Getting Data In

Thread Info

First appears to be broken on my search

I have a search tracking users logging into our juniper vpn sourcetype="SSLVPN" Action="- Login succeeded" |eval U...

by Engager in

Cisco SNMP Incorrect Time Indexed

Hi all, I am pulling in SNMP polling data from some Cisco devices via shell scripts in Splunk. This all works fine...

by New Member in

returns both time and date together

Hi, Using _time we will get the time of the event. so by using earliest(_time), time is produced as the result. is th...

by Builder in

monitoring syslogd - not indexing multiple "local" folders

All - any help would be appreciated on this! I've installed a universal forwarder onto a system that has an older ...

by Motivator in

Logging in splunk

Hi Anyone know how to change the default log location of splunk logs in splunk indexer and universal forwarder ple...

by Path Finder in

Universal forwarder for local logs monitoring

Hi, I currently installed splunk on linux machine and I wanted to monitor the logs on the same machine. Should I u...

by New Member in

Searching/Monitoring 100s of Excel files...

Hey all, I understand splunk doesn't read in an excel file unless its converted to csv or plain text but wanted to se...

by Splunk Employee in

JDBC Scripted input

I am using this app for querying database (Sql server logs). I have completed all the steps in read.txt file provided...

by Explorer in

Rename host field in event

My events have a field like this: host=192.168.0.0:8080 I would like to leave the default host field that splun...

by Path Finder in

Mixed one-line and multiline events

On remote host I have a log file which contains mixed one line and multiline events in the following format ERR...

by Explorer in

Line breaker to break the events

Below is the app log content and the configuration parameters in props.conf. Not sure what is going wrong.. Output is...

by New Member in

Where are Persistent Queues Stored in Splunk 4.2.x

Prior to Splunk 4.2 I used to be able to set the location of Persistent Queues using persistentQueuePath = in outputs...

by Splunk Employee in

how to define persistent queues path?

I'm using persistent queues in a Heavy Forwarder (like this) with Splunk 4.3.x I was searching on how to define th...

by Communicator in

Top level monitor wildcard Linux

I am working in an environment with an unfortunate naming standard. Essentially on ever app server the path to common...

by Splunk Employee in

The executable splunk-regmon.exe just keeps eating up more and more memory.

I had to “End Process” when it had used 1.2G of my RAM. I am running version 5.0 ... Something configured incor...

by New Member in

SUF: "Could not read CowPipelineData from the persistent store"

One of my forwarders is blasting the subject message into my internal index at an alarming rate. What's it mean? What...

by Influencer in

Stream the log files

Hi, I am new to the splunk. I installed splunk on my windows 7 machine and trying to monitor the log files. I just...

by New Member in

Only Filtering for Interesting Event Logs

Is there a way to express a series of exclude filters as variable in a search? What I want to do is create a searc...

by Explorer in

Splunk Data Block Signing

Is there a way to enable data block signing WITHOUT losing all your data? I would like to enable this as stated here:...

by Communicator in

Transforms.conf and Props.conf to filter WMI security eventlog

I have a brand new Splunk 5 installation I am trying to get working with some filtering. Right now I have one remo...

by New Member in

multiline event breaking issue

My log file is like this: StartEvent 01 some data 001 some data 002 some data 003 some data 004 EndEvent 01 StartE...

by Explorer in

Queue up thousands of searches from CLI?

I would like to queue up a large number of unique searches (approximately 500,000) to be run from the command line in...

by Explorer in

Universal Forwarder Failed to Install

Hello, Trying to install the Splunk Universal Forwarder onto my Windows 2003 Server. I am using the Administrator ...

by New Member in

Splunk not indexing the entire file.

I have a new 5.0 splunk server that is the indexer and search head. I have one forwarder sending logs. All is working...

by Path Finder in

Problem of indexing data in indexer

Hello , I get a problem of indexing data in indexer. I have a file test.csv. When i monitored it locally in indexe...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

First appears to be broken on my search

Cisco SNMP Incorrect Time Indexed

returns both time and date together

monitoring syslogd - not indexing multiple "local" folders

Logging in splunk

Universal forwarder for local logs monitoring

Searching/Monitoring 100s of Excel files...

JDBC Scripted input

Rename host field in event

Mixed one-line and multiline events

Line breaker to break the events

Where are Persistent Queues Stored in Splunk 4.2.x

how to define persistent queues path?

Top level monitor wildcard Linux

The executable splunk-regmon.exe just keeps eating up more and more memory.

SUF: "Could not read CowPipelineData from the persistent store"

Stream the log files

Only Filtering for Interesting Event Logs

Splunk Data Block Signing

Transforms.conf and Props.conf to filter WMI security eventlog

multiline event breaking issue

Queue up thousands of searches from CLI?

Universal Forwarder Failed to Install

Splunk not indexing the entire file.

Problem of indexing data in indexer

Holistic Visibility and Effective Alerting Across IT and OT Assets

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

Palo alto Strata logging service logs

Akamai add-on logs are not populating.

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...