Getting Data In

Discussions

Thread Info

Troubleshooting Universal Forwarder on Linux

When I try to add my indexer to the configuration of my linux box where I have installed the universal forwarder, it ...

by Engager in

Frozen Time Period in seconds based on Sourcetype

Why cant I choose a source type of an index instead of the whole index to move my index data from the specific source...

by Builder in

Best way to debug indexing based on props.conf

Im having issues and I know its related to props.conf, but I have over 100 regexes and I dont want to test each one, ...

by Builder in

Why is the fschange monitor being deprecated?

The Splunk 5 release notes say the fschange monitor is being deprecated? Why is Splunk dropping one of the better sec...

by Builder in

delete command timesout and is very slow

I have old sources that were indexed in splunk. I'm trying to delete them but the | delete command is very slow and i...

by Explorer in

File path does not exist

I am facing problem with adding a remote file on a windows server. Keep getting 'File path does not exist' error mess...

by Communicator in

Best way to log to SPLUNK

Hello there, I am using the nlog logging framework for my C# applications. Does anybody know of a logging target s...

by Explorer in

listing the starting and ending time for a field value

hi, my log contains several users and i have to create a text report or a table listing the starting and ending time ...

by Builder in

How to get host name in syslog

I am sending data from forwarder to indexer to Heavy forwarder to syslog, in sylog I am getting Heavy forwarder host...

by Builder in

Techniques for limiting size of windows event logs

Hi, We currently have a number of servers that have the universal forwarder installed and set to forward to an Ent...

by New Member in

Problem indexing .sdf logs

Our enviroment consist of splunk light forwarder > intermediate forwarder > indexer. I'm trying to index the .sdf...

by Splunk Employee in

IIS Monitor causing tail errors on universal forwarder

I added this to my inputs.conf: [monitor://C:\WINDOWS\system32\LogFiles\W3SVC*\] disabled = false followTail = 0 r...

by Builder in

Indexing and extracting fields from IIS 7.5 logs

Hello I am having a difficult time getting Splunk to recognize fields from my IIS 7.5 logs. I know that there are man...

by Path Finder in

steps to get the scripted input of curl http request

what is the best way to get the data in using curl http://myhost/mylog.log

by New Member in

Can Heavy Forwarder perform remote WMI data collection?

My question is, can a Heavy Forwarder perform remote WMI data collection or this feature requires an Indexer? I ha...

by Communicator in

splunk-perfmon.path (sic?)

Hi, As I'm installing TA's on windows hosts, I see that the PerformanceMonitor source is specified as [script:/...

by Builder in

indexing the data

Hi all, while adding the input data to the splunk at final stage it has some three options as, 1.)Continuously ...

by Communicator in

Event filtering issue

Hello, i'm going to be crazy !! I have an eventlog i need to filter in order to not index some events, after many ...

by New Member in

Splunk indexing rate high with no new files in directory monitor

We are "monitoring" a directory on a Splunk indexer host. This is the only input on this particular indexer. The inde...

by Explorer in

Splunk for Exchange - Database information not showing

Hello, We are int he process of setting up Splunk for Exchange App and we seem to has it running, somewhat correct...

by New Member in

Getting Data In

Discussions

Troubleshooting Universal Forwarder on Linux

Frozen Time Period in seconds based on Sourcetype

Best way to debug indexing based on props.conf

Why is the fschange monitor being deprecated?

delete command timesout and is very slow

File path does not exist

Best way to log to SPLUNK

listing the starting and ending time for a field value

How to get host name in syslog

Techniques for limiting size of windows event logs

Problem indexing .sdf logs

IIS Monitor causing tail errors on universal forwarder

Indexing and extracting fields from IIS 7.5 logs

steps to get the scripted input of curl http request

Can Heavy Forwarder perform remote WMI data collection?

splunk-perfmon.path (sic?)

indexing the data

Event filtering issue

Splunk indexing rate high with no new files in directory monitor

Splunk for Exchange - Database information not showing

f5 Silverline ASM

OKTA TLS requires TLS/cipher

Index Field Transform not Catching Every Event

splunk-connect-for-kubernetes breaking on every ne...

Need an idea how to reduce Symantec Web Security S...