Getting Data In

Discussions

Thread Info

Reduce on disk database size after delete

I have run into a situation where a very large amount of data has been imported into the wrong index. This index cont...

by Engager in

Saved Search working in UI, but errors when called via REST

I have a rather complex saved search that functions perfectly when accessed via the UI. But when a job is kicked off ...

by Motivator in

duplicate hostnames with different cases

Hello, How could we avoid duplicate reporting of the same host? Hosts (≥ 3) host Count Last Update 1 Testserver...

by New Member in

How do I delete events?

I have some data in my index that I don't want. How can I get rid of them?

by Champion in

Filtering events not working

I've recently upgraded the forwarder to a universal forwarder on our app server.I'm collecting windows event logs as ...

by Contributor in

adding static field value using props transforms based on source

Hey, I am looking to add a static field "instance=testdrive" to all results from a source input with td-idp-manage...

by Contributor in

Universal Fowarder support Apps

I haven't seen any conclusive documentation on this, however does the Universal forwarder support Apps like the Splun...

by Explorer in

active-only/eatonlylivefiles in Splunk 4.3

The "active-only" feature doesn't seem to work in Splunk 4.3: # splunk add monitor /var/log/messages -active-only ...

by Engager in

REST API Update

UPDATE: I just downloaded the sourcecode from the SVN repository and made the modification myself and rebuilt the jar...

by Explorer in

monitoring files - how does splunk count the size?

Hi, I've configured a directory for monitoring in inputs.conf ([monitor://path_to_dir]) and separated index for th...

by Path Finder in

Migrating database from windows 2003 to Linux

Guys, I currently run splunk on a Windows box. Is it possible for me to move the database from Windows to Linux (Cent...

by New Member in

Splunk Windows App

I have the Splunk for Windows app installed but it is collecting syslog UDP:514 data as well. How do I exclude the sy...

by Explorer in

ERROR: failed to load index config: 'maxTotalDataSizeMB' tag required in config for

My Splunk won't start due to this error! What do I do? ERROR: failed to load index config: 'maxTotalDataSizeMB' ta...

by Splunk Employee in

Problems using the REST API to search

Hello, I have several questions/issues with the Splunk API, so I'll try to keep this short and concise. First -...

by Path Finder in

Why is my wildcard descending into directories?

According to this document: Specifyinputpathswithwildcards The asterisk wildcard matches anything in that spe...

by Explorer in

Reindexing already indexed data and props/transforms.conf

Hi All, Question about reindexing indexed data: I have a legacy 4.2.x splunk server running. Its set to index a...

by Path Finder in

Search not coming upwith results for new hosts for non-admins

We've recently changed out our servers and when I use the searches against these new hosts using my user I am not get...

by Explorer in

Setting up Forwarder and Testing

So, I've installed and configured the Splunk forward on my Intranet Server. I'm trying to get the IIS logs from \Wind...

by Engager in

Alternate timestamp for CSV files or forwarded data

Does anyone know how we can use the timestamp of the file from the operating system as the timestamp for events? For ...

by Explorer in

forward data to a syslog server

We're trying to forward data to a syslog server from a splunk server. However, seems that the hostname and process id...

by Explorer in

Getting Data In

Discussions

Reduce on disk database size after delete

Saved Search working in UI, but errors when called via REST

duplicate hostnames with different cases

How do I delete events?

Filtering events not working

adding static field value using props transforms based on source

Universal Fowarder support Apps

active-only/eatonlylivefiles in Splunk 4.3

REST API Update

monitoring files - how does splunk count the size?

Migrating database from windows 2003 to Linux

Splunk Windows App

ERROR: failed to load index config: 'maxTotalDataSizeMB' tag required in config for

Problems using the REST API to search

Why is my wildcard descending into directories?

Reindexing already indexed data and props/transforms.conf

Search not coming upwith results for new hosts for non-admins

Setting up Forwarder and Testing

Alternate timestamp for CSV files or forwarded data

forward data to a syslog server

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!

Sign up now >

Windows Defender Endpoint / ATP via Azure Event Hu...

monitor security windows events with syslog

EPO version 5.10 cannot connect with Db Connect ve...

Deployment server not available on a dedicated for...

Adding Fields To Log Events

Getting Data In

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!

Sign up now >