Getting Data In

Discussions

Thread Info

How to override and change incoming source and host names with JSON source and host fields?

I have JSON fields for source and host which I would like to use to override the incoming source and host. What is th...

by Path Finder in

How to retrieve JSON formatted data from a web server with authentication?

Hi there, i have a Restful API that returns data in JSON format. I would like to retrieve this data into Splunk. The ...

by Explorer in

How to configure props.conf and transforms.conf to select events containing a string of words?

I have scoured the 'Net, Splunk docs and the Answers and found lots of good information on setting up my indexer filt...

by Explorer in

Is it possible to configure a Splunk forwarder from my Splunk server?

Hi. I want to configure the splunk forwarder from my splunk server. is it possible? thanks a lot!

by Engager in

Why am I getting sourcetype errors after trying to configure Splunk to parse json and proper timestamp recognition?

Hi, I am trying Splunk and try to evaluate it as a tool for managing the logs of our in-house applications. I am uplo...

by Engager in

Universal Forwarder not able to read all logs

Here is my input.conf: [monitor:///var/log] crcSalt = disabled = false index = main From this it should recurs...

by Explorer in

Where do I start to look for Forwarder issues?

I have a a number of light weight forwarders pointing to a single heavy forwarder point which in turn points to a sin...

by Explorer in

Filter strings of event before index

Hi, as i'm new to using Splunk, i would like to know how to filter the string "2013-09-20 16:53:00, 231 Success trans...

by Engager in

Is it possible to forward filtered data from one indexer to another? If yes, how?

We have a business need that requires a filtered set of data from one indexer be shipped offsite to another indexer. ...

by New Member in

How to search for a source file with a timestamp in the name?

HI, I have files everyday with timestamp automatically like report_3nov2014.csv report_4nov2014.csv report_5nov2014....

by Path Finder in

How do I setup a field extract, field transform to change sourcetype?

I am struggling with the relationship between the field extract and the field transformation with regards to sourcety...

by Engager in

Splunk Cloud: Why are event timestamps not being extracted from JSON data, using the event's index time instead?

Per: http://docs.splunk.com/Documentation/Storm/Storm/User/Sourcesandsourcetypes I've tried sending JSON events to...

by Splunk Employee in

How can I get oldest event per host from metadata

Hi, Is there a way to get the oldest event dates for certain hosts using metadata?

by Champion in

How to run simple shell script on Forwarding agent and send the standard output to Splunk indexer?

Looking to run a script every minute on the splunk forwarders and would like to send the standard output to the splun...

by Explorer in

AD Schema - Inaccurate in v6 for pwdLastSet badPasswordTime lastLogon lastLogonTimestamp

Issue is using 'admon' input on Windows with Splunk 6.x some of the key column for AD Schema are wrong, this seems li...

by Splunk Employee in

Can a universal forwarder run a script? If yes, is there a way to control when it runs?

Hi, Can a UF run a script? If so, is there any way to control when it runs?

by Champion in

Can you use directory monitors in a cluster configuration?

We have tried using the Universal Forwarder for sending logs from one of our servers to our Splunk indexer cluster us...

by Path Finder in

How to forward select events from one indexer to another indexer?

by New Member in

Internal field for originating forwarder

Is there a way to see the originating forwarder for a specfic event? I haven't found any internal/metadata fields. Th...

by Motivator in

How to determine what is causing a Splunk indexer to consume more than 10% of the daily license?

My environment generates on average about 12GB of logs daily (out of a license for 20GB). The Splunk indexer is gener...

by Communicator in

Getting Data In

Discussions

How to override and change incoming source and host names with JSON source and host fields?

How to retrieve JSON formatted data from a web server with authentication?

How to configure props.conf and transforms.conf to select events containing a string of words?

Is it possible to configure a Splunk forwarder from my Splunk server?

Why am I getting sourcetype errors after trying to configure Splunk to parse json and proper timestamp recognition?

Universal Forwarder not able to read all logs

Where do I start to look for Forwarder issues?

Filter strings of event before index

Is it possible to forward filtered data from one indexer to another? If yes, how?

How to search for a source file with a timestamp in the name?

How do I setup a field extract, field transform to change sourcetype?

Splunk Cloud: Why are event timestamps not being extracted from JSON data, using the event's index time instead?

How can I get oldest event per host from metadata

How to run simple shell script on Forwarding agent and send the standard output to Splunk indexer?

AD Schema - Inaccurate in v6 for pwdLastSet badPasswordTime lastLogon lastLogonTimestamp

Can a universal forwarder run a script? If yes, is there a way to control when it runs?

Can you use directory monitors in a cluster configuration?

How to forward select events from one indexer to another indexer?

Internal field for originating forwarder

How to determine what is causing a Splunk indexer to consume more than 10% of the daily license?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

How to configure 3rd party ssl-certificates to use...

Phantom Integration with splunk

Gsuite For Splunk can't receive login report

Azure Event Hub messages coming to Splunk as multi...

Add-on for MS Office 365 question

Getting Data In

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>