Getting Data In

Discussions

Thread Info

Blacklisting certain data from replicating in a bundle

We are receiving replication failures several times a day between our searchhead and various indexers. From what I un...

by Explorer in

Java bridge not running - jbridge.log has SSL Exception Received fatal alert: bad_record_mac

Splunk 6.1 and Splunk DB Connect 1.1.6 - Added java home path manually via config file, but java bridge wouldn't star...

by Splunk Employee in

Can you Filter on remote servers prior to the log transfers to Splunk Indexer?

Can I set up props.conf and transform.conf files on a remote server to null out entries in a log prior to them gettin...

by Path Finder in

How do you install and configure a Splunk Universal Forwarder on OS X?

Hello, I need help installing the Universal Fowarder for OS X as well as configuring it. Is there a guide online t...

by Engager in

Best way to import geolocations info and use it in maps?

I'm curious whether there is a preferred way of getting the geolocation data in and using it in the searches. We are ...

by Builder in

How do I get a Splunk script to run on all universal forwarders in my environment?

I'm trying to get a script to run on all of the servers I have universal forwarders on. When I setup my script I went...

by Path Finder in

Splunk to monitor cPanel WHM web servers running on CentOS5.5

Has anyone used configured splunk to monitor their WHM /cPanel web servers. Did they encounter any problems with the ...

by New Member in

How to compare a list of disabled users from Source A to a list of application users from Source B, both with different field names for the user account?

Hi, the purpose of my search would be to compare two sources (they are both CSV files) to ensure there are no disable...

by Path Finder in

How to create an app with forwarder and index configurations and push out these configs to collect data?

I want to create an app with forwarder and index configurations and push these configs to collect data from a particu...

by Explorer in

Are "_meta"-entries still supported in inputs.conf?

I've configured inputs.conf on a universal forwarder with [monitor:///somefile.log] _meta = testkey::testvalue [monit...

by Engager in

How to edit my universal forwarder's monitor configuration for a single log file to prevent indexing events over and over again?

Hello, We try to monitor a single Logfile with a Splunk Universal Forwarder on a Windows Server 2008 R2 Server. In...

by Communicator in

After indexing slowed down due to available space, how can I speed up Splunk forwarding and indexing to catch up?

There was a problem with available space for indexing and it had slowed down. But once the problem was fixed, the ind...

by Path Finder in

The lines of some json are joining

My logs are joining in some events and with that I'm missing values that I later adding, for splunk only counts as va...

by Explorer in

splitting /splunk/frozen volume

Hi, In my environment we have so many index servers Eg:8 idx servers. All servers are mounted with one nfs volume ...

by New Member in

IOSTAT How do i get Disk iops out?

Im hoping this is a simple one but its driving me mad! Comparing CPU usage against Disk iops. Using iostat as t...

by Explorer in

Why is FSChange (file system change monitor) a deprecated feature in Splunk 5.0?

Why is FSChange a deprecated feature in Splunk 5.0?

by Builder in

Is it possible to open a txt file from the Splunk framework and write on it?

Hi everyone, Can I open a file from the splunk framework, a txt file, and write on it? Thank you,

by Communicator in

Read error. Either the application has not called WSAStartup, or WSAStartup failed.

I am getting the below error in splunkd.log 04-16-2014 05:20:42.782 +0000 ERROR TcpOutputFd - Read error. Either t...

by Motivator in

Splunk DB Connect: How to configure an input to properly index a database column that can have a multiline field?

Hello , I am using Splunk DB Connect to input data to an index in splunk. I have the raw data below that I can ob...

by New Member in

Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

I upgraded from 6.0 to 6.1 this morning and received the following message in a window titled "Force ACLs": Splunk...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Blacklisting certain data from replicating in a bundle

Java bridge not running - jbridge.log has SSL Exception Received fatal alert: bad_record_mac

Can you Filter on remote servers prior to the log transfers to Splunk Indexer?

How do you install and configure a Splunk Universal Forwarder on OS X?

Best way to import geolocations info and use it in maps?

How do I get a Splunk script to run on all universal forwarders in my environment?

Splunk to monitor cPanel WHM web servers running on CentOS5.5

How to compare a list of disabled users from Source A to a list of application users from Source B, both with different field names for the user account?

How to create an app with forwarder and index configurations and push out these configs to collect data?

Are "_meta"-entries still supported in inputs.conf?

How to edit my universal forwarder's monitor configuration for a single log file to prevent indexing events over and over again?

After indexing slowed down due to available space, how can I speed up Splunk forwarding and indexing to catch up?

The lines of some json are joining

splitting /splunk/frozen volume

IOSTAT How do i get Disk iops out?

Why is FSChange (file system change monitor) a deprecated feature in Splunk 5.0?

Is it possible to open a txt file from the Splunk framework and write on it?

Read error. Either the application has not called WSAStartup, or WSAStartup failed.

Splunk DB Connect: How to configure an input to properly index a database column that can have a multiline field?

Splunk 6.1 upgrade - "Splunk Installer was unable to set the CACLS on the Splunk files. Exitcode='13'

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

JSON with escape character in field name

Has anyone tried sending alerts from Moogsoft to S...

Help with field extraction of CMD output like "net...

Why is event time different from server time?

Is it possible to have scheduled saved search usin...