Getting Data In

Thread Info

Traffic between forwarder and active directory

First time using splunk forwarder, sending local data and AD data to remote splunk receiver. We are finding that ther...

by New Member in

do i need a different license to install splunkforwarder?

do i need a different license to install splunkforwarder if i already have an enterprise license for splunk? also ins...

by Engager in

Is it possible to set a custom index for my batch stanza?

The inputs.conf.spec file do not indicate that index is a possible attribute for batch. Will it respect my custom ind...

by Champion in

Rest command from saved search

I'm trying to capture index disk utilization to a summary index using a rest command. The command is something like: ...

by Contributor in

UDP and TCP input behaving differently.

I have a setup with a specific sourcetype defined (rfc5424_syslog), which works fine over TCP, but when exactly the s...

by Explorer in

Exchange 2010 requirements to send logs

Hi, What are the requirements for exchange 2010 server to send logs? My current setup is Exchange Server---> Wi...

by New Member in

How exactly does one delete an App

So, if you want a delete an app in Splunk, you could always delete every view in that app. The app would live but the...

by Builder in

500 internal server Error and Windows winsock error 10055 (splunkd.log) after upgrading to 5.0.1

Windows winsock error 10055 after upgrading to 5.0.1 We have Windows 2k8 servers and 2k3 server for three search h...

by Splunk Employee in

FIM going away?

We've been told that the File Integrity Monitoring in Splunk is going away with future versions. Is there a replaceme...

by Engager in

Interface Monitoring possible with splunk?

Hello i have just a little question. We have 2 Ticket Systems in our Company. I'm searching for a programm, that m...

by Explorer in

perfmon for physicaldisk

[PERFMON:PhysicalDisk] interval = 15 object = PhysicalDisk counters = Disk Writes/sec; Disk Reads/sec; % D...

by Explorer in

Splunk Receiving Syslog Mesages via TCP or UDP

All, I'm going to configure Splunk to receive Syslog messages and have not yet decided which transport protocol I wil...

by Engager in

configuring timestamp

Hi, I have a number of logfiles that do not have timestamps. I am processing these logs with the univeral forwarde...

by Champion in

props.conf and transforms.conf

If I have created a number of extractions and they are all set to private, is there a quick way to change all these o...

by New Member in

3 credentials on one Splunk

Hi Splunk community ! I have an interesting question, in my network, I have workgroup PCs, DMZ PCs and domain PCs,...

by Explorer in

Configuring outputs.conf by location

I have two datacenters in two locations that will each have 2 Search Heads and 6 Indexers in them. I'd like to config...

by Engager in

2008R2 universal forwarder issue

I am rolling out the universal forwarders to my domain controllers. All was going well untill I started installing it...

by New Member in

WIndows Event Line Break

Have the following defined in my inputs.conf [WinEventLog:Security] disabled=0 start_from = oldest current_only ...

by Path Finder in

How set up forwarding on linux-to-linux

No firewall between forwarder A and indexer B. Both are Red Hat 2.6... /opt/splunkforwarder/etc/system/local/outpu...

by Explorer in

How to Parsing Apache Access Log ?

Hi, I have apache access log with this pattern: %h %t '%r' '%q' %s %b %D %S %U %v %{User-Agent}i {text:ip} ...

by New Member in

Moving /var/opt/splunk directory, does not result in query the metrics

In the log.cfg, I changed my directory of the $SPLUNK_HOME/var/log files destications. Now I am unable to query the *...

by Path Finder in

how to set a timestamp that is in brackets?

Hi, How would I set the timestamp for a feed that starts with the timestamp in brackets? How do I tell it to ignor...

by Champion in

How can we speed up JSON array lookup?

Hi, My JSON event is in this form: { TotalMemUsage : 887992, ProcMemUsage : [ { Name : "firefox", PID : 758, Us...

by New Member in

Splunk and IIS Sourcetypes

I keep all the IIS web sites in the following folder: D:\inetpub\LogFiles So the tree would look like this: D:\...

by Explorer in

Universal forwarder not connecting

I've been trying to set up a universal forwarder to send to Splunk, and it doesn't appear to want to connect. Here's ...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Traffic between forwarder and active directory

do i need a different license to install splunkforwarder?

Is it possible to set a custom index for my batch stanza?

Rest command from saved search

UDP and TCP input behaving differently.

Exchange 2010 requirements to send logs

How exactly does one delete an App

500 internal server Error and Windows winsock error 10055 (splunkd.log) after upgrading to 5.0.1

FIM going away?

Interface Monitoring possible with splunk?

perfmon for physicaldisk

Splunk Receiving Syslog Mesages via TCP or UDP

configuring timestamp

props.conf and transforms.conf

3 credentials on one Splunk

Configuring outputs.conf by location

2008R2 universal forwarder issue

WIndows Event Line Break

How set up forwarding on linux-to-linux

How to Parsing Apache Access Log ?

Moving /var/opt/splunk directory, does not result in query the metrics

how to set a timestamp that is in brackets?

How can we speed up JSON array lookup?

Splunk and IIS Sourcetypes

Universal forwarder not connecting

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions