Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Mapping syslog events with IP adresses through DHCP events

Hi, I'm indexing DHCP and Syslog events. To make it for the network administrators a lot easier when they have to ...

by Explorer in

AD Monitoring - Help?

Hi, I have just installed a splunk trial, that is monitoring AD events and Windows Security logs of the DC. My que...

by New Member in

Is it possible to make Splunk use the HOSTNAME field instead of the fromHost field with syslog events?

As stated above, we have noticed that Splunk is setting the hostname index for syslog events to the value of the from...

by Path Finder in

Bluecoat log with domain-based sorting possible?

For example, I would like to group all the following URLs under google: docs.google.com, maps.google.com, www.google....

by New Member in

How to collect perf counters of type average or per second?

Hi Everybody, I have a WMI Perf counter query that always returns zero in splunk-wmi.exe for counters with the fol...

by Explorer in

Java Splunk REST API SDK

May i know where i can find more documentation on Java Splunk REST API SDK besides the docs provided here?

by Communicator in

Solaris install without root

This has probably already been asked, so please forgive me for duplicating. I am trying to install the splunk forward...

by Engager in

Can phyton script modify a log event on the fly in a universal forwarder?

Can a phyton script modify a log event on the fly in a universal forwarder? For example: file.log: timestamp...

by Motivator in

Parser finding time but not date.

I have an event that starts something like this: 2012-03-20 06:07:00.000,BLANK,11.12.13.14,,,IP,Linux hostname 2.6...

by Path Finder in

Creating field extraction

I would like to create a new field extraction through props.config for search app. For example i want to retrieve a c...

by Communicator in

Accessing Splunk's configuration files via REST?

Can i access the Splunk's configuration files throught the Splunk's REST API?

by Communicator in

File based Transform/Props not working

My log snippet is as shown below: productid=12 email=abc@gg.com productid=13 email=pqr@aa.com productid=14 email=x...

by Path Finder in

IIS FTP LOG TIMEZONE PROBLEM

Using IIS FTP Server, Server 2008 RC2. FTP log format is W3C (UTC Timestamps). Splunk pulls the logs (entries) in jus...

by Engager in

host override from a forwarder

Hi all. I've got a 4.3 universal forwarder pointing to a 4.3 indexer, both on CentOS. The forwarder is monitoring a f...

by Path Finder in

Problem with hostname field for Windows inputs

Has anyone run into this? I've opened a case with Support but I thought I'd ask here as well. None of the Windows ...

by Path Finder in

Case sensitivity on universal forwarder hostname

I have a universal forwarder (4.2.2) setup that sends text logs, event logs and WMI counters. When the data gets i...

by Path Finder in

Splunk Suddenly Stops Indexing

I'm new to Splunk - as in this morning - but have been shown around it a few times. I've just downloaded the free ver...

by Communicator in

How can I make splunk universal forwarders treat each newline as a separate event

Hi, my setup is two nodes, each has a Splunk Universal Forwarder which reads a logs directory and sends those logs to...

by New Member in

Need help with indexing xml file.

I have XML in the following format that just refuses to break where I want it to -- <Object Type="Microsoft.Excha...

by Champion in

host_regex syntax for SMB share?

I need a syntax example for host_regex to pull the hostname out of a share like the following: [monitor://\\norcal...

by Champion in

Getting Data In

Discussions

Mapping syslog events with IP adresses through DHCP events

AD Monitoring - Help?

Is it possible to make Splunk use the HOSTNAME field instead of the fromHost field with syslog events?

Bluecoat log with domain-based sorting possible?

How to collect perf counters of type average or per second?

Java Splunk REST API SDK

Solaris install without root

Can phyton script modify a log event on the fly in a universal forwarder?

Parser finding time but not date.

Creating field extraction

Accessing Splunk's configuration files via REST?

File based Transform/Props not working

IIS FTP LOG TIMEZONE PROBLEM

host override from a forwarder

Problem with hostname field for Windows inputs

Case sensitivity on universal forwarder hostname

Splunk Suddenly Stops Indexing

How can I make splunk universal forwarders treat each newline as a separate event

Need help with indexing xml file.

host_regex syntax for SMB share?

Getting Data from OpenVMS into Splunk Cloud

when to use http event collector api to create ven...

Splunk cloud and Microsoft Infrastructure

How to match join on certain conditions within the...

Prevent duplicates from generic S3 input