Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

file descriptor cache is full - trimming...

Hi, I'm getting a lot of "File descriptor cache is full (100), trimming..." messages on a couple of my windows ser...

by Champion in

Host and OS type

How do I phrase a search to give me all the machines sending data and their OS type?

by Engager in

Splunk Index is slow or delayed

The issue I'm having is with an index and real time reporting that uses that index. We currently use Rabbit MQ to sen...

by New Member in

SplunkUniversalForwarder: Cooked connection to ip=192.168.0.115:9997 timed out

I installed Splunk on my laptop and wanted to receive the logs from 2 other desktops. So on these desktops I installe...

by New Member in

Unable to find the source file

hi, I have this source showing in the splunk source=/opt/splunk/var/spool/splunk/singlehost.sample.sav But when...

by Path Finder in

I can not set the timezone.

Hi. With some network devices to the server Splunk receives syslog-events. Time on these devices is set to GMT. Event...

by Engager in

TIME_PREFIX regex help

Hi, I seem to be incapable of figuring out what regex to provide in the TIME_PREFIX for my source type in order to...

by Explorer in

Problem running Custom Script

Have created a custom Perl script, added it to commands.conf - it finds the script just fine. The script outputs the ...

by Path Finder in

Setting up syslog on a wireless router

I have configured Splunk to capture syslog data on UDP:514 of my router but do not see any log data being captured, n...

by New Member in

keep some events and discard the rest

i have a huge log file with events, i need to keep around 20-30 events and discard the rest. I have used a stanza in ...

by Engager in

Index files in order of timestamp or record file timestamp as a field

I'm indexing a bunch of CSV files provided by an external vendor over ftp ( mapped or synched to my local drive ) the...

by Explorer in

How to test succesful Universal Forwarder installation?

I've installed the universal forwarder on a windows client to forward the data to my central log collecter which is a...

by New Member in

Can the universal forwarder route based on field found in the log message?

A file I am monitoring looks something like the following [timestamp] index=layer1 message="123456" [timestamp] in...

by Communicator in

Is it possible to manage Forwarders with mounted knowledge bundles?

I'm considering a Splunk cluster setup, where the Search Heads and Indexers (Peers) will be managed using mounted kno...

by New Member in

search/jobs/export does not return results with empty column headers

I using the following command to retrieve a particular macro search result. curl -k -u admin:admin https:// ...

by Engager in

Monitoring files from multiple inputs

How can I set my monitor in inputs.conf so that both of these directories are monitored- 1./var/lib/usr 2. /var/lib/n...

by Engager in

Exchange App (Lookup - Database Information) not working

I'm setting up the Exchange App, data is received in the correct indexes however I'm not seeing data in all the dashb...

by Path Finder in

How would you determine if data is pre-parsed?

We have three (Windows 2008 R2) domain controllers sending events to a single Splunk collector. We need to reduce ou...

by Explorer in

Timestamp detection fails

I try to parse out the timestamp of this line: Jun 3 17:39:09 svlog.myserver.net svdcdev 04/29/2013 09:14:37 AM ...

by Contributor in

Scripting Question

I am looking for some assistance to be able to script this lookup for windows systems tasklist /fo csv /v any i...

by Path Finder in

Getting Data In

Discussions

file descriptor cache is full - trimming...

Host and OS type

Splunk Index is slow or delayed

SplunkUniversalForwarder: Cooked connection to ip=192.168.0.115:9997 timed out

Unable to find the source file

I can not set the timezone.

TIME_PREFIX regex help

Problem running Custom Script

Setting up syslog on a wireless router

keep some events and discard the rest

Index files in order of timestamp or record file timestamp as a field

How to test succesful Universal Forwarder installation?

Can the universal forwarder route based on field found in the log message?

Is it possible to manage Forwarders with mounted knowledge bundles?

search/jobs/export does not return results with empty column headers

Monitoring files from multiple inputs

Exchange App (Lookup - Database Information) not working

How would you determine if data is pre-parsed?

Timestamp detection fails

Scripting Question

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

Where does token gets stored when created by splun...

How does one ingest Email Metadata into Spunk Ent....

WebTools Add-on with Splunk cloud

config files for loading attack datasets from Splu...

VMware 7 Upgrade causing more volume

Getting Data In

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >