Getting Data In

Discussions

Thread Info

Best way to change the inputs.conf file of a universal forwarder from deployment server.

Can any one please let me know the best way to update the opt/splunkforwarder/etc/system/local/inputs.conf of univers...

by Communicator in

importing all the files available in a directory

Hi, Can any body tell me how to import all the files of a particular directory in splunk at one go ? next time if ...

by Contributor in

Have forwarder duplicating data to 2 indexes.

For some inputs on a forwarder, I want to send the same data to the same indexer, but duplicate it in 2 indexes (they...

by Communicator in

Data is not making to indexer

The Data forwarded by universal forwarder is not making to the indexer. There is no clue on splunkd.log file even. It...

by Communicator in

WinEventLog information from WMI isn't making it to the indexer.

All of my .conf files are setup correctly yet I still can't get any WinEventLog information via WMI into my indexer. ...

by Splunk Employee in

What is the correct syntax to have fschange search multiple directories?

Will the following work: [fschange:C:\Program Files\progam|D:\File\group] Should replace "|" with "OR",or shoul...

by Engager in

Transmission of historical "store-and-forward" data after target indexer failure

Hi All, I am currently designing a deployment with two Splunk "pods" in different data centres, each with two Inde...

by Builder in

where are source type names created?

I'm wondering if there are other locations than inputs.conf, props.conf that a sourcetype might be named/assigned. I ...

by Explorer in

How to index locally all incoming data and forward all input data in heavy forwarder

Hello, I have one heavy forwarder that receives data from some forwarders. After that, it indexes all those data, ...

by Contributor in

Indexing Throttling

A network socket process went bug-eyed today creating more than 7 million /var/log/messages events in 15min. The inde...

by Explorer in

Execute a script on the node itself

We have a splitted environment where we are using another tool to take care of typical monitoring like cpu, disk, mem...

by Path Finder in

how to index mutiple files

i am importing data into splunk by using Continuously index data from a file or directory this Splunk instance can ac...

by New Member in

CSV TImestamp Problem

Hello Folks, I have a csv file which has timestamp divided among various fields. (Initial 4 columns are shown) yea...

by New Member in

Not able to find REST endpoint for MySQL App to search the database

Hello, I have been using REST for basic searching and getting results from saved searches from splunk via splunk S...

by Engager in

List of sourcetypes with no data for past 7 days

I have a bunch of logs from a program that regularly updates local files with changes in network files, and I would l...

by Path Finder in

Simple field extractions not working in props

We are having an issue getting fields to work with this one application. If we move the props.conf to the etc/system/...

by Explorer in

gentoo unversal forwarder?

Which version of the universal forwarder - http://www.splunk.com/download/universalforwarder - do I use for Gentoo? I...

by New Member in

Best 'monitor' setup for firewall logs

Hey guys, Noob here; I wanted to know what you thought would be the best setup to use the monitor function in inpu...

by Path Finder in

linebreaking question - props.conf change at searchhead, forwarder or indexer?

I want to correct the linebreaking for my secure.txt file. Do I need to configure props.conf at the searchhead, in...

by Explorer in

Scripted Input timeout

Hypothetically, if I have a scripted input that takes 6 minutes to run, and I execute it every 5 minutes, what should...

by Path Finder in

Syslog from Cisco ASA directly into SPLUNK on Ubuntu 12.04 64bit Server

Hi all Let me preface this with. I am new to SPLUNK - I installed it 2 hours ago & I think it's great. I have trie...

by Explorer in

Scripted inputs fails on pooled search heads

I am trying to implement the Cisco IPS App on pooled search heads, but the scripted inputs are failing with the follo...

by Contributor in

Splunk Forwarder and Receiver Problem

Hi All, I am trying to setup a system where I need to get data from my storage server - Y onto splunk instance run...

by New Member in

Parsing appears to mangle part of a java stack trace

I have an odd problem with some of my stack traces, which I have never seen before. It appears the delimiting punctua...

by Explorer in

Timestamp format

Hi, I have log files which have timestamp format like 04/10/2012 07:50:09 - dd/mm/yyyy HH:MM:SS but indexer...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Best way to change the inputs.conf file of a universal forwarder from deployment server.

importing all the files available in a directory

Have forwarder duplicating data to 2 indexes.

Data is not making to indexer

WinEventLog information from WMI isn't making it to the indexer.

What is the correct syntax to have fschange search multiple directories?

Transmission of historical "store-and-forward" data after target indexer failure

where are source type names created?

How to index locally all incoming data and forward all input data in heavy forwarder

Indexing Throttling

Execute a script on the node itself

how to index mutiple files

CSV TImestamp Problem

Not able to find REST endpoint for MySQL App to search the database

List of sourcetypes with no data for past 7 days

Simple field extractions not working in props

gentoo unversal forwarder?

Best 'monitor' setup for firewall logs

linebreaking question - props.conf change at searchhead, forwarder or indexer?

Scripted Input timeout

Syslog from Cisco ASA directly into SPLUNK on Ubuntu 12.04 64bit Server

Scripted inputs fails on pooled search heads

Splunk Forwarder and Receiver Problem

Parsing appears to mangle part of a java stack trace

Timestamp format

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

Mimecast App to get Archive logs

Best Practices for Handling High-Cardinality Dimen...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...