Getting Data In

Discussions

Thread Info

Heavy forwarder filters

Hi, I want to filter some events in my heavy forwarder device. I want discart events what contain "PIX" but it is ...

by Explorer in

outputs.conf direct to indexer based on index

I'd like to install the LFC on several hosts have them forward data to one of two indexers based on the index the dat...

by Contributor in

Why are null characters ("\x00") appearing in events assigned a sourcetype by a forwarder?

I have a forwarder (4.2, build 96430) set up on one server to forward logs to two indexers (4.3, build 115073). When ...

by Explorer in

Splunk DB Connect

Hi my team Manager has installed Splunk DB Connect App,how can i figure if he has installed the Database drivers. ...

by Contributor in

Where does the Universal forwarder cache its data if the indexer is down?

by Explorer in

Splunk for Network Device Monitoring

Hi Can Splunk forwarders be installed on network switches to capture data? I have a CISCO network switch from which I...

by Communicator in

DBConnect question

This is a questions comming from a current Splunk customer on DBConnect. They have an in house component developed...

by Splunk Employee in

Forwarded TZ won't be "translate" in own TZ

Hello everyone, I have following problem: I oberserve one host with splunk. The host has the timezone GMT+1:00....

by Path Finder in

Splunk - Flat file - Field Extraction - Transforms.conf

Hi, I want to extract the fields using transforms.conf from a flat file. The file contains the following fields. Ther...

by Motivator in

Why my inputs.conf doesn't run?

I have a starter_script.bat in $splunk_home\etc\apps\MyApp\bin, and its content are: @echo off python "C:\Program Fil...

by Explorer in

Select distinct events

Hello, I need to go over every item in our syslogs so I was wondering - how would I do the equivalent of a "select...

by Engager in

timestamps and timezones

Why does Splunk not transform the event's timestamp to my browser's locale? Am I wrong that this is not the case?

by New Member in

Multiple copies of Windows Log Events in Splunk

Hi, We are working on events from the Windows event logs using an Universal Forwarded on our server and Splunk Ent...

by New Member in

Highly Available Forwarder?

Anyone have highly available forwarders deployed? Looking for the 'best' solution. Hate to drop logs during maintenan...

by Explorer in

Universal Forwarder upgrade

Is the 6.0.2 Universal forwarder compatible with the 6.0.1 indexer? In other words, are the latest universal forwa...

by Explorer in

Multiple File Locations to Single Sourcetype

I currently have two methods of collecting IIS logs, Syslog & UF. As IIS can have multiple log locations depending on...

by Contributor in

New install fails to start - Splunk Universal Forwarder

I have successfully installed and configured Splunk and forwarders on OSX and Ubuntu systems but I have two Ubuntu sy...

by Engager in

timestamp question

hI, Setting up a syslog feed and run into something that I haven't yet: 2014-03-17T02:02:26-04:00 What does ...

by Champion in

Deleting Data Source.

I have created a new data input using files and directories option in splunk web. I have put 3 excel files. Later I h...

by Path Finder in

Delete/clean all the contents of splunk

Hi. How to delete/clear all the indexed events,saved searches.How to make it brand new as it was after installing ...

by Contributor in

configuring a pass-through

Hi, I want to setup a universal forwarder send events to a heavy forwarder (lots of events, with lots of parsing) ...

by Champion in

Exchange 2010 Mailbox Audit Logs

Is Splunk able to collect exchange 2010 mailbox audit logs from each mailbox and how? The mailbox audit logs are writ...

by New Member in

Splunk Not indexing data

Hello It looks like the HF's which are parsing our syslog data are not able to do it. I see all these errors. ...

by Motivator in

Database to file

Hi, Is there a way to extract data from an database on regular intervals & save it in an file which can be supplie...

by Contributor in

Indexing a syslog file - doesnt give expected output

Raw Logs: Fri Mar 14 11:16:16 2014$SERVICEALERT$HOST1$SERVICE1$OK$PROCS OK: 1 process OK Fri Mar 14 11:17:11 2014$...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Heavy forwarder filters

outputs.conf direct to indexer based on index

Why are null characters ("\x00") appearing in events assigned a sourcetype by a forwarder?

Splunk DB Connect

Where does the Universal forwarder cache its data if the indexer is down?

Splunk for Network Device Monitoring

DBConnect question

Forwarded TZ won't be "translate" in own TZ

Splunk - Flat file - Field Extraction - Transforms.conf

Why my inputs.conf doesn't run?

Select distinct events

timestamps and timezones

Multiple copies of Windows Log Events in Splunk

Highly Available Forwarder?

Universal Forwarder upgrade

Multiple File Locations to Single Sourcetype

New install fails to start - Splunk Universal Forwarder

timestamp question

Deleting Data Source.

Delete/clean all the contents of splunk

configuring a pass-through

Exchange 2010 Mailbox Audit Logs

Splunk Not indexing data

Database to file

Indexing a syslog file - doesnt give expected output

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!