Getting Data In

Thread Info

How to configure Universal and Heavy forwarders to filter syslog data for VMware and Cisco traffic then route to their respective index?

I have the following config: 1 Splunk Indexer1 Universal Forwarder1 Heavy Forwarder Here is what is working......

by Explorer in

Splunk 4.2 Universal Forwarder *nix app install via CLI

I am running a Linux box as an indexer and have multiple servers feeding data back to the index. The issue I am havin...

by Engager in

How do I get Splunk to log Cisco ASA Bad Password Attempts?

I am trying to log "Bad Passwords" or "Access Denied" attempts on the ASA and alert on them with Splunk: I have th...

by New Member in

What is the security measures that i should take when introducing universal forwarder on a production environment?

Hello Splunkies, I need to know what are the security measures that is should take if i want to introduce universa...

by Builder in

Cisco ASA Logging of Bad Password Attempts

I am trying to log "Bad Passwords" or "Access Denied" attempts on the ASA and alert on them with Splunk: I have th...

by New Member in

Need to parse the data

Data: [2013-03-17 23:48:23,472] [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] I...

by Path Finder in

Splunk free license, maximum sizes per day of data

i need to know is if i'm sending 10 MB file to splunk instance free license from a universal forwarder and splunk onl...

by Builder in

Using field values in a bash script

Hello, I'm trying to write a shell script in response to attempted ssh logins from multiple IP addresses. I have u...

by New Member in

problem filtering data

Good morning, I have a problem filtering data from UF. The scenario: UF --> Splunk indexer configuration ...

by New Member in

monitoring wildcards...

Hi, I need to monitor a specific file that can exist in many subdirectories. The file exists below this directory:...

by Champion in

Parsing text

I apologize in advance if this question has already been asked and answered. If it has, I am most likely demonstratin...

by New Member in

multiple forwarder instances on same server

Hi Does anyone know if the steps in this article: http://wiki.splunk.com/Community:Run\_multiple\_Splunks\_on\_...

by Explorer in

What is the distinction between parsed , unparsed , and raw data?

What processsing does the light forwarder do when sending unparsed data, to distinguish what it does with raw data? S...

by Splunk Employee in

Heavy Forwarders - possible to filter dynamically?

I need to filter events when they contain an id from a defined set. I know that Heavy Forwarders can filter events...

by Explorer in

Splunk Universal forwarder inputs.conf

Hi, My issue is i need to monitor only 3 folders out of 9 folders is there any way that i can do this in the input...

by Explorer in

Example - rsyslog.conf for multiple data sources with UF

RHEL 5.9 with rsyslog 3.22 Splunk 5.0.2 Universal Forwarder installed, with the intention of monitoring logs processe...

by New Member in

Displaying Cron Schedule of all Scheduled Searches on Search Head Pool

Is there a way to display in table format all the cron schedules for all scheduled searches across all apps on a sear...

by Builder in

Splunk extension

Does Splunk provide API for an external application to read the parsed data and generate the output for Splunk to dis...

by Path Finder in

Changing timestamp and sourcetype based on record type

I have two types of records - a START record and a STOP record. I want to be able to change the timestamp based on wh...

by Path Finder in

Splunk gets WMI Error 80041003 but WBEMTEST succeeds

On a new Splunk install on a Windows server, I followed the "HOWTO Enable WMI Access for Non-Admin Domain Users" inst...

by Engager in

What port splunk universal forwarder use to sent data to the indexer on splunk instance?

What is the port that splunk universal forwareder use to sent data to the indexer on a splunk instance, what protocol...

by Builder in

Standard way to add data files to splunk forwarder in windows and linux

Hi all i am playing with 10 splunk forwarders. I want to add data to splunk forwarder, i am using winscp. But it cann...

by Path Finder in

Alert script to run on the desktop

Hi I've an executable script which s triggering fine to run the mash gene to read the alert triggered over audio. ...

by Explorer in

Splunk disk size much larger than original data set. Why?

Hello, We are having some trouble understanding the disk size requirements for storing our data set in Splunk. The...

by Explorer in

how to get many values for a particular field (ex) product_id..

If I use the regex for extracting product_id from this log it picks only one value of product_id this is the regex i ...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to configure Universal and Heavy forwarders to filter syslog data for VMware and Cisco traffic then route to their respective index?

Splunk 4.2 Universal Forwarder *nix app install via CLI

How do I get Splunk to log Cisco ASA Bad Password Attempts?

What is the security measures that i should take when introducing universal forwarder on a production environment?

Cisco ASA Logging of Bad Password Attempts

Need to parse the data

Splunk free license, maximum sizes per day of data

Using field values in a bash script

problem filtering data

monitoring wildcards...

Parsing text

multiple forwarder instances on same server

What is the distinction between parsed , unparsed , and raw data?

Heavy Forwarders - possible to filter dynamically?

Splunk Universal forwarder inputs.conf

Example - rsyslog.conf for multiple data sources with UF

Displaying Cron Schedule of all Scheduled Searches on Search Head Pool

Splunk extension

Changing timestamp and sourcetype based on record type

Splunk gets WMI Error 80041003 but WBEMTEST succeeds

What port splunk universal forwarder use to sent data to the indexer on splunk instance?

Standard way to add data files to splunk forwarder in windows and linux

Alert script to run on the desktop

Splunk disk size much larger than original data set. Why?

how to get many values for a particular field (ex) product_id..

See just what you’ve been missing | Observability tracks at Splunk University

Weezer at .conf25? Say it ain’t so!

How SC4S Makes Suricata Logs Ingestion Simple

Regex works but transforms.conf extracts only part...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions