Getting Data In

Discussions

Thread Info

is it possible to use wildcards, and OR conditions, in sourcetype stanzas

I have successfully implemented basic wildcards in sourcetype stanzas as per the this post: http://splunk-base.splunk...

by Explorer in

Problem in Starting SPLUNK

I have an application in : C:\Program Files\Splunk\etc\apps\MyApplication\local In this path I have indexes.con...

by Contributor in

Need help to filter the top five sources

I need to find the top five sources. As Splunk displays as a default the top ten commonly used or found values. I nee...

by Explorer in

crcsalt for small files in same dir?

Dear all, quick question if I may. I am having a directory full of CSV files that I'm trying to index on a linux s...

by Explorer in

Splunk App for Web Intelligence: what should column names be for IIS log data?

I'm having a problem getting web intel app showing any results. I've investigated a bit, and think the problem is the...

by Explorer in

not work transforms

Based on config files(please see below) we transform file from .xml format to .csv. After the log been converted we s...

by Explorer in

splunk indexing the same files again and again and again and ...

I have a Splunk universal forwarder on a client machine. I have a deployed app that looks like this.. [monitor:/...

by Explorer in

UF on a machine with Compact Flash Card

I am wondering if there is a particular configuration for running the universal forwarder on a machine with limited r...

by New Member in

Splunk is not indexing log events that may have binary content

I have a source log that sometimes contains binary characters. Splunk is not indexing any events for this source type...

by Motivator in

Universal Forwarder install/config questions/regex

I have read through the many documentation articles but they are all so broken apart that it is hard to piece togethe...

by Explorer in

Index volume by host

Hello, i am searching for a CLI Search Command which gives me the result of the daily Indexed volume per Host. Whi...

by Explorer in

Moving away indexed files after indexing

Hello, I index files in a directory. The files are normally created for the sake of being indexed and do not chang...

by Communicator in

License issue about Filtering Data

Hi, Guys! I'm Splunk engineer  The Question is Associated with the Light forwarder and Indexer, When transferr...

by Path Finder in

How does the JOIN or single TRANSACTION work in same log file having multiple source types when we don't have a unique key or referential key?

Pleas Check Sample Data and Query link text

by Path Finder in

Edit manually created Source types

I recently added a log file to be monitored. It required me to define a custom source type in order to parse it. I no...

by Explorer in

timestamp not being handled properly

Hi, I'm having issues getting Splunk to properly recognize the date on some logfiles. The input is pretty simple: ...

by Champion in

Indexing Volume Limiting Strategies

For enterprise customers, what are your strategies for keeping a handle on the volume of data being logged to Splunk ...

by Communicator in

splunk processes

Hi, I want to add some monitoring to check that required splunk processes are running. On the indexer, I see the f...

by Champion in

Diagnosing Indexing Latency

I am monitoring logs across the LAN within the same datacenter. I have a single server indexer/splunk server. Windows...

by Communicator in

Data being indexed but unable to search

Ok so here is the issue, I have installed a forwarder on my Snort box to forward over the data to Splunk. It appears ...

by Path Finder in

How to delete specific event?

Hello, How can I delete some specific event in Splunk? For example, one log loaded in splunk with 50 events, and I...

by New Member in

Force agent to not send events before a given time

Hi *, I'm in development environment and I'd like to not receive all the old data from the agent. I have one se...

by Explorer in

[Forwarder] Data Filtering Issue

Hi,Guys And I'm splunk engineer. Project progress, issues arose data that should be filtered through a splunk for...

by Path Finder in

Universal Forwarder not displaying data on SplunkWeb on another server

We have two Linux servers using Splunk 5.0.1 on 64-bit. A full Splunk install (SplunkD and SplunkWeb). We created ...

by Path Finder in

Can I use backreferences in LINE_BREAKER?

I want to group consecutive lines starting with the same pattern. I know the TRANSACTION command can be used as well,...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

is it possible to use wildcards, and OR conditions, in sourcetype stanzas

Problem in Starting SPLUNK

Need help to filter the top five sources

crcsalt for small files in same dir?

Splunk App for Web Intelligence: what should column names be for IIS log data?

not work transforms

splunk indexing the same files again and again and again and ...

UF on a machine with Compact Flash Card

Splunk is not indexing log events that may have binary content

Universal Forwarder install/config questions/regex

Index volume by host

Moving away indexed files after indexing

License issue about Filtering Data

How does the JOIN or single TRANSACTION work in same log file having multiple source types when we don't have a unique key or referential key?

Edit manually created Source types

timestamp not being handled properly

Indexing Volume Limiting Strategies

splunk processes

Diagnosing Indexing Latency

Data being indexed but unable to search

How to delete specific event?

Force agent to not send events before a given time

[Forwarder] Data Filtering Issue

Universal Forwarder not displaying data on SplunkWeb on another server

Can I use backreferences in LINE_BREAKER?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

sc4s app_parsers don't seem to work

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!