Getting Data In

Discussions

Thread Info

Command to filter out repeated item.

I would like to know what is the command filter out repeat source port if I wanna analyse my log based on number of p...

by New Member in

how can i tell when splunk is finished indexing a log file?

Is there an internal log message that will tell me when Splunk has finished indexing a file?

by Path Finder in

Inherit monitor attributes in input stanzas?

Is it OK to do like this: [monitor://E:\Data\pnlog\createsession\] soucetype = createsession recursive = false hos...

by Path Finder in

which props files in splunk do not require restarting splunk?

hi, when making changes to props files, which props files in splunk do not require restarting splunk and take effect ...

by Path Finder in

Syslog UDP IP address to hostname

Running v5.0.2 I've added a Syslog UDP source on port 514, and enabled DNS lookup via the advanced menu. It works ...

by New Member in

How to modify the time stamp format when i run a scheduled pdf?

I have a dashboard which has some 6 items as part of it. I have a scheduled to email the dashboard every 24 hours....

by Path Finder in

Splunk randomly extracts 2 types of timestamp formats!

I have no idea what I missing here, just no idea and I have to admit, its killing me inside, I have been stuck on thi...

by Builder in

Is it possible to weight splunk agents to prioritize specific indexers?

I would like to weight certain indexers more then others as some of my indexers are older, and some are beefy new box...

by Contributor in

Forwarder is not showing in Splunk

Hi Splunk Team, We have installed splunk tool on a windows server 2003 machine say A and Splunk forwarder on anoth...

by Explorer in

Search id update problem

I find that the search id is changes as time. I am not sure why it happen and how long dose it change once.

by Path Finder in

rsyslog vs. Splunk Forwarder

Hi, I am wondering what are the pros and cons of the following two logging setups: All hosts run rsyslog and fo...

by Engager in

Slow network speed from universal forwarder to indexer

Hi, I have a single licensed indexer running on a server. I also have installed a universal forwarder to collect ...

by Explorer in

404-not found

curl -k -u alice:pass https://localhost:8089/alice can return data. why there is an error message "404-not found" cur...

by Path Finder in

Keeping sourcetypes / transforms / etc sycned between multiple indexers

I'm putting together a large environment, so I'm hoping to get this sorted out before I dig myself into a hole. I ...

by Communicator in

Splunk Memory Metrics

Currently splunk provides for an out-of-the-box way of looking at Memory usage for all hosts that are being monitored...

by Builder in

Splunk index reconfiguration

Is it possible to go from a linux splunk instance to a windows splunk instance while retaining all previous index dat...

by Path Finder in

multikv.conf for data with pipe delimeter

multikv.conf [testmultikv] pre.linecount = 1 header.linecount = 1 header.tokens = _tokenize_, -1, "1" body.t...

by Path Finder in

Splunk light weight forwarder failover capability

Hi, Do we have a fail over capability for any Splunk forwarders? like if one forwarder goes down the other one wil...

by Explorer in

/services/search/jobs/export ignores required fields in CSV

The doc for the /jobs/export mentions the 'rf' parameter (v5.0.2). However, it is ignored by the REST endpoint. E.g. ...

by Engager in

Has anyone used Splunk to indirectly monitor mail flow (ie verify a Cloud provider isn't down)?

Recently deployed a Cloud-based email gateway, and after a couple of hiccups, now being asked to put some monitoring ...

by New Member in

issue with join and matching multiple lines

Need a second set of eyes on this one please.. I am trying to create a report for Failed VPN connections on a cisc...

by Path Finder in

cs_uri_query into separate fileds when importing data

I am doing a proof of concept with Splunk. When I import my data as IIS-2 log files splunk picks up the cs_usernam...

by Contributor in

Remove capabilities in authorize.conf

I see capabilities in Splunk are defined in the authorize.conf. For security reason, i want to disable the delete by ...

by New Member in

How to install the Universal Forwarder on a Windows Cluster

I haven't been able to find a clear post on "How to install the Universal Forwarder on a Windows Cluster". Does anyon...

by Explorer in

How do I include leading 0 in the time fields

I would like to combine the date_hour, date_minute and date_second fields to display in the following format when usi...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Command to filter out repeated item.

how can i tell when splunk is finished indexing a log file?

Inherit monitor attributes in input stanzas?

which props files in splunk do not require restarting splunk?

Syslog UDP IP address to hostname

How to modify the time stamp format when i run a scheduled pdf?

Splunk randomly extracts 2 types of timestamp formats!

Is it possible to weight splunk agents to prioritize specific indexers?

Forwarder is not showing in Splunk

Search id update problem

rsyslog vs. Splunk Forwarder

Slow network speed from universal forwarder to indexer

404-not found

Keeping sourcetypes / transforms / etc sycned between multiple indexers

Splunk Memory Metrics

Splunk index reconfiguration

multikv.conf for data with pipe delimeter

Splunk light weight forwarder failover capability

/services/search/jobs/export ignores required fields in CSV

Has anyone used Splunk to indirectly monitor mail flow (ie verify a Cloud provider isn't down)?

issue with join and matching multiple lines

cs_uri_query into separate fileds when importing data

Remove capabilities in authorize.conf

How to install the Universal Forwarder on a Windows Cluster

How do I include leading 0 in the time fields

Index This | What are the 12 Days of Splunk-mas?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Mimecast App to get Archive logs

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout