Getting Data In

Discussions

Thread Info

Streaming results with REST API?

Is it possible to stream results with the REST API? Every search i submit has the 'resultIsStreaming' value set to 0.

by Engager in

Is there an example configuration available for an Intermediate Forwarding configuration?

Referring to http://www.splunk.com/base/Documentation/latest/admin/Aboutforwardingandreceiving, under the section "In...

by Engager in

How to debug scripts execution?

I am trying to debug a loadData.sh scripts, and I do not see output added to Splunk. What is the best way to debug...

by Engager in

help with SEDCMD

I'm trying to clean up events from a Nessus 4 NBE file. Sample results look like the following: results|192.168.2|...

by Communicator in

unable to collect windows security log, other logs are fine

I have a bunch of splunk forwarders installed to collect windows logs and send to them to a collector. The forwarders...

by Explorer in

xmlkv How does it work?

All of our data is in XML format that is being indexed. I've been able to pull out a lot of extractions for single va...

by Explorer in

More specific requirements for permissions on splunk userid for windows

We want to install splunk on our Windows servers using a Domain account, but not have the in the local servers' admin...

by Engager in

Is it possible to customize the automatic sourcetype list in the Files & Directories interface?

I've got Splunk configured to assign some custom sourcetypes to files when they're uploaded automatically from a watc...

by Communicator in

How can I determine my indexing volume not by host, source, or sourcetype?

I'm trying to determine what percentage of my daily indexing volume is made up of a specific group of logs. For examp...

by Path Finder in

Can I line break some events and not others coming from the same source/sourcetype?

Hi, I've struggled with this log file for a while and can't seem to come up with a way to make it very usable. ...

by Path Finder in

Multi-Line event truncated

Hi all, I am demoing splunk to see if it's appropriate for the company I work for, one of the problems I have hit ...

by Engager in

Using custom code to push log data directly to Splunk over TCP?

I've got a basic Splunk setup to consolidate four different Web logs from eight machines running two Web servers each...

by Communicator in

retrieving log files from my router

I'm a new user of splunk, (demo) I wanted to analyze data from my router. Do I have to modify any setting in my route...

by New Member in

"ERROR: The mgmt port [8089] is already bound" prevents restarting Splunk

On a 4.1.2 Windows forwarder, we have a .path scripted input pointing to IBM WebSphere's wsadmin command-line shell. ...

by Contributor in

Log File Rotation

When splunk is watching a directory for log files will it reindex a file that gets rotated? I am trying to make sure ...

by Engager in

Time Stamps differences

in my windows event logs I have: TimeGenerated=20101226191500.000000-360 TimeWritten=20101226191500.000000-360 what i...

by Motivator in

How to add an indexed field in a distributed setup?

Hi folks, I'm trying to add an indexed field to a distributed setup, but I can't seem to get it working. (I'm awar...

by Explorer in

directory monitor not picking up file

My inputs.conf contains: [monitor:///usr/local/ecc_to_splunk/pickup/*.sp.*] disabled = false followTail = 0 host =...

by Explorer in

Trying to understand the basics.

I am very new to Splunk and am trying to figure out if this will assist us in resolving some of our monitoring needs....

by New Member in

Monitoring the progress of Splunk eating files

How can i see the status of the files that are being monitored?

by Splunk Employee in

Getting Data In

Discussions

Streaming results with REST API?

Is there an example configuration available for an Intermediate Forwarding configuration?

How to debug scripts execution?

help with SEDCMD

unable to collect windows security log, other logs are fine

xmlkv How does it work?

More specific requirements for permissions on splunk userid for windows

Is it possible to customize the automatic sourcetype list in the Files & Directories interface?

How can I determine my indexing volume not by host, source, or sourcetype?

Can I line break some events and not others coming from the same source/sourcetype?

Multi-Line event truncated

Using custom code to push log data directly to Splunk over TCP?

retrieving log files from my router

"ERROR: The mgmt port [8089] is already bound" prevents restarting Splunk

Log File Rotation

Time Stamps differences

How to add an indexed field in a distributed setup?

directory monitor not picking up file

Trying to understand the basics.

Monitoring the progress of Splunk eating files

Where to set HEC httpinputq value ?

Windows Registry monitoring works for local host n...

Get data from WMI to splunk forwarder

Sourcefile name changes at index time - intermitte...

Troubleshoot the Splunk Add-on for Microsoft Cloud...