount of time? For exa...

by Explorer in

Received unrecognized signature --splunk-cooked-mode-v3--

Hi, I just upgraded two Splunk LWF 4.1.4 to Splunk UF 4.2.1 , other Splunk instances ( middle forwarders and indexers...

by Communicator in

Splunk server Vs Windows agent

Hello, Splunk server in linux and agent in windows. 1)How to check from client or server cofig files ? 2)I cre...

by New Member in

Parse apache access log in transforms.conf

I noticed there are 2 default sourcetype for apache log. However, we are using a different format in out apache web s...

by Contributor in

How to create sourcetype for different type of files in a same folder

hi, Logs is the foldername which I am having two types of files which having same format of data.Since splunk not ...

by Communicator in

How do I find out what prop file is catching my data?

This is a weird one. I uploaded some data one time and I set the sourcetype to "MyStuff" and dropped it into my test ...

by Engager in

Splunk Forwarder

Hi I am trying to evaluate Splunk to monitor log (simple txt format) from directory. I am able to setup everything i...

by Builder in

Storage question

Where does the indexed data gets stored? Do they somehow get reduplicated when the logs are indexed? i.e. I'm plan...

by Communicator in

New line appears in event as "\n" -- how can I replace them with a new line?

I'm working with Nessus vulnerability scanner results such as the following: results|192.168.1|192.168.1.100|gener...

by Communicator in

getting host from file name?

Hi, I have a bunch of files within a directory that I am monitoring. The host is not contained within the data, bu...

by Champion in

Modify event types via API (curl)

I'm trying to script something out to create an event type and then set the permissions on it. I've got the creation ...

by Communicator in

Search with join where comparing event time

I'm trying to detect when a server goes from an error state to operational on our load balancers for an email alert. ...

by Path Finder in

Resource Monitoring

Good day, I want to be able to monitor CPU, Physical and Virtual memory usage of an individual windows service on ...

by Communicator in

How do you know if a forwarder isn't forwarding

What's a best practice way to determine if a forwarder isn't forwarding? We have a setup of about 100 hosts all fo...

by Engager in

ANYCAST redundancy with syslog

Is anyone using Anycast technology to provide syslog redundancy for the forwarders? Anycast idea much like that used ...

by Engager in

Splunk not monitoring IIS log due to Binary data

I'm having a problem getting Splunk to monitor an active IIS log. When I look at the SplunkD log, I see the following...

by Path Finder in

SourceType doesn't show in Search Screen

I've been evaluating Splunk last week: creating SourceType and uploading, indexing files. Fine. Now I switched to ...

by Engager in

Splunk forwarder - local logs to one Splunk server, sourcetype cisco_esa to another

I need to set up a Splunk forwarder to send /var/log/messages and /var/log/secure (with add monitor )from a ...

by Engager in

Disable User Account Control for splunk.exe

Hi! It seems like with the WIndows version of splunk, you must have admin to run splunk.exe, which includes comman...

by Explorer in

Getting Data In

Discussions

SplunkForwarder inputs.conf - pick one log file if exists, else pick another

Limit/Filter data indexed based on sourcetype volume

Received unrecognized signature --splunk-cooked-mode-v3--

Splunk server Vs Windows agent

Parse apache access log in transforms.conf

How to create sourcetype for different type of files in a same folder

How do I find out what prop file is catching my data?

Splunk Forwarder

Storage question

New line appears in event as "\n" -- how can I replace them with a new line?

getting host from file name?

Modify event types via API (curl)

Search with join where comparing event time

Resource Monitoring

How do you know if a forwarder isn't forwarding

ANYCAST redundancy with syslog

Splunk not monitoring IIS log due to Binary data

SourceType doesn't show in Search Screen

Splunk forwarder - local logs to one Splunk server, sourcetype cisco_esa to another

Disable User Account Control for splunk.exe

Syslog and field extraction(regex)

Is it possible to configure zoom or Teams add-on o...

Specifiy input stanzas by host

how to hide "ALL" from selecting in dashboards pag...

Salesforce Add-on - Lost my server and trying to r...