Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
sc0tt

Is it possible to check sed performance in props.conf?

Is there a way to test the performance of sed scripts running in props.conf? I'm not an expert in regular expressions...
by sc0tt Builder in Getting Data In 04-11-2014
0 3
0
3
nsiva23

which format is efficient for splunk indexing : XML or JSON

Hi Which is best format to index for the splunk indexer XML or JSON... what is recommendation from SPlunk like which...
by nsiva23 Explorer in Getting Data In 04-11-2014
0 1
0
1
kamal2222ahmed

Splunk catalina.out for java.lang.OutOfMemoryError: PermGen space on remote VM

I am trying to setup Splunk to monitor a remote tomcat instance ( catalina.out ) for messages like permGen Running ou...
by kamal2222ahmed Explorer in Getting Data In 04-10-2014
0 6
0
6
mataharry

bucket retention and frozenTimePeriodInSecs

My index has a retention of 6 months with frozenTimePeriodInSecs=15552000. But I still see some events that are olde...
by mataharry Communicator in Getting Data In 04-10-2014
1 2
1
2
xbbj3nj

How to calculate volume of events across various indexes ?

All I want to do is create a query that fetches the below result Day Index-name Volume 4/1 abc 5GB 4/2 abc ...
by xbbj3nj Path Finder in Getting Data In 04-10-2014
0 4
0
4
genemats

Setting a maximum limit on a monitored file

We just had an application bug that spewed millions of duplicate messages into a Splunk monitored logfile. This cause...
by genemats Engager in Getting Data In 04-10-2014
4 3
4
3
gustavomichels

Upgraded Universal Forwarder, log file no longer monitored

Hey all, I'm able to successfully monitor a log file on a Windows server (2008 R2) using the Universal Forwarder whi...
by gustavomichels Path Finder in Getting Data In 04-10-2014
0 1
0
1
MatMeredith

How to index data from a local process

I'm using a Splunk forwarder to forward data from an application running on the same Linux box as my forwarder. Ob...
by MatMeredith Path Finder in Getting Data In 04-10-2014
0 1
0
1
hajducko

Fast way to find size of events on disk for a time period

Often times, we are tasked with deleting data out of an index to trim it down. Generally, we do this by setting the ...
by hajducko Explorer in Getting Data In 04-09-2014
1 5
1
5
bcusick

Universal Forwarder to monitor Windows Event Logs

Hi, This is probably very basic, but I'm not sure where the actual log file sits for Windows Event Logs. Trying to...
by bcusick Communicator in Getting Data In 04-09-2014
0 1
0
1
kbecker

Windows 2008 Server Event Viewer Logs

In the Server 2008 Event Viewer there are now a "Microsoft --> Windows" folders nested under the "Applications and Se...
by kbecker Communicator in Getting Data In 04-09-2014
2 5
2
5
rileyken

need props.conf for custom log

I have a custom log in the format where each new record has a entry followed by a pipe (|) example log: < date time...
by rileyken Explorer in Getting Data In 04-09-2014
0 2
0
2
hagjos43

Can I specify TimeZone (TZ) by Index?

In my props.conf I know I can change: $SPLUNK_HOME/etc/system/local/ and add: [source::xyz123] TZ=US/East...
by hagjos43 Contributor in Getting Data In 04-09-2014
0 2
0
2
msarro

Reconcile hosts from multiple timezones in splunk?

Hey everyone. I'm wondering how this is possible to accomplish - we have windows server farms across numerous timezo...
by msarro Builder in Getting Data In 04-08-2014
1 1
1
1
phoenixdigital

Universal Forwarder block stops all indexing completely

Hi All, We have a customer who could not justify the cost of a clustered solution. So they went down the following r...
by phoenixdigital Builder in Getting Data In 04-08-2014
0 1
0
1
yannK

WinEventLog filters failing :Windows 2003 and splunk 6 SPL-78726

After upgrading my Windows servers 2003 to Splunk 6. I discovered that all my nullQueues filter stopped working, and ...
by yannK Splunk Employee Splunk Employee in Getting Data In 04-08-2014
3 7
3
7
tpsplunk

how do you configure the searchead so it sends summary index data to a summary index defined on distributed indexers?

I want to be able to use the search GUI to create summary index searches, but i want the actual resulting summary ind...
by tpsplunk Communicator in Getting Data In 04-08-2014
1 4
1
4
kenniskoldewyn

Splunk Universal Forwarders attempting to communicate with indexer on wrong network

We've installed and are evaluating Splunk Enterprise 6.0 in a Windows environment (desktops are running Windows 7 Pro...
by kenniskoldewyn Explorer in Getting Data In 04-08-2014
1 6
1
6
aberdamy

Universal forwarder scripted install

Does anyone know if it is possible to automatically add the current_only = [0|1] attribute in a scripted Universal Fo...
by aberdamy Explorer in Getting Data In 04-08-2014
0 3
0
3
rbal_splunk

Unable to Start Splunk Service on Windows- failed with ERROR ConfObjectManagerDB - Cannot initialize: D:\Program Files\Splunk\etc\apps\ learned\metadata\default.meta: The operation completed successfully."

We are able to start splunk services - But getting following error while starting the services in Heavy Forwarder "...
by rbal_splunk Splunk Employee Splunk Employee in Getting Data In 04-07-2014
0 1
0
1
ajaysamantbms

How do I get an alert if my forwarder is not responding? - Monitoring Splunk Forwarder

Recently some of our universal forwarders stopped sending events to indexer? Is there a way to get an alert if forwa...
by ajaysamantbms Explorer in Getting Data In 04-07-2014
0 1
0
1
neiljpeterson

How to know what inputs.conf a given event came from?

So if you have any reasonably complicated deployment, likely you have a fair number of inputs.conf that your UF is re...
by neiljpeterson Communicator in Getting Data In 04-07-2014
0 1
0
1
wanling

user-specific configurations to scripted inputs as input arguments

I am working on a scripted input that requires user-specific configurations (e.g. AccountKey, UserToken) as input arg...
by wanling Path Finder in Getting Data In 04-06-2014
0 2
0
2
rbal_splunk

When running splunkforwarder-6.0.1-189883-x64-release.msi you get an error message -Please re-launch the installer as an Administrator. This is required to configure the installation for remote data collection.

When running splunkforwarder-6.0.1-189883-x64-release.msi you get an error message "Please re-launch the installer as...
by rbal_splunk Splunk Employee Splunk Employee in Getting Data In 04-06-2014
0 1
0
1
ruiaires

Splunk not receiving data from forwarders (needs restart)

We have a Splunk server that is receiving data from more than 10 forwarders. It also receives data directly via UDP a...
by ruiaires Path Finder in Getting Data In 04-05-2014
0 5
0
5
Get Updates on the Splunk Community!

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Index This | What has goals but no motivation?

June 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...
Top Solution Authors
View All