Getting Data In

Discussions

Thread Info

splunk to monitor password protected files

Hi, I am trying to configure splunk to monitor zip files. All the files inside the zip files are password protected a...

by New Member in

How much splunk memory use should I expect while monitoring a directory with many entries?

If I remove the only input stanza I have on a forwarder and restart Splunk the memory usage is 2GB. How can a forward...

by Path Finder in

Why am I getting checksum errors on certain hosts and how to troubleshoot this?

I'm trying to create a dashboard for missing universal Forwarders. I tried using _internal logs, but for a few of the...

by Communicator in

|delete hang indefinetely

Issue : I am trying to "delete" bunch of events from the index by using "| delete" command. The search without "| de...

by Splunk Employee in

how to assign csv file column value as event timestamp?

We have csv file dump and its contains the user profile data with column Account_Creation_Date (sample data : "2008-0...

by Builder in

How to configure multi-value parameters for a Modular Input?

I'm building a Modular Input and I need to accept an arbitrary number of values for a given parameter. The SDKs seem ...

by Path Finder in

Is there a way to use XML / spath for files that aren't pure XML?

I'm using Splunk 6.1.3 (build 220630) on RH 6.5, and I've read much about parsing XML into Splunk. Nonetheless, I thi...

by Explorer in

How to add fields from one index to another with the same sourcetype?

I want to add fields from one Index to another, with the same sourcetype "stash" In Index A there are fields like ...

by New Member in

What's the maximum data throughput per second can a single indexer handle?

Hi, we met a tough issue , there's a system generate more than 10MB/s log to forwarder to index server at a special p...

by Explorer in

Estimating size of blockSignature index

Is there any data available on estimating how big an indexer's blockSignature database may become, based the blockSig...

by SplunkTrust in

How to index XML data in Splunk without row. prefix?

My XML is as follows: <row> <Id>1</Id> <PostId>7</PostId> <UserId>2</UserId> <VoteTypeId>2</VoteTy...

by New Member in

Why am I getting error "Path does not exist" when I try to add the apache2 log file /var/log/apache2/access.log?

Dear Splunkers, I get an error message "Path does not exist" when I try to add the apache2 logfile /var/log/apache2/a...

by New Member in

heavy-forwarder configuration

Hello! I need help to configuration a heavy-forvarder. My data contain event of 9 types: datetime1,type1,val1,v...

by Communicator in

how to use crcSalt to index similar folders

I have a centralized server with all my logs per instance /var/log/database/hostA/report.log /var/log/database/...

by Communicator in

How to configure props.conf and transforms.conf to filter out events from web logs before getting indexed?

I am attempting to filter out healthcheck's within our system from our web logs. I am using the props.conf / transfor...

by Motivator in

Universal Forwarder Download Page

http://www.splunk.com/download/universalforwarder Seems to be missing the Power PC "ppc" in the version title. May...

by Motivator in

Why is Splunk not showing all hosts after adding a data input that uses variables as the host name?

Hi, I have added a data input that uses variables as the host name, so /opt/mark/home/.../.../logs It uses segment 5 ...

by Builder in

What is: ERROR BucketMover - sizeBytes=xxx candidateBytes=yyy

Got a lot of logged events in the _internal-index for one of our indexers. First we always see an event like this ...

by Contributor in

Why using suppress_text=1 for Windows events logs results in loss of many interesting fields?

We have installed a universal forwarder on a DC. In order to reduce the size of the windows logs indexed, we have use...

by New Member in

How to identify in the splunkd.log when Splunk is no longer monitoring a data input?

Hey, Is there an event in splunkd.log which identifies when a stanza defined in inputs.conf which is not disabled ...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

splunk to monitor password protected files

How much splunk memory use should I expect while monitoring a directory with many entries?

Why am I getting checksum errors on certain hosts and how to troubleshoot this?

|delete hang indefinetely

how to assign csv file column value as event timestamp?

How to configure multi-value parameters for a Modular Input?

Is there a way to use XML / spath for files that aren't pure XML?

How to add fields from one index to another with the same sourcetype?

What's the maximum data throughput per second can a single indexer handle?

Estimating size of blockSignature index

How to index XML data in Splunk without row. prefix?

Why am I getting error "Path does not exist" when I try to add the apache2 log file /var/log/apache2/access.log?

heavy-forwarder configuration

how to use crcSalt to index similar folders

How to configure props.conf and transforms.conf to filter out events from web logs before getting indexed?

Universal Forwarder Download Page

Why is Splunk not showing all hosts after adding a data input that uses variables as the host name?

What is: ERROR BucketMover - sizeBytes=xxx candidateBytes=yyy

Why using suppress_text=1 for Windows events logs results in loss of many interesting fields?

How to identify in the splunkd.log when Splunk is no longer monitoring a data input?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Why are AWX and HEC not working?

Why are source/host/sourcetype fields dropping thr...

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...