Getting Data In

Discussions

Thread Info

Mixed one-line and multiline events

On remote host I have a log file which contains mixed one line and multiline events in the following format ERR...

by Explorer in

Line breaker to break the events

Below is the app log content and the configuration parameters in props.conf. Not sure what is going wrong.. Output is...

by New Member in

Where are Persistent Queues Stored in Splunk 4.2.x

Prior to Splunk 4.2 I used to be able to set the location of Persistent Queues using persistentQueuePath = in outputs...

by Splunk Employee in

how to define persistent queues path?

I'm using persistent queues in a Heavy Forwarder (like this) with Splunk 4.3.x I was searching on how to define th...

by Communicator in

Top level monitor wildcard Linux

I am working in an environment with an unfortunate naming standard. Essentially on ever app server the path to common...

by Splunk Employee in

The executable splunk-regmon.exe just keeps eating up more and more memory.

I had to “End Process” when it had used 1.2G of my RAM. I am running version 5.0 ... Something configured incor...

by New Member in

SUF: "Could not read CowPipelineData from the persistent store"

One of my forwarders is blasting the subject message into my internal index at an alarming rate. What's it mean? What...

by Influencer in

Stream the log files

Hi, I am new to the splunk. I installed splunk on my windows 7 machine and trying to monitor the log files. I just...

by New Member in

Only Filtering for Interesting Event Logs

Is there a way to express a series of exclude filters as variable in a search? What I want to do is create a searc...

by Explorer in

Splunk Data Block Signing

Is there a way to enable data block signing WITHOUT losing all your data? I would like to enable this as stated here:...

by Communicator in

Transforms.conf and Props.conf to filter WMI security eventlog

I have a brand new Splunk 5 installation I am trying to get working with some filtering. Right now I have one remo...

by New Member in

multiline event breaking issue

My log file is like this: StartEvent 01 some data 001 some data 002 some data 003 some data 004 EndEvent 01 StartE...

by Explorer in

Queue up thousands of searches from CLI?

I would like to queue up a large number of unique searches (approximately 500,000) to be run from the command line in...

by Explorer in

Universal Forwarder Failed to Install

Hello, Trying to install the Splunk Universal Forwarder onto my Windows 2003 Server. I am using the Administrator ...

by New Member in

Splunk not indexing the entire file.

I have a new 5.0 splunk server that is the indexer and search head. I have one forwarder sending logs. All is working...

by Path Finder in

Problem of indexing data in indexer

Hello , I get a problem of indexing data in indexer. I have a file test.csv. When i monitored it locally in indexe...

by Contributor in

UniversalForwarder fails to connect with "No connection could be made because the target machine actively refused it"

Hello I have multiple client UFs sending to an intermediary UF, which then forwards to an indexer. Sporadically, t...

by Path Finder in

search filter not working (or I don't understand filtering)

I'm reading syslog data and have a netfilter (iptables) firewall that logs entries that start with FW_. When doing a ...

by New Member in

Splunk REST API Connection Refused after upgrading to Splunk 5

I know this is probably something simple, but for some reason after upgrading my local instance of splunk to version ...

by Path Finder in

Parsing dynamic fields when indexing from script?

I'm new to splunk and I'm trying to import some data from a database that I'd like to have indexed by Splunk. I have ...

by Engager in

setting the default date format for events

I have a date in my input files 08-11-12, This date could be August 11. 2012, or (as is the case) November 8. 2012, a...

by Contributor in

many events for each user - how to see only one event from each user?

Hello together, i would like to see in a search the amount of affected user. Sometimes there are more events relat...

by Path Finder in

Scom integration to Splunk

Hi, What is the actual process by which the events are 'forwarded' into splunk. The ps1 script gets events and doe...

by Explorer in

Timestamp format for 12-HR format

9/12/12 2:25:57.000 PM Hi all, Above is my timestamp and I'm using "%d/%m/%Y %H:%M:%S %p" The format that I ...

by Explorer in

Accessing metadata from the format option in transforms.conf

Functionally, here's what I am looking to do. I want to take the host (NJROS1BVA0597), append the source type (VM88 o...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Mixed one-line and multiline events

Line breaker to break the events

Where are Persistent Queues Stored in Splunk 4.2.x

how to define persistent queues path?

Top level monitor wildcard Linux

The executable splunk-regmon.exe just keeps eating up more and more memory.

SUF: "Could not read CowPipelineData from the persistent store"

Stream the log files

Only Filtering for Interesting Event Logs

Splunk Data Block Signing

Transforms.conf and Props.conf to filter WMI security eventlog

multiline event breaking issue

Queue up thousands of searches from CLI?

Universal Forwarder Failed to Install

Splunk not indexing the entire file.

Problem of indexing data in indexer

UniversalForwarder fails to connect with "No connection could be made because the target machine actively refused it"

search filter not working (or I don't understand filtering)

Splunk REST API Connection Refused after upgrading to Splunk 5

Parsing dynamic fields when indexing from script?

setting the default date format for events

many events for each user - how to see only one event from each user?

Scom integration to Splunk

Timestamp format for 12-HR format

Accessing metadata from the format option in transforms.conf

Harnessing Splunk’s Federated Search for Amazon S3

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Getting Data from Splunk Observability into Splunk...

UF

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

Configuring Splunk OTel Collector for Linux/Window...