Getting Data In

Discussions

Thread Info

Receiving x's & 0's.............sometimes

I have a script that queries a database and outputs the results to a csv file. When the file is finished being writte...

by Communicator in

How does Splunk handle udp data streams?

Hello, When I stream UDP data to Splunk using a script to pipe Apache access logs via scripts. The splunk server c...

by Path Finder in

Forwarding to multiple indexes

Hi, I have following inputs.conf [script://$SPLUNK_HOME/etc/apps/appa/bin/script1.sh] index = index1 sourcetype...

by Explorer in

4.2.1 on AIX 6.1

I noticed support for AIX 6.1 as of Splunk 4.2. Great! Then I noticed support for AIX 6.1 taken away with Splunk ...

by Builder in

Optimizing custom log formats

I read a post on the site describing how an optimum custom log format for Splunk would take the form: <timestamp> ...

by Path Finder in

monitor a directory that isn't always there

I believe that if a directory mentioned in a monitor statement is not there when splunk starts up, the directory will...

by Contributor in

Universal Forwarder Repeated Migration

If I have a 4.2 Universal Forwarder (Windows) installed on a machine that was migrated from 4.1.x and still has the o...

by New Member in

Why are my events splitting by second and not each timestamp

My props.conf has: [server] MAX_TIMESTAMP_LOOKAHEAD = 0 SHOULD_LINEMERGE = true #BREAK_ONLY_BEFORE_DATE = true BRE...

by Path Finder in

Can you treat overrided sourcetypes savely as normal sourcetypes?

I have a single source and my main config is based on overided sourcetypes. So is it save to build all configs (FIELD...

by Contributor in

Trim whitespace in indexed files

Hi, We are indexing a substantial number of XML files. These files have between 30% and 50% of white space that ca...

by Path Finder in

sourcetype not getting set

I have the following confs inputs: [monitor:///opt/logs/\*.prd/\*/\*EndAudit.csv] disable = false index = foo ...

by Engager in

Unable to sync Timezone between CDT and GMT

I am attempting to bring data together from servers sitting in GMT in line with the logs from servers sitting in CMT,...

by Communicator in

Forwarding data for only selected hosts

I have one splunk indexer that receives data from a variety of hosts. I want to also forward the data coming in from ...

by New Member in

Link to download source files

Hi, We have a system with many indexed small xml files. Is it possible to have a link/view that displays the full ...

by Path Finder in

Splunk not breaking events correctly

Hi I'm forwarding logs into Splunk from a database trace file via monitor through a LWF. Example file content ...

by Explorer in

How To Better Deal with Gaps in Remote Data

I need to figure out how I can gracefully revise data that's already been indexed. My use case is this: We are mon...

by Splunk Employee in

Can universal forwarders detect and forward newly created logs

Can Splunk universal forwarders handle and forward newly created log files? I would like to forward data as raw logs ...

by Path Finder in

IIS Timezone Help

I think i'm going mad. I'm a brand new user who's eval-ing splunk, seems powerful but i'd like to get all my logs ...

by Explorer in

Indexing some, but not all files

I know there are similar questions, but not exactly and the answers don't seem to apply. Also, I'm a noob so forgive ...

by Explorer in

universal forwarder with more than one outputs.conf

I need to figure mine collection of universal forwarders to sent information to distinct tcp ports... Ba...

by Path Finder in

Getting Data In

Discussions

Receiving x's & 0's.............sometimes

How does Splunk handle udp data streams?

Forwarding to multiple indexes

4.2.1 on AIX 6.1

Optimizing custom log formats

monitor a directory that isn't always there

Universal Forwarder Repeated Migration

Why are my events splitting by second and not each timestamp

Can you treat overrided sourcetypes savely as normal sourcetypes?

Trim whitespace in indexed files

sourcetype not getting set

Unable to sync Timezone between CDT and GMT

Forwarding data for only selected hosts

Link to download source files

Splunk not breaking events correctly

How To Better Deal with Gaps in Remote Data

Can universal forwarders detect and forward newly created logs

IIS Timezone Help

Indexing some, but not all files

universal forwarder with more than one outputs.conf

Unable to index Windows registry monitoring (Certa...

WinRegMon - Inputs.conf works on localhost but not...

Onboard logs from McAfee EPO Cloud

serverclass.conf whitelist from pathname not worki...

Connect to your Azure Storage account with the Spl...