Getting Data In

Discussions

Thread Info

App deployment in Splunk 5.0 clustering from a master node

Is it possible to deploy an app from the Splunk master node /master-app/cluster/local to all the peer nodes ?

by Communicator in

Getting Data From TCP Port - I need to provide a Token in Order to Make The Connection

I have a requirement where in order for the remote machine to send data over the TCP connection to Splunk, it needs S...

by New Member in

NetFlow Integrator 3.1.0 with splunk 5.0.2 can't start

Hello, I'm new in splunk. Splunk with syslog works correct now. I try test netflow from cisco asa. I set netflow i...

by New Member in

How to force the host with syslog sourcetype

This is a common issue with the syslog sourceytype. By default it behave differently from the other inputs, the host ...

by Splunk Employee in

props. conf file help

Using [monitor://path] Stanza i need to monitor a folder which contains binary data. When i set the props.conf as, ...

by Contributor in

How to monitor a folder in Windows ? C:\Windows\assembly

I would like to monitor assembly folder in windows. Path :- C: \Windows \assembly I have set the inputs.conf in Un...

by Contributor in

SEDCMD to anonymize CC data isnt working

Hi, Ive been playing with the SEDCMD in my props.conf to anonymize CC data in a log. Originally I tried this:...

by Explorer in

Indexing only specific fields in an event

I want to index only specific fields like error status in an event and discard the rest. How do I set splunk to do th...

by Path Finder in

Inputs.Conf - Historical Logging - Chicken and the Egg?

I know that you can control the Universal Forwarder to grab historical event logs from Windows using "current_only = ...

by Path Finder in

Inputs.conf $decideonstartup

Anyone know why 5.0.1 UFs are reporting data in with host name of $decideonstartup. Looks like this setting was added...

by Path Finder in

To monitor a Folder in Windows Server ?

I need to monitor the Assembly folder in Windows Server : [monitor://C:\Windows\assembly] index=Assembly_monitor t...

by Contributor in

syslog priority/level not logged?

Is there any way to distinguish the various priorities/levels of syslogged messages when viewed from Splunk? I don't ...

by Path Finder in

Adavanced searches are too slow since they don't seem to make use of indexes

Hey folks, Long time Splunk fan here. Initially when we started using Splunk, our queries were simple, and so sear...

by Explorer in

Splitting sourcetype from a monitor input stanza

I am using a Universal Forwarder to monitor the following directories and files, but somehow it is not routing it to ...

by Path Finder in

Cisco IPS app not working - Error connecting to sensor

I've "configured" the Splunk for Cisco IPS application, but I'm getting the following back from the scripted input: ...

by Loves-to-Learn in

Have Alert on indexer send SNMP Traps to CA Spectrum network management server

I have an alert on my windows 2008R2 indexer that calls sendsnmptrap.cmd (see link to script below). My question is i...

by Path Finder in

TIme Zone in Splunk

Why time zone in Splunk 5.0.2 for Moscow (Russia) is +3? Must be +4!

by Engager in

$decideOnStartup Remote Perfmon

Hi Everyone. Perfmon logging used to work for me by placing what should have been in perfmon.conf into inputs.conf...

by Communicator in

DBX: when is the line "dbx-end-of-event" printed?

I have a database input configured: [dbmon-tail://spa/dwf_rdfdirector_r] host = spa index = emc interval = auto ...

by Explorer in

splunk netflow problem

the nfdump log timestamp is way off. The date is off by more than a month. Every entry is Nov 13 at 3 AM. I have conf...

by New Member in

TCP listener answered not all connections

I have the problem, that the TCP listener on indexer xxpu031 answered not all connections. In the TCP dump below, the...

by Explorer in

How can I use Netflow in Splunk when it's on a Windows Box without buying more software?

I'm in the middle of a POC of Splunk and would like to start putting my netflow data into it and be able to graphical...

by Explorer in

Explain param name="search"

can you pls explain tag,in all the examples they used index=_internal source=*metrics.log if i want to use .csv file...

by New Member in

Where does splunk store the logs?

we are in the process of investigating splunk for our IT datacenter. Does splunk store the old events that occure...

by Engager in

mapping headers to data in csv

I want to map headers to the data in the csv to search the fields as key=value pair, the sample log is shared below. ...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

App deployment in Splunk 5.0 clustering from a master node

Getting Data From TCP Port - I need to provide a Token in Order to Make The Connection

NetFlow Integrator 3.1.0 with splunk 5.0.2 can't start

How to force the host with syslog sourcetype

props. conf file help

How to monitor a folder in Windows ? C:\Windows\assembly

SEDCMD to anonymize CC data isnt working

Indexing only specific fields in an event

Inputs.Conf - Historical Logging - Chicken and the Egg?

Inputs.conf $decideonstartup

To monitor a Folder in Windows Server ?

syslog priority/level not logged?

Adavanced searches are too slow since they don't seem to make use of indexes

Splitting sourcetype from a monitor input stanza

Cisco IPS app not working - Error connecting to sensor

Have Alert on indexer send SNMP Traps to CA Spectrum network management server

TIme Zone in Splunk

$decideOnStartup Remote Perfmon

DBX: when is the line "dbx-end-of-event" printed?

splunk netflow problem

TCP listener answered not all connections

How can I use Netflow in Splunk when it's on a Windows Box without buying more software?

Explain param name="search"

Where does splunk store the logs?

mapping headers to data in csv

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions