Getting Data In

Discussions

Thread Info

Indexer missing events from forwarder

Scenario: 1x load balancer, 2x light forwarders, 1x indexer. The goal is to make it possible to reboot a sing...

by Explorer in

Printer logs

Hello, Is there any manual, where i can see how to collect print logs from remote machine? The printer from which i h...

by Explorer in

Changed Index Databse path - manager still shows old paths?

I changed the path the index database should be store at with with the Manager>System settings>general Settings > ind...

by Path Finder in

File based statistics collection which have events covering large windows of time.

I have a scheduled search that create statistics based on individual files. These searches run once per hour. ie. ...

by Motivator in

Do not see syslog data in Splunk

I am trying to send syslog data and logs from an ftp server using ports: 514,5151, and 2001. I made sure that the ser...

by New Member in

How to execute perl script in splunk

Hi, Please help me to execute my perl script through splunk. I dont know where to keep that script and how to exec...

by Contributor in

1 Splunk server that indexes, but also duplicates raw data to 3rd party syslog

We currently run 1 Splunk server that indexes all our data and whatnot, however there are requirements now that a 3rd...

by Builder in

Why does the REST endpoints only show data from the Search app?

I have created a new app with many saved searches. And I have created a new view in this app. In this view I have cre...

by Path Finder in

indexThreads: 24 cores , indexthread auto set to 8? Can we increaes it

I have a system with 12 cores, (24 with hyperthreading). Splunk is setting the indexThread value to 8: index="_int...

by Path Finder in

indexThreads is set to auto how many threads does that mean?

How can I tell how many threads have been allocated using the auto tune setting of indexThreads? --snip from index...

by Splunk Employee in

difference between per_index_thruput and per_host_thruput?

Volume when calculating per_index_thruput and per_host_thruput. However, when calculated as per_index_thruput and ...

by Communicator in

Long running summary search and info_max_time vs info_min_time

I'm running a summary search to calculate stats over 7 days. The summary is setting the timestamp as info_min_time. H...

by Champion in

how can I force splunk read file line by line

I have a big file about 17G,when I input it as a file,splunk treat some record as multi-line. The file is UTF-8 Unico...

by Communicator in

Question on Indexed data getting deleted

Hello Guys, I have these very huge problem of indexed data getting deleted. Basically i am doing following steps. ...

by New Member in

Segregate data from syslog

Hi, We would like to know how to segregate the content of a syslog in different sources or source types. For example,...

by New Member in

Forward data into 3rd party systems using index instead of host?

Good day i Read this document regarding to the forward data to third-party systems http://docs.splunk.com/Docum...

by Path Finder in

Hardware load balancer between indexer and forwarder instead of auto-lb config?

Hello. I'm working to create some forwarders in our DMZ to relay data from the DMZ to our internal indexers (curre...

by Builder in

splunk behind a revproxy

Hello, My setup: remote server: -I have a universal forwarder setup on a GlassFish server. splunk server (Sp...

by New Member in

Universal forwarder monitor clean files

In monitoring a file, it can get very large as the application creating the syslogs adds to it. The there any facilit...

by New Member in

Mystery Universal Forwarder

This may sound silly, but we don't have the ability to see how some of our Universal Forwarders (UFs) are configured....

by Contributor in

create index that keeps data by date, not size?

I have many indexes in my environment, which all have a maximum size set. However, we would like to instead keep data...

by Path Finder in

forwarding syslog data via UDP to 3rd party server. splunk docs instructions not working

I tried the following and it did not work - http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Forwarddata...

by Communicator in

how to search host volume in index

Hi I want to search several host include in indexes. last 24hour index name is a_1, a_2, a_3.... how to sear...

by Communicator in

Adding ESX hosts to an existing Splunk server

Hi, I've inherited a splunk server that was setup to receive to vmkwarning files from around 20 ESX hosts. Rece...

by New Member in

nullqueue or nullQueue ?

I saw this in transforms.conf : should if be nullQueue or nullqueue ? [send_to_nullqueue] DEST_KEY = queue REGEX ...

by Splunk Employee in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Indexer missing events from forwarder

Printer logs

Changed Index Databse path - manager still shows old paths?

File based statistics collection which have events covering large windows of time.

Do not see syslog data in Splunk

How to execute perl script in splunk

1 Splunk server that indexes, but also duplicates raw data to 3rd party syslog

Why does the REST endpoints only show data from the Search app?

indexThreads: 24 cores , indexthread auto set to 8? Can we increaes it

indexThreads is set to auto how many threads does that mean?

difference between per_index_thruput and per_host_thruput?

Long running summary search and info_max_time vs info_min_time

how can I force splunk read file line by line

Question on Indexed data getting deleted

Segregate data from syslog

Forward data into 3rd party systems using index instead of host?

Hardware load balancer between indexer and forwarder instead of auto-lb config?

splunk behind a revproxy

Universal forwarder monitor clean files

Mystery Universal Forwarder

create index that keeps data by date, not size?

forwarding syslog data via UDP to 3rd party server. splunk docs instructions not working

how to search host volume in index

Adding ESX hosts to an existing Splunk server

nullqueue or nullQueue ?

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Splunk VMware OVA for ITSI vs Splunk OVA for VMwar...

How to Execute a Python Script via a Button and Di...

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

Configuring Splunk OTel Collector for Linux/Window...