Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do you override "source" on a oneshot?

I'm using oneshot to do a one-time import of data: splunk add oneshot $(pwd)/mydata -sourcetype mytype -index main...

by Splunk Employee in

SUF sending to one port from many hosts, events overlap each other

IGNORE this question/problem. Bad search skills led to bad conslusion. About 30 Splunk Universal Forwarders se...

by Influencer in

Does the UF use props.conf and/or transforms.conf or not?

If I am reading http://splunk-base.splunk.com/answers/27373/universal-forwarder-and-propsconf-and-transformsconf corr...

by Explorer in

Why is the batch processor not honouring the metadata header?

Something's up with the batch processor. I send the following file to a sink and it doesn't set any of the metadata f...

by Communicator in

sourcetype=tcp-raw

I'm using a forwarder (regular) to forward TCP input to indexer. The events are being forwarded correctly to the inde...

by Explorer in

Preferred placement of files to be monitored (which inputs.conf)

My indexer is on Linux, but all the forwarders are on Windows. I've been putting the file names being monitored into ...

by Contributor in

SSL on universal, heavy, and splunk server?

Reading the questions that reference SSL certificates for splunk data I'm confused. If I simply use SSL to encrypt da...

by Engager in

Don't store "success" log entries

Is there a way to make it so Splunk will discard a log entry that comes in with a certain substring in the message su...

by Engager in

not indexing after cleaning eventdata

So i created an app folder... and indexes.conf .. and an inputs.conf to monitor a directory. I then restarted splu...

by Contributor in

extracting from logs before indexing to server

Hi Is there a way to extract a part of log event before it being indexed to splunk server for example Below is th...

by Path Finder in

How do I "watch" a specific log file and only send updates based on specific strings?

I need to watch log files for certain error strings only. Ideally this would be done on the machine that contains the...

by New Member in

Cannot figure Universal forwarder out

I have done 3-4 days of research and have been striking out. Here is the process that I follow. I install the univers...

by New Member in

Splunk API paging

I'm running into an issue with using the Splunk API and it only returning 30 records. I've searched the Splunk API, A...

by Explorer in

How do I read just one file in a app?

I want to be able to push down a single application which contains an inputs.conf to monitor files on a Oracle RAC sy...

by Path Finder in

Missing data - Splunk is showing random gaps in the 'indexed data' timeline and safeService warning in Splunkd.log

My Splunk instance is constantly indexing data 24*7, but I've noticed some gaps in the indexed data timeline recently...

by Communicator in

Checking multiple Regex against once sourcetype

I'm trying to define multiple REGEX for one sourcetype. Because the events can vary massively I need to have differen...

by Champion in

Massive unexpected Cold to Frozen execution ?

Problem summary: After Splunk update from 4.2 to 4.2.1, one (and only one) of the indexes started a warm to cold ...

by Path Finder in

SplunkUniversalForwarder & UDP transfer

Hey! Is it possible to configure SplunkUniversalForwarder to receive data by udp and send this data to indexer? Ho...

by Path Finder in

Is there a way to get Splunk to do oneshot indexing sequentially?

I have a large number of files (going by the thousands) that I only need to index once, and since I want to know when...

by New Member in

Ignored unique path file with crcSalt =

Having trouble with CRC, I set my inputs to use crcSalt = , which I understood would use the full path of the input, ...

by Path Finder in

Getting Data In

Discussions

How do you override "source" on a oneshot?

SUF sending to one port from many hosts, events overlap each other

Does the UF use props.conf and/or transforms.conf or not?

Why is the batch processor not honouring the metadata header?

sourcetype=tcp-raw

Preferred placement of files to be monitored (which inputs.conf)

SSL on universal, heavy, and splunk server?

Don't store "success" log entries

not indexing after cleaning eventdata

extracting from logs before indexing to server

How do I "watch" a specific log file and only send updates based on specific strings?

Cannot figure Universal forwarder out

Splunk API paging

How do I read just one file in a app?

Missing data - Splunk is showing random gaps in the 'indexed data' timeline and safeService warning in Splunkd.log

Checking multiple Regex against once sourcetype

Massive unexpected Cold to Frozen execution ?

SplunkUniversalForwarder & UDP transfer

Is there a way to get Splunk to do oneshot indexing sequentially?

Ignored unique path file with crcSalt =

Using Splunk Universal Forwarder and scripted inpu...

why Splunk is not able to index all the data from ...

Collect Perfmon counters data for ASP.NET & Paging...

Splunk eStreamer for FMC version 4.011 setup page...

Invalid key in stanza - kv_mode (value: xml)