Getting Data In

Discussions

Thread Info

Send data from file even if there is no change

I have a file in a directory, whose timestamp is changed everyday using "touch" command. The contents might change af...

by Communicator in

Time zone in TIME_FORMAT

Given this timestamp: 01/Mar/2011:17:25:49.666+0000 What is the right format? I'm leaning towards: TIME_FOR...

by Contributor in

Does it make sense to use SmartStore for all data except hot and warm?

We wonder about using SmartStore. Does it make sense to use it for all data except hot and warm data? Even if we end ...

by Motivator in

How to configure universal forwarder on Linux to send a log file to Splunk heavy forwarder?

Hi, I installed and configured UF on a Linux server to send syslog to Splunk HF. I am now trying to send an applicati...

by Contributor in

splunk datetime after January 2020

Hi, I want to know, I do not actually update my datetime.xml and I want to know if I update now for the data. Do I...

by New Member in

Override sourcetype for custom logs

Hi I am trying to override my current sourcetype to create multiple source types based on key matching patterns. But ...

by Path Finder in

How do i clone one sourcetype multiple times?

HI Currently i copy a sourcetypes with TRANSFORMS-CLONE and it works, example below. But i want to use TRANSFORMS-...

by Motivator in

How to increase the event size which is limited to 10000 in Splunk cloud ?

Hi, I am not able to fetch the full JSON payload using the scripted input in the Splunk cloud. Here, I have installed...

by New Member in

syslog server not receiving any events from a heavyforwarder. what could be the issue and how can it be resolved?

I setup syslog output forwarding per the Splunk docs, but am not seeing anything being sent out nor receiving it on t...

by Builder in

Count values delimited by "," in a field

Hi guys, I have the following exemple: Searching the "s" in Field B delimited by "," , my expected result is the ...

by Explorer in

Event: Show source loading ....

Hello, if I try to show the source of an event, splunk shows only "loading ...". I took care, that the result is f...

by Path Finder in

How to post to Http Event Collector with PHP?

All, Anyone ever post to HEC using PHP? Got a working example? Or see where I am going wrong? <?php $c...

by Builder in

Splunk for Nix packages output wrong?

All, I enabled the packages input on Splunk_TA_nix on my CentOS 7 box. I get 790 packages back. How ever when I g...

by Builder in

Re-index all lines of a CSV file after any change?

I have CSV files that are point-in-time snapshots of a configuration. If any part of the CSV changes, I'd like the co...

by Path Finder in

Why is the Universal forwarder executing regmon, powershells and others with out them being explicitly configured?

Hi, why is my UF on Windows executing various splunk-* tools without them beeing configured in any input? Every few m...

by Contributor in

How to setup universal forwarder on linux

Step by step setup for universal forwarder.

by Path Finder in

What is included in Linux syslog?

Hi, On Linux Splunk servers, my system admin set this record in remotesyslog.conf . @@syslog-zone40.uth.tmc.edu:15...

by Contributor in

HTTP Event Collector in a distributed environment with load balanced Heavy Forwarders

I have a pair of heavy forwarders that is load balanced by a round robin DNS record. I want to set them up as HTTP...

by New Member in

Has anyone indexed Azure Devops audit log?

Hi. It seems Microsoft has exposed the audit log for Azure DevOps, https://docs.microsoft.com/en-us/rest/api/azure...

by Contributor in

Index showing latest data as over a month ago but events are still coming in

Hi, I have recently started looking at .conf files and configuring them to log specific site data. After I ma...

by Explorer in

Getting Data In

Discussions

Send data from file even if there is no change

Time zone in TIME_FORMAT

Does it make sense to use SmartStore for all data except hot and warm?

How to configure universal forwarder on Linux to send a log file to Splunk heavy forwarder?

splunk datetime after January 2020

Override sourcetype for custom logs

How do i clone one sourcetype multiple times?

How to increase the event size which is limited to 10000 in Splunk cloud ?

syslog server not receiving any events from a heavyforwarder. what could be the issue and how can it be resolved?

Count values delimited by "," in a field

Event: Show source loading ....

How to post to Http Event Collector with PHP?

Splunk for Nix packages output wrong?

Re-index all lines of a CSV file after any change?

Why is the Universal forwarder executing regmon, powershells and others with out them being explicitly configured?

How to setup universal forwarder on linux

What is included in Linux syslog?

HTTP Event Collector in a distributed environment with load balanced Heavy Forwarders

Has anyone indexed Azure Devops audit log?

Index showing latest data as over a month ago but events are still coming in

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Capacity of HEC token

Log ingestion from fluentd

Remove XML elements via transforms (keep the tags)

Log ingestion Via HEC - Huge log volume

Changing data input (older data) for Splunk Add-On...

Getting Data In

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >