Getting Data In

Discussions

Thread Info

Restarting Splunk in the serverclass.conf

I have question on restarting a Splunk Forwarder when rolling out a new app. In the serverclass.conf file, I'm adding...

by Engager in

Remote snare security logs to splunk

For anyone who has used the snare agent - I've been testing snare agent for windows and snare server, and I've gotten...

by New Member in

XML Extraction with multi values

Hello I am looking for a way to extract my values from an xml file, so it seems that using xmlkv would be my best ...

by Communicator in

Splunk unsorted issue SPL-48455, - Is it fixed in 5.X

Hi All, There are some know unsorted issue is Splunk 4.3.1 as follows "SPL-48455" related to PDF Report Server. Is...

by Engager in

edit sourcetype settings?

when i created my sourcetype my-log i selected default timestamp, later i found out that in some events with more tha...

by Path Finder in

Splunk Agent Network Statistics

Is there a way for the splunk agent to log exactly how much traffic it sent over the network? I'm trying to get an...

by Explorer in

How to get the health status of a heavy (or universal) forwarder?

Hello Splunk Community, I m running a heavy forwarder on my central syslog server in order to index most of our lo...

by Explorer in

Indexing performance has slowed to a stop

Indexing performance has started to become really bad to the point where my Splunk instance has stopped indexing even...

by Splunk Employee in

Universal forwarder is not collecting events on Forwarded Folder of windows server

Hi All I am new to Splunk and having some issue... we have a windows 2008r2 server setup as an event collector for...

by Path Finder in

Can splunk Index data from an HTTP address

I have a url that has a server.txt file on that that gets updated as the requests/responses are coming through. C...

by Path Finder in

Splunk on-demand indexing of a file

I currently have a FIX log file which generates HUGE amounts of data every day. With my current license its impossibl...

by Explorer in

Assign an index and sourcetype name different from forwarder in Indexers

Hi All, I have a cisco edge device with Splunk forwarder (UF) embedded in it. That means index and sourcetype is a...

by Contributor in

Windows Server 2012 - Splunkd Service Access Denied

We're having a bit of an issue with our new Splunk install on Windows Server 2012. The Splunkd and Splunkweb services...

by Engager in

/var/log/messages associated with index host NOT the correct source host

I have two dozen UF linux systems. All of them are picking up /var/log/messages and sending it to my indexer (the one...

by Path Finder in

Ruby SNMP CIM

Greetz, I know almost nothing about Ruby, could someone maybe assist by advising how to print the below fields but...

by Contributor in

Splunk WMI on Universal Forwarder

I am writing a WQL on my universal forwarder to read data from my BizTalk server. I have configured my wmi.conf as be...

by Explorer in

Parsing syslog, extracting all the basic fields, while setting correct timestamp - is it possible?

I wonder if there is a way of parsing/searching syslog messages, simpler than editing config files, and writing appli...

by New Member in

Splunk TCP input from python program

Hey guys, I've crated a python program that does some auditing and then tried to upload to a splunk server. It doe...

by Path Finder in

Universal Forwarder ParsingQueue KB Size

Hi All, We use a Splunk Universal Forwarder to monitor Websphere log files on our environment. During normal daily op...

by Communicator in

Cannot Login to Forwarder

After installing the Forwarder, I cannot login to it. I have executed SPLUNK CLEAN ALL, but cannot login. I also trie...

by New Member in

Splunk VMware "logincreator.pl" returns error

Hi Im trying to use logincreator.pl to create an account in my hosts. it returns an error saying "Insufficient ...

by Explorer in

How do I force IP address for host property instead of hostname

In the inputs.conf file you have the option to specific a 'host' property. Per the documentation. If not set ...

by New Member in

syslog parsing...

Hi, I need to process a syslog feed, but only keep certain hosts, and throw the rest away. I first setup the f...

by Champion in

How do you increase maximum UDP log size?

We are experiencing a complete loss of the log message if it's over approx. 1400 characters. The message doesn't show...

by Engager in

Universal Forwarder not connecting to indexer

OS=Windows Server 2008 SP1 64-bit, Forwarder version = 5.0, Indexer version = 5.0 Windows Firewall = OFF Scenar...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Restarting Splunk in the serverclass.conf

Remote snare security logs to splunk

XML Extraction with multi values

Splunk unsorted issue SPL-48455, - Is it fixed in 5.X

edit sourcetype settings?

Splunk Agent Network Statistics

How to get the health status of a heavy (or universal) forwarder?

Indexing performance has slowed to a stop

Universal forwarder is not collecting events on Forwarded Folder of windows server

Can splunk Index data from an HTTP address

Splunk on-demand indexing of a file

Assign an index and sourcetype name different from forwarder in Indexers

Windows Server 2012 - Splunkd Service Access Denied

/var/log/messages associated with index host NOT the correct source host

Ruby SNMP CIM

Splunk WMI on Universal Forwarder

Parsing syslog, extracting all the basic fields, while setting correct timestamp - is it possible?

Splunk TCP input from python program

Universal Forwarder ParsingQueue KB Size

Cannot Login to Forwarder

Splunk VMware "logincreator.pl" returns error

How do I force IP address for host property instead of hostname

syslog parsing...

How do you increase maximum UDP log size?

Universal Forwarder not connecting to indexer

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions