Getting Data In

Discussions

Thread Info

How to filter event logs before indexing

Hello everyone. I am very new to Splunk and I am trying to filter logs before they reach the indexer. I literally hit...

by Explorer in

Splunk monitor mode query

i have indexed data from a directory in monitor mode ,and while checking the status of files being indexed i found an...

by Path Finder in

i want to convert my sample data to time stamp.

i have a raw data like 123::1312:3232::429384 and trying to included to my splunk ( to add data ) the last data 42...

by Communicator in

Forward specific index to a specific receiver

Hello, i have three index : A, B, C on my heavy forwarder and i want to forward to different receiver, example ...

by Communicator in

Determining which all files are already indexed in a directory which is being monitored by a monitor mode

Assuming we are indexing files in a directory which is in a monitor mode, then how to determine how many files are be...

by Path Finder in

location of configuration for inputs set up with installer windows based forwarder

We have set up universal forwarders on Windows. During the setup one can specify to monitor a specific folder and not...

by Motivator in

How to remove the duplicate logs or events?

I have this serch string source=/xxxx/log/xxxx/server.log ERROR and i got this: 2014-01-06 13:28:33,828 ERROR ...

by Path Finder in

Archive Signing

Hi, I am using a script for archiving logs from colddb to a desired location. I have used the coldToFrozenExample....

by Path Finder in

Splunk indexing using everyother fieldname

I am running into an issue with my transforms and props config files, my data is being logged properly to my index bu...

by Communicator in

Getting error "no logon servers available" when i try to log onto the windows machine

I have 2 splunk servers in completely separate environments. After a couple days when I try to logon to these servers...

by Splunk Employee in

Splunk went loco... reporting it indexed 250+ GB in half an hour when it didn't

Here's the long and short of it. My Splunk instance went nuts and said it indexed 250+ GB in a very short time. I sta...

by Path Finder in

"Splunk could not get the description for this event"

I am uploading evtx file(eventlog files) into a splunk(v5.0.2) manually without using forwarders. The events found in...

by Communicator in

Mysql Connector

I need splunk Mysql connector but i could not download from splnukbase, because no download button, only Request Info...

by New Member in

TAs with redundant perfmon inputs

We recently deployed the Splunk for Exchange app, and I just happened to notice that some perfmon information from th...

by Path Finder in

Is it possible to skip the default indexing in splunk?

Is it possible to skip the default indexing that happens in splunk. I would like to get the raw data back without ind...

by Explorer in

Rotating Data to Frozen After Time Period

What is the best way to rotate events into Frozen OR delete events that are older than 18 months? I can think of a...

by Communicator in

Where can I find my sourcetype definitions?

It's my understanding that sourcetypes are defined in props.conf and potentially transforms.conf. We have a source...

by Explorer in

Why is my Heavy Forwarder initiating TCP scans and sweeps

I'm getting alerts from my firewall that my Heavy Forwarder Unix box (only program that's installed) is initiating TC...

by Engager in

Instructions for Windows: I don't use Mac OS

If you go to: (Splunk Web Framework Overview) http://dev.splunk.com/view/web-framework/SP-CAAAER6 Getting Started ...

by Explorer in

How to track down a dishonest UF?

Splunk allows you to assign host, source, and sourcetype (metadata) to all indexed events. These can be setup statica...

by Super Champion in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Getting Data In

Discussions

How to filter event logs before indexing

Splunk monitor mode query

i want to convert my sample data to time stamp.

Forward specific index to a specific receiver

Determining which all files are already indexed in a directory which is being monitored by a monitor mode

location of configuration for inputs set up with installer windows based forwarder

How to remove the duplicate logs or events?

Archive Signing

Splunk indexing using everyother fieldname

Getting error "no logon servers available" when i try to log onto the windows machine

Splunk went loco... reporting it indexed 250+ GB in half an hour when it didn't

"Splunk could not get the description for this event"

Mysql Connector

TAs with redundant perfmon inputs

Is it possible to skip the default indexing in splunk?

Rotating Data to Frozen After Time Period

Where can I find my sourcetype definitions?

Why is my Heavy Forwarder initiating TCP scans and sweeps

Instructions for Windows: I don't use Mac OS

How to track down a dishonest UF?

How to fix MSSQL DB Connect Validation Error

How to run HF in autoscaling group in stateless mo...

Why did Paloalto URL-Filtering Logs size started g...

Azure Authentication Logs - Authentication Method ...

How to add setup parameters to a new shell input i...