Getting Data In

Discussions

Thread Info

What would happen with the Data already indexed in splunk if the input file or directory is deleted?

Hi I have a general question. What would happen with the Data already indexed in Splunk if the input file or direc...

by Builder in

IndexScopedSearch deleting bad events?

I'm getting the following error: Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at t...

by Communicator in

Deploying an app to read CSV files, why is the Universal Forwarder is only processing settings from system/default/props.conf?

I'm trying to deploy an app to a Universal Forwarder for reading CSV files, the problem is that none of the settings ...

by Path Finder in

Splunk search for NOT IN

I have two sourcetypes A and B with column names Serial and SN respectively To find where there is like a column n...

by Builder in

Is there a good way manage the process of using syslog-ng to write from tcp to disk and then from disk into Splunk?

I'm migrating from using a tcp input to using syslog-ng to write from tcp to disk and then from disk into Splunk. Thi...

by Path Finder in

Line Breaking: Regex not recognized, not breaking using my defined regex

Hi All, I have here log sample which i need to break I already tried LINE_BREAKER and BREAK_ONLY_BEFORE LINE_BR...

by Contributor in

Why does Splunk DB Connect cause duplicate events after a Splunk restart?

I started noticing some duplicate events in my logs recently. As I was curious to know what was happening, I searched...

by Communicator in

How to configure Splunk to recognize the correct timestamp from tshark data output and index all remaining fields properly?

I'm using tshark to carve out and send specific fields to a txt file, in hopes splunk will index it properly. But not...

by Communicator in

Why does a Splunk 5.0.2 universal forwarder ignore monitor stanzas for files ending in ".splunk"?

As weird of a situation as I think this is, I do believe that is what is going on... I had this stanza in inputs.c...

by Communicator in

Forwarder shows extreme lag or latency when sending Windows Security Eventlog data

A Windows 2008R2 Domain Controller in another geographical, and the Security Events are perpetually multiple days beh...

by Splunk Employee in

Why am I seeing a mismatch between Key-Value and Count after ingesting JSON data?

I have ingested JSON data & Splunk has extracted important fields automatically, but I see some mismatch between Key-...

by Builder in

Heavy forwarder as cluster master

Hello splunkers! It is possible to configure heavy forwarder as cluster master? My heavy forvarder forward all da...

by Communicator in

How to configure SSL certificates to securely forward logs from multiple universal forwarders to our indexer server?

Hi, We have a requirement to forward logs from clients (Splunk universal Forwarders) to a server using SSL (tls1.2...

by Influencer in

Splunk DB Connect: Why is the timestamp specified in inputs.conf not being parsed?

Hello, I am trying to import data from a MySQL database. While the import works fine, the time field gets popul...

by Path Finder in

Why isn't the universal forwarder processing all the monitor stanzas in inputs.conf for multiple folders on a Kiwi syslog server?

Newbie question - I have an inputs.conf which is configured to monitor multiple folders on a Kiwi syslog server. Ever...

by Path Finder in

Why are our Cisco Syslog hosts showing up as time zone instead of IP and how do I fix this?

I have recently started sending logs for my Cisco devices to Splunk. Most of my logs show the IP address of the devic...

by New Member in

Why am I getting error "TcpOutputProc - the 'defaultGroup' property contains an invalid group name - heavy_forwarder"?

My end server is not visible in search and i see the below errors in the log. TcpOutputProc - the 'defaultGroup' p...

by New Member in

[AIX] Universal Forwarder requires read access on `/etc/inittab` or else daemon won't start

When installing the Splunk 6.1.1 Universal Forwarder on AIX7.1, splunkd seems to require read access on /etc/inittab ...

by Engager in

on Splunk 5.0

How to add date time range to the dashboard on the Splunk 5.0

by New Member in

Can i use rest API to see the latest result of a saved search?

In the web Interface of Splunk - Saved Searches. One can view the latest result of a saved search. This wil give the ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What would happen with the Data already indexed in splunk if the input file or directory is deleted?

IndexScopedSearch deleting bad events?

Deploying an app to read CSV files, why is the Universal Forwarder is only processing settings from system/default/props.conf?

Splunk search for NOT IN

Is there a good way manage the process of using syslog-ng to write from tcp to disk and then from disk into Splunk?

Line Breaking: Regex not recognized, not breaking using my defined regex

Why does Splunk DB Connect cause duplicate events after a Splunk restart?

How to configure Splunk to recognize the correct timestamp from tshark data output and index all remaining fields properly?

Why does a Splunk 5.0.2 universal forwarder ignore monitor stanzas for files ending in ".splunk"?

Forwarder shows extreme lag or latency when sending Windows Security Eventlog data

Why am I seeing a mismatch between Key-Value and Count after ingesting JSON data?

Heavy forwarder as cluster master

How to configure SSL certificates to securely forward logs from multiple universal forwarders to our indexer server?

Splunk DB Connect: Why is the timestamp specified in inputs.conf not being parsed?

Why isn't the universal forwarder processing all the monitor stanzas in inputs.conf for multiple folders on a Kiwi syslog server?

Why are our Cisco Syslog hosts showing up as time zone instead of IP and how do I fix this?

Why am I getting error "TcpOutputProc - the 'defaultGroup' property contains an invalid group name - heavy_forwarder"?

[AIX] Universal Forwarder requires read access on `/etc/inittab` or else daemon won't start

on Splunk 5.0

Can i use rest API to see the latest result of a saved search?

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Help with MSSQL JDBC driver incompatibility error?

How to configure Azure functions to pass the loggi...

Is it possible to send Jenkins custom logger to Sp...

Why do I receive SSL alert number 40 with selfsign...

Why am I unable to call HEC instance from Splunk C...