Getting Data In

Discussions

Thread Info

How do I add a UDP 514 input to collect logs on CentOS?

How do i add a UDP 514 input to collect logs on the splunk server side and i am running splunk as root in the centos

by Path Finder in

$SPLUNK_HOME/etc/local/default use?

I have an app (Cloudpassage) that instructs to put a props.conf file in $SPLUNK_HOME/etc/local/default . I am not fam...

by Path Finder in

how to allow splunk to connect UDP 161 port in Linux?

hi i am working on a splunk project and i am using centos as my operating system, i just need help on how to allow...

by Path Finder in

Possible conflict between the "props.conf" documentation and the "Route and filter data" documentation?

http://docs.splunk.com/Documentation/Splunk/6.2.3/Admin/Propsconf TRANSFORMS-<class> = <transform_stanza_name>, <t...

by Influencer in

How do I find the custom sourcetypes I created to use in my app?

Hello, I need help. How do I find sourcetypes that I made? I want to use them in my app. I made some custom sourc...

by New Member in

How to test that Splunk has access to UNC input?

We have Splunk on Windows instance that is used to monitor UNC input like \\server123\share4 This worked well until t...

by Communicator in

Amount of data sent by forwarder Vs Amount of data indexed Vs License usage Vol. Vs Size of Indexed data on Disk

Amount of data sent by forwarder Vs Amount of data indexed Vs License usage Vol. Vs Size of Indexed data on Disk i...

by Motivator in

A host reported in the metadata doesn't seem to have sent any event. Why?

I'm not really used to splunk so maybe this question is silly but let's see. I'm doing the following search, with ...

by Engager in

mvcombine ignores specified delimiter

My apologies for the duplicated question - I wasn't sure whether I could tag my particular situation re- mvcombine no...

by Path Finder in

Why is our Splunk 6.0.5 Universal Forwarder (HPUX) not contacting our Splunk 6.2.3 Deployment Server, even if connectivity exists.

I have installed Splunk Universal forwarder 6.0.5 in HPUX B.11.11 U 9000/800 box. We are using deployment server (...

by Communicator in

How to correlate multiple CSV files using different columns?

Hi all. I have almost 6 CSV files extracted from a running system where i can't access the backend to install a fo...

by Builder in

variance betweeen _time and date_* fields

I've got a situation where different date elements are providing inconsistent results for the same time data. I suspe...

by Explorer in

Help to find daily indexed data size by each index

Need your help, Can you please tell us, how to find daily indexed data size by each index?

by Builder in

How do I know if my application is used on desktop vs mobile

Hi there I want to log information to understand if my application is heavily used on desktop or mobile or tablet..!!...

by New Member in

What is recommended to prevent broken multiline events that are caused by a delayed output from a command?

About The log file is overwritten each time, therefore the MUST_NOT_BREAK_AFTER in the current definition does wor...

by Contributor in

Heavy forwarders are not auto load-balancing evenly

I'm having a problem right now where I'm not seeing an even distribution across my indexers. I have 21 indexers (inde...

by Explorer in

Missing events from monitored logs

Hi all, We have realised recently that one of our application logs is missing a large number of events. This was e...

by Communicator in

After a Disaster Recovery switchover, why did Linux universal forwarders running Splunk 6.1.1 not pick up new logs in the monitored directory?

Hi all, Recently we performed a Disaster Recovery switchover. It was found out after the switchover that none of t...

by Communicator in

How do I change the NIC that Splunk Universal Forwarder uses to communicate?

I want to change the NIC that the Splunk Universal Forwarder communicates and sends data through if the server has mu...

by Explorer in

Why am I unable to forward Linux syslog to my Splunk indexer with my current configuration?

Hi, I'm trying to forward /var/log/anaconda/syslog from my linux machine to my splunk indexer, but it's not comin...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do I add a UDP 514 input to collect logs on CentOS?

$SPLUNK_HOME/etc/local/default use?

how to allow splunk to connect UDP 161 port in Linux?

Possible conflict between the "props.conf" documentation and the "Route and filter data" documentation?

How do I find the custom sourcetypes I created to use in my app?

How to test that Splunk has access to UNC input?

Amount of data sent by forwarder Vs Amount of data indexed Vs License usage Vol. Vs Size of Indexed data on Disk

A host reported in the metadata doesn't seem to have sent any event. Why?

mvcombine ignores specified delimiter

Why is our Splunk 6.0.5 Universal Forwarder (HPUX) not contacting our Splunk 6.2.3 Deployment Server, even if connectivity exists.

How to correlate multiple CSV files using different columns?

variance betweeen _time and date_* fields

Help to find daily indexed data size by each index

How do I know if my application is used on desktop vs mobile

What is recommended to prevent broken multiline events that are caused by a delayed output from a command?

Heavy forwarders are not auto load-balancing evenly

Missing events from monitored logs

After a Disaster Recovery switchover, why did Linux universal forwarders running Splunk 6.1.1 not pick up new logs in the monitored directory?

How do I change the NIC that Splunk Universal Forwarder uses to communicate?

Why am I unable to forward Linux syslog to my Splunk indexer with my current configuration?

Announcing General Availability of Splunk Incident Intelligence!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Why are we missing Windows "WinEventLog:Security...

SSL: UNKNOWN_PROTOCOL Error with Gitlab Auditor TA

Help with MSSQL JDBC driver incompatibility error?

How to configure Azure functions to pass the loggi...

Is it possible to send Jenkins custom logger to Sp...