Getting Data In

Discussions

Thread Info

Invalid URI Fragment error in splunkd.log

I am receiving the following error messages in splunkd.log every 10 minutes: 04-16-2013 20:31:37.148 +0000 ERROR H...

by Engager in

Inputs.conf monitoring of a Dir and a specific log within it

What is the precedence? or will it creat problems if I am monitoring All files in directory and also monitor a specif...

by Explorer in

props.conf changes require complete restart?

Hi to all - short question: Do changes to the props.conf really require a restart of splunk? Is there a way to app...

by Contributor in

How to filter the index by using mulitple stanzas with different sources in props and transforms

Hi, I would like to filter out some event logs coming from different forwarders. I have been able to filter out some ...

by Engager in

Recognizing timestamps split across multiple lines

My event have separate date and time fields on separate lines. E.g. Date: 29 April 2013 ...

by Path Finder in

Files left in $SPLUNK_HOME/var/spool/splunk ?

I'm seeing a build up of files left behind in $SPLUNK_HOME/var/spool/splunk. This location is part of the system/defa...

by Splunk Employee in

Microsoft Direct Access and Windows forwarder client, DNS, and IPv6 tunnels

Using the Windows forward client, is there a way to force the client to only use an IPv6 tunnel? Situation: using ...

by Splunk Employee in

Exporting search to csv contains headers, exporting with cURL/API does not

Is there any way to add headers to the csv output I retrieve from curl? I'm getting them in the gui, but I can't figu...

by Path Finder in

Splunk rest api change column order.

Hello, I am using splunk 4.2.5 When I export data to csv file from splunk via rest api I encountered a problem. Splu...

by Engager in

Universal Forwarder to Universal Forwarder to Indexer

I am currently configuring systems to forward data to splunk, but I have hit a wall with the Universal forwarder conf...

by Engager in

Splunk for NetScaler

Hi, What is the best method of getting data fro NetScaler into Splunk? Is Splunk able to communicate directly to a Ne...

by Engager in

Inputs.conf - wildcard monitor stanzas on Windows

I have a series of files I'm monitoring on windows servers that have to have wildcards in the monitor path. C:\Pro...

by Motivator in

How to move _internaldb to a new partition in a Clustered indexer environment

Ahhh, the joys of running clustered indexers. I need to find a way to move the _internaldb out from /opt/splunk/va...

by Contributor in

Install another instance with a lower version on Windows Platform?

Good Day, I have installed the latest Splunk on my test machine (WINDOWS), and I want to install another instance ...

by Communicator in

1 orphaned indexer reported by 1 indexer

What made this warning appear ? 1 orphaned indexer reported by 1 indexer How to Correct by midnight to avoid viol...

by Explorer in

MSI DEPLOYMENT_SERVER Flag not working

Hello I am trying create an completly unattended installation and the DEPLOYMENT_SERVER flag doesn't seem to generate...

by Champion in

Splunk Universal Forwarder Slow

My Splunk forwarder is forwarding ~5 events per second (per my Deployment Monitor on my search head). The maxKBps is ...

by Engager in

Can Splunk Monitor Checkpoint Firewalls and can logs be downloaded to a Linux Server

Can Splunk monitor a Checkpoint Firewall and if so can the logs be downloaded to a Linux Server

by New Member in

Add data in to the Splunk.

Hello, I've only just started learning Splunk. How do I add a file, and how to specify that the first row was heading...

by New Member in

is there information logged about used stanzas for indexing data?

Hi, if I import data from a single file, can I get any information of the stanzas (of the several props.conf) splunk ...

by Path Finder in

Splunk API: the proper way to run a saved search

I have recently starting working on an integration with Splunk via the API, and am unclear on how to run a saved sear...

by Builder in

Can't find the right source type

Hello, I got a problem in defining source type to get logs from a windows host on my lan. I receive the logs ov...

by New Member in

How to add delete update tags using | rest command?

How to add delete update tags using | rest command? I do see examples using curl in doc, but i would like to know ...

by Contributor in

Inputs.conf whitelist syntax assistance

I have several virtual hosts under /opt/log/ /opt/log/webA /opt/log/webB /opt/log/webC They all have denied.log...

by Explorer in

Where do I save the script that will install UF on remote servers?

Creating a script that will install UF on remote server, where on my deployment server should I go to save that scrip...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Invalid URI Fragment error in splunkd.log

Inputs.conf monitoring of a Dir and a specific log within it

props.conf changes require complete restart?

How to filter the index by using mulitple stanzas with different sources in props and transforms

Recognizing timestamps split across multiple lines

Files left in $SPLUNK_HOME/var/spool/splunk ?

Microsoft Direct Access and Windows forwarder client, DNS, and IPv6 tunnels

Exporting search to csv contains headers, exporting with cURL/API does not

Splunk rest api change column order.

Universal Forwarder to Universal Forwarder to Indexer

Splunk for NetScaler

Inputs.conf - wildcard monitor stanzas on Windows

How to move _internaldb to a new partition in a Clustered indexer environment

Install another instance with a lower version on Windows Platform?

1 orphaned indexer reported by 1 indexer

MSI DEPLOYMENT_SERVER Flag not working

Splunk Universal Forwarder Slow

Can Splunk Monitor Checkpoint Firewalls and can logs be downloaded to a Linux Server

Add data in to the Splunk.

is there information logged about used stanzas for indexing data?

Splunk API: the proper way to run a saved search

Can't find the right source type

How to add delete update tags using | rest command?

Inputs.conf whitelist syntax assistance

Where do I save the script that will install UF on remote servers?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

Parsing Multimetric Logs

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions