Getting Data In

Discussions

Thread Info

Basic Windows Event filter via Universal Forwarder

I've seen various answers to this general area of questioning, but I'm wondering what the current best practice is. ...

by Engager in

Internet access is denied when the splunk service is stopped

I have just installed and setup splunk to pull my syslogs from my ASA 5510 firewall. All records are flowing correctl...

by Engager in

multiple timezone in syslog events

I am trying to extract the correct timezone and time from the syslog event below. Jun 28 17:32:44 10.xxx.xx.240 J...

by Communicator in

How to export > 10000 Events to a .csv via CLI with good performance?

Hello, in Splunk 3 we were exporting during night time via cronjob 1-hour chunks of data from the previous day via...

by Contributor in

dynamic sourcetype extraction problems

Hi all, I am trying to setup dynamic sourcetype extraction, but no luck. sample message has json: {"id":"someid",...

by Engager in

How to extract fields from a single file containing multiple sourcetypes, each with multiline events ?

My source file is like: ============================ App01trace 3 0 393222 0 19 148 8838300 4 0 458759 0 ...

by Splunk Employee in

No python.exe included with universal forwarder?

I have a need to import older Windows .evt files into my splunk environment. Since the splunk server is on linux I go...

by Path Finder in

"Latest Event" on main search dashboard 12 hours ahead?

I have a Prod and QA instance of Splunk with 2 forwarders. Prod is v4.1.4, QA is v4.2.2. Both of them show a "latest ...

by Path Finder in

How to selectively index and forward with filtering?

Is there a way to selectively index and forward by using filtering criteria such as hostname, sourcetype, or REGEX in...

by Path Finder in

Splunk Heavy Forwarder

Hi, Will Splunk support heavy forwarder in future or it's going to be decommitted? I'm asking because there are on...

by Path Finder in

What's the syntax for monitoring a local windows directory or file?

[monitor://C:\\program files\path\filename] doesn't seem to be working.

by Champion in

Forwarding and receiving pre setup

I have a simple Forwarding and receiving setup 2 servers forwarding into a 3rd. Once everything setup, the rec...

by Engager in

Making splunk act like tail -f $file

Hi, I'm trying to get Splunk to do the equivalent of a tail -f $file. Specifically what I'm trying to do is get th...

by Explorer in

Can I index WMI from a Splunk instance running on Linux?

I have many windows systems I want to grab WMI data from. I have Splunk installed on Linux and want to do WMI polling...

by Splunk Employee in

Expanding CSV to a Multi-Valued Field

I have a comma-separated list of 3 random values in a field called randlist (syslog-like entries): Jun 22 10:39:46...

by Path Finder in

Temporarily stop indexing

I would like to temporarily stop Splunk indexing for a couple hours while my QA group runs some volume/performance te...

by Communicator in

Splunk not indexing data

Hi, recently our splunk instance has not been indexing our data. All licenses are OK and we are not exceeding our ...

by Engager in

UniversalForwarder and Splunk 4.2.x on Search Head

How would you deploy 4.2.1 Splunk and Universal Forwarder on a Search Head node that is doing distributed search and ...

by Communicator in

Lock files on Windows server

Does Splunk lock the log file while we’re reading it? This would be on my Windows server IIS and Exchange.

by Engager in

Question about daisy chaining two indexers together

I have an instance where another group of people want to receive an exact copy of data that is indexed on my main Spl...

by Communicator in

Getting Data In

Discussions

Basic Windows Event filter via Universal Forwarder

Internet access is denied when the splunk service is stopped

multiple timezone in syslog events

How to export > 10000 Events to a .csv via CLI with good performance?

dynamic sourcetype extraction problems

How to extract fields from a single file containing multiple sourcetypes, each with multiline events ?

No python.exe included with universal forwarder?

"Latest Event" on main search dashboard 12 hours ahead?

How to selectively index and forward with filtering?

Splunk Heavy Forwarder

What's the syntax for monitoring a local windows directory or file?

Forwarding and receiving pre setup

Making splunk act like tail -f $file

Can I index WMI from a Splunk instance running on Linux?

Expanding CSV to a Multi-Valued Field

Temporarily stop indexing

Splunk not indexing data

UniversalForwarder and Splunk 4.2.x on Search Head

Lock files on Windows server

Question about daisy chaining two indexers together

WMI does not collect data from servers that do not...

How to troubleshoot Complex Heavy Forwarder Flows

Splunk Add on for McAfee DAM (Database Activity Mo...

Splunk Input from S3

How do I set the CRON job for scripted inputs so t...