Getting Data In

Discussions

Thread Info

Defining fields in transforms.conf

Splunk Version 4.0.11 I’m working on getting Splunk to consume “log” files that I have dumped from a SQL Server he...

by Builder in

Backloading events with no year in timestamp

I have some month old syslog data that I need to load into an indexer, but the timestamp doesn't have the year. Is th...

by Explorer in

Windows Universal Forwarder and WMI data

Hi All, I have installed the windows universal forwarder onto an XP machine which is forwarding it's data across t...

by Builder in

Deployment Server & Univeral Forwarder

Ok... I have a new installation of Splunk (v-4.2.4) up and running and am starting to use the deployment server. I...

by Contributor in

Timestamp parsing - Failed to parse errors

Hi, I have a log that contains large multiline events such as: ---- DS log entry made at 08/29/2011 11:03:00 *** L...

by Path Finder in

setting forwarder with a priority list of indexers

If i have 2 Datacenter sites, each with its own single indexer. Can I setup up my forwarders in site1 to forward to ...

by Explorer in

props.conf precedence

Hi Everyone, I'm having a little issue related with props.conf precedence. I want to apply a transforms stanza to ...

by Explorer in

indexers having very different volume usage

Hi, We have a single pool with two indexers. The indexers switch every 30 minutes so it is generally expected that...

by Engager in

Splunk ignores similar lines in an event

This seems to be a similar problem as what is happening in my other question, but it seems different enough to create...

by Explorer in

Indexing repeat key values

I'm new to splunk. We pre-process http logs and assign geo tags so those tags can be included in the index. One of th...

by Explorer in

How to send events over long-lived TCP connection?

Our application generates many small monitoring events. We are feeding these to Splunk by TCP. We would like to keep ...

by Explorer in

time format for results in en-US vs en-GB

I recently received a case about the following issue and since it has come up before on my cases i think it would be ...

by Splunk Employee in

How to monitor running applications on remote clients

I need to collect snapshots of what applications are actively running on remote clients in order to do a trend analys...

by Engager in

Input a CSV

I'm trying to index a .CSV, created by tasklist. CVS's headers and fields never get properly recognized and it ge...

by New Member in

Add monitor for filename with wildcard

I wanted to add a monitor for a file using an wildcard as part of the name as the file name will change daily. I adde...

by New Member in

How to disable Perfmon

I created a batch file to install the Splunk UF: msiexec /i splunkforwarder64bit.msi RECEIVING_INDEXER="SERVER NAM...

by Path Finder in

Configuring Distributed Indexes

Hi, I'm planning to use the deployment server to deploy configs to my indexers and use network storage for the col...

by Path Finder in

Consume Free-Form text

I have a help desk database in SQL Server that I want to export to log type files and have Splunk consume. I'm not ha...

by Builder in

Recreate an indexed 'source' file

Is there a way to extract the entire source file from the splunk index?

by Explorer in

Filtering the log using REGEX

I have following log. What will be the REGEX to index log containing line the line 'tomcat' trying to restart and sen...

by Path Finder in

Getting Data In

Discussions

Defining fields in transforms.conf

Backloading events with no year in timestamp

Windows Universal Forwarder and WMI data

Deployment Server & Univeral Forwarder

Timestamp parsing - Failed to parse errors

setting forwarder with a priority list of indexers

props.conf precedence

indexers having very different volume usage

Splunk ignores similar lines in an event

Indexing repeat key values

How to send events over long-lived TCP connection?

time format for results in en-US vs en-GB

How to monitor running applications on remote clients

Input a CSV

Add monitor for filename with wildcard

How to disable Perfmon

Configuring Distributed Indexes

Consume Free-Form text

Recreate an indexed 'source' file

Filtering the log using REGEX

Host value not being used as set during ingestion

Splunk eStreamer for FMC version 4.011 setup page...

Invalid key in stanza - kv_mode (value: xml)

TCP/SSL destination: Forwarder to third party app...

How to get the unicode/chinese character into kvst...