Getting Data In

Ask a Question

Discussions

Thread Info

How to add delete update tags using | rest command?

How to add delete update tags using | rest command? I do see examples using curl in doc, but i would like to know ...

by Contributor in

Inputs.conf whitelist syntax assistance

I have several virtual hosts under /opt/log/ /opt/log/webA /opt/log/webB /opt/log/webC They all have denied.log...

by Explorer in

Where do I save the script that will install UF on remote servers?

Creating a script that will install UF on remote server, where on my deployment server should I go to save that scrip...

by New Member in

Rest api add parameters to a saved search

Hi, I’m using the rest api with curl now I got the following question: Is it possible to add parameters to a sa...

by Path Finder in

indexer acknowledgement and cascaded forwarders

Hi Base, short Question: If you have fe. 2 Forwarders in a row and sending data from the first over the second to the...

by Path Finder in

Windows イベントログ収集時に特定のイベント種のみインデックスできますか？

Windowsに限らずインデックス前に特定のイベント種のみを取り込む設定、または特定のイベント種を除外することは可能でしょうか？

by Path Finder in

Manual sourcetype for data input not persistent when indexed

I configured a data input to monitor a directory holding the csv files that will be consumed by Splunk. I manually sp...

by Explorer in

Timestamps and timezones

My Splunk install is indexing logs that contain both a UTC timestamp and a timezone. Logs are being generated by devi...

by Path Finder in

SplunkStorm & IIS & time stamp

I've seen a few similar questions asked with answers that either don't apply or don't help, and I apologize in advanc...

by New Member in

Indexing logs to remote server

I have installed 1 forwarder on my linux machine-1 and another on windows apache machine-2. The splunk has been insta...

by New Member in

Input from csv from my local drive

I have a list of IPs that I'd like to use as input to a saved search. Instead of manually typing (ip=x OR ip=y OR ip=...

by Path Finder in

index apache and application logs to a remote machine

I have installed 1 forwarder on my linux machine-1 and another on windows apache machine-2. The splunk has been insta...

by New Member in

fsmonitor question

Is it possible for a file monitored with fsmonitor to send an alert on any difference of the file? or would monitorin...

by Path Finder in

Will | extract reload=true command refresh everything in props.conf?

Hi, I've got four indexers and two search heads in a distributed environment. I've got a new sourcetype coming int...

by Communicator in

How to accommodate changes to event names

Our Splunk server is processing logs with a “name” attribute in them. One of many possible values of that name is “Ca...

by Path Finder in

OPSEC-lea with Provider-1

Hello everyone, Does someone make the OPSEC-LEA app work with Provider-1? The main difference here is that the logs a...

by Explorer in

set queue size limit for universal forwarder

When we have a universal forwarder installed on a VM server (hard drive is 40gb). When the service went down yesterda...

by Path Finder in

simple index segregation ?

Hi. I'm trying to find a quick and simple way to separate my incoming cisco syslogs into different indexes. For co...

by Engager in

Universal ForwarderのCPU使用率が非常に高い

4.3.3のUniversal Forwarderを使っているが、特定の環境だけUniversal Forwarderの起動後に2時間が経っても、CPUの使用率が42%のままでした。何故、Universal Forwarderはそん...

by Contributor in

Index Windows Robocopy Log files - Help!

I am sure this is something simple that i am over looking here but basically i want to monitor a directory with all r...

by Engager in

Splunk stopped indexing when it came across a bigint number

I am using Splunk to import data from a mysql database using DB Connect App. I created data inputs for the same. Splu...

by Engager in

Universal Forwarder has to be on every machine?

The installer makes it seem like it is possible to pull data from another machine with the universal forwarder. Is th...

by New Member in

Source type websphere_activity

Hi, The source type for one of our hosts - HOST A - recently changed to websphere_activity. The source is log file...

by Communicator in

Configure index and application in Universal forwarder

Hi I configured Universal forwarder to push the windows event logs ( adfs logs ) to main splunk server. Can any...

by New Member in

Search in the earliest source

Hello! I have sourtsetype that contains multiple source. Into sourcetype permanently add new source. I need to search...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to add delete update tags using | rest command?

Inputs.conf whitelist syntax assistance

Where do I save the script that will install UF on remote servers?

Rest api add parameters to a saved search

indexer acknowledgement and cascaded forwarders

Windows イベントログ収集時に特定のイベント種のみインデックスできますか？

Manual sourcetype for data input not persistent when indexed

Timestamps and timezones

SplunkStorm & IIS & time stamp

Indexing logs to remote server

Input from csv from my local drive

index apache and application logs to a remote machine

fsmonitor question

Will | extract reload=true command refresh everything in props.conf?

How to accommodate changes to event names

OPSEC-lea with Provider-1

set queue size limit for universal forwarder

simple index segregation ?

Universal ForwarderのCPU使用率が非常に高い

Index Windows Robocopy Log files - Help!

Splunk stopped indexing when it came across a bigint number

Universal Forwarder has to be on every machine?

Source type websphere_activity

Configure index and application in Universal forwarder

Search in the earliest source

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Sourcetype restricted access

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction