Getting Data In

Discussions

Thread Info

load compressed files

Hi, as we know , before splunk eat a compressed file, splunk will decompress it first then index it. but, if w...

by Communicator in

Multiple Sources on a single host

I have a Splunk 4.1.7, build 95063 instance and am trying to pull logs from Informix DB on Solaris 10. So I had set t...

by Explorer in

Another Newbee Question...Searching Indexed Data

Totally new with Splunk. Have mercy on my soul!  I am trying to set up Splunk on my laptop as I am awaiting licen...

by New Member in

Agent vrs Forwarder?

Is a Splunk Agent the same as a Splunk Forwarder? Thanks, Ray

by New Member in

Change source name for exisiting data.

I tried out the option "source name override" when setting up a UDP data input to replace "UDP:514" with "mynetworkSy...

by Explorer in

Using transforms to divide monitor input to multiple indexes

I am trying to filter a log file coming in via a universal forwarder (both installs are 4.2) so that messages contain...

by Explorer in

splunk stopped forwarding...

I have a simple setup. A light forwarder, forwarder and an indexer. The light forwarder stopped working about 5 days ...

by Contributor in

Is there any sensitive data in the _internal index

Hi Splunkers, We have a macro here we're using to allow users to search their previous search history. It relies o...

by Explorer in

Where is my host data coming from?

I have about 50 forwarders in my environment. Somewhere I have screwed up, and included the same set of host data twi...

by Path Finder in

missing data in All Forwarders - Splunk Deployment App

We just updated to 4.2 on our splunk server, and I am in the midst of pushing the Universal Forwarder out to replace ...

by Engager in

When we need si* for summary indexing?

Is it necessary to use si* command for summary index and we need to make it as scheduled save? Since I recall the ...

by Path Finder in

Recognising individual events

A new type of log file has been added to an existing data input by amending the whitelist and blacklist. (new data in...

by Path Finder in

How can you tell the difference between a light forwarder and a full forwarder in Splunk's internal logs?

I have a forwarder that appears to be a LWF (SplunkLightForwarder app is enabled) however I am seeing messages about ...

by Motivator in

Windows logon reporting

History: Using splunk 4.2, and added the Windows App. I noticed there are some prebuilt searches, for instance log...

by Contributor in

Log file in /etc/log is reindexed resulting in duplicate events

I have Splunk monitor a log directory in /etc/log. The logs in this directory are updated and rotated. However, Splun...

by Splunk Employee in

Split views, adding date to incomplete timestamp, and more

Hello, I just started evaluating Splunk. So please apologize if I should ask for the obvious. My test case is a...

by New Member in

Cisco IPS works, but it does not transfer events to Splunk

Hello everybody, We have four Cisco ipsen. As described in the manual, the Cisco IPS Addon was installed. The Cisc...

by New Member in

no_appending_timestamp behaviour for splunktcp source

Scenario: I want to forward syslog data using a splunk universal forwarder. However, when it gets to the central splu...

by Explorer in

After upgrading to 4.2 Failed to start splunkweb service

Upgrade from 4.1.x to 4.2, when I try to start Splunk Splunkd starts but splunkweb fails with the following message: ...

by Splunk Employee in

How to restart windows universal forwarder?

How do you restart the windows universal forwarder after a post-install change in the configuration?

by Explorer in

Getting Data In

Discussions

load compressed files

Multiple Sources on a single host

Another Newbee Question...Searching Indexed Data

Agent vrs Forwarder?

Change source name for exisiting data.

Using transforms to divide monitor input to multiple indexes

splunk stopped forwarding...

Is there any sensitive data in the _internal index

Where is my host data coming from?

missing data in All Forwarders - Splunk Deployment App

When we need si* for summary indexing?

Recognising individual events

How can you tell the difference between a light forwarder and a full forwarder in Splunk's internal logs?

Windows logon reporting

Log file in /etc/log is reindexed resulting in duplicate events

Split views, adding date to incomplete timestamp, and more

Cisco IPS works, but it does not transfer events to Splunk

no_appending_timestamp behaviour for splunktcp source

After upgrading to 4.2 Failed to start splunkweb service

How to restart windows universal forwarder?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Cross app enrichment

Forwarding on-prem data to splunk cloud with unive...

Does anyone implemented an IoT devices for motorcy...

Onboard unknown source SC4S

CLONE_SOURCETYPE not honoring REGEX?

Getting Data In

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >