Getting Data In

Discussions

Thread Info

How to get all configuration files in my deployment in a file?

Hi all, I would like to know how to get all configuration files in my deployment in a file (for each Splunk instance)...

by Path Finder in

How do I rename xml fields in props.conf?

I have a file of XML-like events that look like this: <Event Field1=foo Field2=bar Field3=baz > <Data Field4=w...

by Builder in

UDP routing on indexer

Hi All , One of our clients wats to use single Splunk instance (indexer) for both receiving and sending data. They...

by Path Finder in

Is there any way to guarantee my Forwarder collecting all data?

Hi all. We are using Splunk Enterprise version of 6.1.3. Is there any way to guarantee my Forwarder collecting all da...

by Engager in

Inputs.conf to monitor in given time range only

Hi, I have a situation: The logs are getting generated 24x7, but the client wants to monitor only during offline h...

by Communicator in

Can I stream the splunk resultset back to splunk for indexing, without storing it in a file?

I want to index the splunk resultset for future use. Do I always have to store it in a file?

by Contributor in

Best way to index .csv files with some common fields

Hi I have a series of .csv files (1 for each month) where the first 100 fields are the same, but after that there are...

by Engager in

Forwarder Data not showing in indexes

Recently I upgraded our Splunk installation from the 5 version to the new 6.0 version. The installation is pretty ...

by New Member in

How to forward all events to a single index, but filter out all splunkd sourcetype events that contain "INFO"?

We are currently using props.conf and transforms.conf to combine all non-internal ingest into a single index on our h...

by Explorer in

Capability to upload data files via the gui for a user?

I need to assign a capability to an existing Splunk user, so that they can upload files to their own index themselves...

by Explorer in

How to configure inputs.conf on a Universal Forwarder to only read the current day's file that contains the date?

I'm trying to configure inputs.conf to only read the current days file that contains the date. The file name changes ...

by Engager in

help with xml input

HI, I need some help with an xml input being sent via a tcp port. Here's an example of the input: <ver...

by Champion in

ignore specific parts of a log entry with props.conf and transforms.conf?

Hi Splunkers! Thank you so much for your help in advance! I'm trying to ignore specific fields within a syslog ...

by Explorer in

After removing an index, how or where can I find the related input for removal?

In a QA environment, for testing purposes, I used the search head to create a new index (tim_test), and then added a ...

by Path Finder in

Can I use the same index name in Hunk and Splunk

Hi, We are trying out Hunk. The goal is to keep shorter-term data in Splunk and longer-term data in Hunk. Is there...

by Champion in

How to configure universal forwarders on Windows servers to forward logs to a certain index on a Linux server?

We have a Linux-based Splunk enterprise server (free version) I installed the universal forwarder on a few windows se...

by Explorer in

How to direct incoming data on universal forwarder to desired index ?

My Setup I've an index by the name mobile_client1_venue1 that gets data from mobile client application that sends...

by Path Finder in

How to send dbquery results to an indexer from a forwarder?

how to send dbquery results to indexer for indexing from forwarder. |dbquery dtParts limit=300000 "SELECT * from...

by Contributor in

Why is some data being indexed as separate entries while monitoring csv log files?

I have a console app which reads data from table storage, and writes it out onto a csv file. I monitor each of the ou...

by Engager in

Mandrill Webhooks CIM mapping

I am importing Mandrill webhook data into Splunk, the format is described here: http://help.mandrill.com/entries/5830...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to get all configuration files in my deployment in a file?

How do I rename xml fields in props.conf?

UDP routing on indexer

Is there any way to guarantee my Forwarder collecting all data?

Inputs.conf to monitor in given time range only

Can I stream the splunk resultset back to splunk for indexing, without storing it in a file?

Best way to index .csv files with some common fields

Forwarder Data not showing in indexes

How to forward all events to a single index, but filter out all splunkd sourcetype events that contain "INFO"?

Capability to upload data files via the gui for a user?

How to configure inputs.conf on a Universal Forwarder to only read the current day's file that contains the date?

help with xml input

ignore specific parts of a log entry with props.conf and transforms.conf?

After removing an index, how or where can I find the related input for removal?

Can I use the same index name in Hunk and Splunk

How to configure universal forwarders on Windows servers to forward logs to a certain index on a Linux server?

How to direct incoming data on universal forwarder to desired index ?

How to send dbquery results to an indexer from a forwarder?

Why is some data being indexed as separate entries while monitoring csv log files?

Mandrill Webhooks CIM mapping

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

How to install a remote app into a Splunk Search H...

Splunk OTEL Forwarder- Is there a values.yaml file...

Renamed serverclass, but not updated in data input...

How do I ship json file uusing HTTP Event Collecto...

How to highlight the data in the Map for regions E...