Getting Data In

Discussions

Thread Info

Retrieve original source value after override?

I have overridden the source values from the default log file path to custom names like "AppLog", "MaintenanceLog", e...

by Explorer in

metadata via REST API

Guys, From the Search app I do the following search: | metadata type=hosts This correctly yields a table of t...

by Path Finder in

Host name in WMI:LocalProcesses

Our splunk has the windows app installed and we look at the WMI:LocalProcesses source for process monitoring. We have...

by Path Finder in

Cannot overwrite sourcetype and source from _raw

Hi All, I'm having a transforms.conf and props.conf override issue. inputs.conf: [tcp://10000] connection_hos...

by Explorer in

Similar events

Hello, I am quite a new user of splunk and have a question. Is there any way of having splunk to match data that i...

by Engager in

Deployment and Indexing Strategy for Large csv Lookup Files

We have a 125MB lookup table as a .csv file with 1.5M rows. This table is re-generated on the Search Head every 4 hou...

by Communicator in

Where do I download the new 4.2 Universal Forwarder?

At the download page I was expecting to see the Universal Forward tarball along with the core Splunk release but it i...

by Splunk Employee in

Syslog segregation and how pasing works when it is a syslog?

Is it possible to segregate the logs by redirecting everything to the routers via Syslog(other server Syslog to route...

by New Member in

WMI:WinEventLog:Security - make it stop

Hey all, How do I turn off the local windows splunk server from logging: S-SPLUNK.domain.com WMI:WinEventLo...

by Contributor in

multirecord key/value input

I have a script that dumps data several lines at a time, each line has a set of key/value pairs eg: server=host1.b...

by New Member in

source as fieldname

Some of the logs I'm tracking use source as a fieldname within the log. E.g.: 2011-06-14 17:17:48.028 s=10 source=...

by Explorer in

IE script pop up issues since 4.1 upgrade

Since upgrading to 4.1 we are having issues performing searches. We constantly get IS (and FireFox) pop up warnings '...

by Engager in

break up events based on pid?

I assume there is no way to do what I want, but I figured I'd ask anyway. I have a background job processor that logs...

by Path Finder in

Capture Forwarded syslog events from a syslog server

I have setup a forwarder on a syslog-ng server to an indexer which is my webhead. I have setup an index (host-syslog)...

by Explorer in

Cannot filter WMI events to nullQueue in 4.2.x

I am sending some events to the nullQueue and it used to work in 4.0.x and 4.1.x, but now it is not sending any event...

by Splunk Employee in

Blank source and sourcetype?

I thought Splunk always assigned a source and at least guessed a sourcetype for ALL data. Why am I seeing data in ...

by Motivator in

Single events are combined into multi-line events

Hello, I have a log file that is being indexed and many of the lines show up combined into multi-line events howev...

by Explorer in

Configuring Apache log data forwarding

I have a linux web server (Ubuntu 10.04 x64) that I would like to forward apache log data from. I have installed the ...

by Engager in

When using volumes, does Splunk count only index files or others too?

Question regarding 4.2+'s abililty to put a maxVolumeDataSizeMB on an arbitrary path, call it a volume, and put index...

by Motivator in

Scripted Inputs via Separate Outputs

Is it possible to have two scripted inputs on a light forwarder (raw data) sent out to two different remote ports in ...

by Communicator in

Getting Data In

Discussions

Retrieve original source value after override?

metadata via REST API

Host name in WMI:LocalProcesses

Cannot overwrite sourcetype and source from _raw

Similar events

Deployment and Indexing Strategy for Large csv Lookup Files

Where do I download the new 4.2 Universal Forwarder?

Syslog segregation and how pasing works when it is a syslog?

WMI:WinEventLog:Security - make it stop

multirecord key/value input

source as fieldname

IE script pop up issues since 4.1 upgrade

break up events based on pid?

Capture Forwarded syslog events from a syslog server

Cannot filter WMI events to nullQueue in 4.2.x

Blank source and sourcetype?

Single events are combined into multi-line events

Configuring Apache log data forwarding

When using volumes, does Splunk count only index files or others too?

Scripted Inputs via Separate Outputs

Get data from WMI to splunk forwarder

Sourcefile name changes at index time - intermitte...

Troubleshoot the Splunk Add-on for Microsoft Cloud...

Salesforce Add-on - Lost my server and trying to r...

Configure Azure Storage Blob Modular Input for Spl...