Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to configure props.conf using BREAK_ONLY_BEFORE?

I have the following data as a text file. Each event should run from the Date field until the next date field. I'm...

by Path Finder in

host_regex problem

Hi, I'm trying to parse the host from my logfile name, using host_regex, but it's not matching, and I'm unsure why...

by Champion in

Cisco IPS Error [errno="" 8]

I have been attempting to setup the Cisco IPS app for Splunk 6. However I am getting the following error in the sdee_...

by Path Finder in

Is it possible to stagger multiple checks in inputs.conf for a single app?

Hi all, I have an app that runs a small handful of scripts every 15 seconds. Instead of staggering the execution o...

by Communicator in

Send Windows Event Log Info To 2 Different Indexers

We have a strange set up in my company whereby we have separate application support team and infrastructure teams tha...

by New Member in

listing properties for a pre-trained sourcetype

Hi, Is there a way to list the properties for a pre-trained sourcetypes?

by Champion in

Getting Splunk to work with Syslog UDP 514

I've been reading and trying to figure this out. But i'm stomped. I configured a device to send syslog events to t...

by Explorer in

Output syslog to external system

So I setup syslog output forwarding per the Splunk docs, but am not seeing anything being sent out nor receiving it o...

by Communicator in

Internal logs forwarding to different group of indexers ?

Hi, I have a forwarder outputs configuration as below. [tcpout] defaultGroup = A_Indexers [tcpout:A_Indexers] ...

by Motivator in

Multiline field extractions

I have an event which looks like this" USERNAME HOME_DIR USER_INFO root /root ...

by Ultra Champion in

Should heavy forwarders have the same apps installed on them that are installed on the Splunk enterprise receiver?

Hi. I am working on a Splunk deployment that involves a Splunk enterprise receiver at the data center and heavy forwa...

by Communicator in

How can I see if events were truncated in Splunk 6.x?

Hi, In Splunk 5.x if events were truncated (e.g subsearch with more than 50000 events) there was a banner that say...

by New Member in

How to monitor Windows server and Oracle database server?

Hi ALL, I am new to splunk. I have a version 6.1 and i want to know how to monitor windows server and oracle datab...

by New Member in

How to Install Python SDK for Splunk on Windows Server 2008 R2 box?

Hi Splunk Community, I am attempting to install the Splunk SDK on a Windows Server 2008 R2 box, but I am having tr...

by Path Finder in

Transforming special characters in XML

I have an XML based source that has special characters defined. See below & & < < > > "...

by Builder in

Inputs.conf: Why is my file not getting picked up with my monitor configuration?

Hi, I have a file in the format /apps/logs/YYYY/MM/DD/system-hostname.log - so, /apps/logs/2014/06/30/system-pf-us...

by Champion in

Index and Analyze IBM Websphere heap dump in splunk

Hi, I have IBM Websphere heap dump file (.phd file). I want to index and analyze the same in Splunk.I tried to upl...

by Path Finder in

Add Remote Index to Heavy Forwarder

I have several heavy forwarders in my environment and when I configure data inputs on them, to get the forwarder to s...

by Path Finder in

what interface will be required to take data from API in C.

Hi I'm new to this, using trial version. By using C API, I'm getting the data and want to submit it to splunk. Can an...

by Engager in

Combine duplicate values from two search results

Hi, This question is slightly different from other related question. I have searched all the Splunk answers and co...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to configure props.conf using BREAK_ONLY_BEFORE?

host_regex problem

Cisco IPS Error [errno="" 8]

Is it possible to stagger multiple checks in inputs.conf for a single app?

Send Windows Event Log Info To 2 Different Indexers

listing properties for a pre-trained sourcetype

Getting Splunk to work with Syslog UDP 514

Output syslog to external system

Internal logs forwarding to different group of indexers ?

Multiline field extractions

Should heavy forwarders have the same apps installed on them that are installed on the Splunk enterprise receiver?

How can I see if events were truncated in Splunk 6.x?

How to monitor Windows server and Oracle database server?

How to Install Python SDK for Splunk on Windows Server 2008 R2 box?

Transforming special characters in XML

Inputs.conf: Why is my file not getting picked up with my monitor configuration?

Index and Analyze IBM Websphere heap dump in splunk

Add Remote Index to Heavy Forwarder

what interface will be required to take data from API in C.

Combine duplicate values from two search results

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Help with MSSQL JDBC driver incompatibility error?

How to configure Azure functions to pass the loggi...

Is it possible to send Jenkins custom logger to Sp...

Why do I receive SSL alert number 40 with selfsign...

Why am I unable to call HEC instance from Splunk C...