Getting Data In

Discussions

Thread Info

Universal Forwarder not displaying data on SplunkWeb on another server

We have two Linux servers using Splunk 5.0.1 on 64-bit. A full Splunk install (SplunkD and SplunkWeb). We created ...

by Path Finder in

Can I use backreferences in LINE_BREAKER?

I want to group consecutive lines starting with the same pattern. I know the TRANSACTION command can be used as well,...

by Builder in

Stack trace data truncated when indexed. Search shows some data or punctuations missing.

We are running Splunk 4.3.4. Here is a sample stack trace from the server along with the results from a search fo...

by Splunk Employee in

AIX update to splunk 5 not doing anything

Hi, Have attempted to update to version 5 this morning and it's not doing anything... I've used truss to check all...

by Engager in

Windows event logs – Define the start time for event collection – do not want current_only OR all history

is there anyyway to define at what point in time windows event logs will start being collected by Splunk UF? We ha...

by Path Finder in

[Forwarder] Want to Get Official Splunk Universal Forwarder Setting Manual in AIX 6.1

Hi, Guys  Could you guys help me about -> give me some detailed manual? 1.AIX Detailed Setting Manual Docs. 2....

by Path Finder in

How do I pause indexing?

I would like to pause indexing when I reach 95% of my license. I have the Nagios check built, I just need the command...

by Path Finder in

Proper Splunk Indexer Replacement Procedure

I'm working on a procedure to move from an old indexer to a new indexer without losing any events. The configuration ...

by New Member in

SonicWall Viewpoint 6.0: export logs to Splunk via syslog (UDP port 514)?

I have configured this Windows Server 2008 software as indicated on this website: https://www.fuzeqna.com/sonicwal...

by Esteemed Legend in

Send Host with SNMP Trap

Need to be able to pass host from a syslog message in a trap outbound from Splunk. of the nice configured varbinds, h...

by New Member in

Splunk not indexing all data in a file

I have the splunk forwarder installed on my Snort box and have it pointed to my indexer. It is sending data over, but...

by Path Finder in

[Fowarder] In AIX 6.1 enviroment, Is it have a problem forwading universal forwarder?

Hi, Good Day  Guys, I have a Question about Splunk Enviroment. Unix OS AIX 6.1 Server in Vmware Env...

by Path Finder in

Getting Garbled Data while exporting the data in .csv format

Hi, When I am trying to export my Result in .csv it is coming garbled data for some of the fileds as those fields ...

by Contributor in

CSV Filter / Automated lookups issue. Need to NOT show items in CSV

Hi All, Relatively new to Splunk, but am making good progress. I have a unique situation. I have an ASA loggi...

by New Member in

ERROR TailingProcessor -Splunk not showing logs

I have defined input.conf under deployment server. [monitor://D:\SystemX] whitelist = \GenericService.log$ I ...

by Path Finder in

Host override issues

I am trying to override the host field based on an element in the source path. This is data that is being forwarded f...

by Explorer in

Change sourcetype/index after data is indexed from forwarder

We are in a bit of pickle currently trying to disassociate indexed data from a sourcetype that is currently tied to a...

by Builder in

splunk does not start and has indexing disabled

After starting splunk stops immediately with in splunkd.log 12-03-2012 16:16:26.414 -0800 ERROR IndexProce...

by Splunk Employee in

indexes.conf - Can multiple indexers save to same "cold" directory?

We have two indexers and a single search head: Splunk1 Splunk2 Splunkweb Both Splunk1 and Splunk2 have their own i...

by Path Finder in

Heartbeat for forwarder

Hi, I am trying to setup a heartbeat to know if our Splunk forwarders are working fine. From this forum, I found I...

by Path Finder in

listdown the sourcetype from the index

Hi all i used the below code..to list down the sourcetype of the main indx in the dropdown .. sources ...

by Communicator in

Indexing issues

Hey, I have a 16-core windows 2003 server running Splunk v4.3.1 which is used for both searching and indexing. On ...

by Motivator in

Some Single Line Messages Are Merged into a Single Event

I'm working with data that looks like this: QA4 :: 1354371771 :: 020_grid_progress :: M020_grid_progress :: a...

by New Member in

Delete a record conditional

How can I delete the older UPDATE_TIME record(record2). UNIQUE_ID, UPDATE_TIME・・・・・・ record1: 10001,2012/12/01,・・・...

by New Member in

Why are so many files being tracked because of this one monitor?

Copying everything exactly how it appears... I have this in my inputs.conf: [monitor:///opt/firewalker/data/*/*...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Universal Forwarder not displaying data on SplunkWeb on another server

Can I use backreferences in LINE_BREAKER?

Stack trace data truncated when indexed. Search shows some data or punctuations missing.

AIX update to splunk 5 not doing anything

Windows event logs – Define the start time for event collection – do not want current_only OR all history

[Forwarder] Want to Get Official Splunk Universal Forwarder Setting Manual in AIX 6.1

How do I pause indexing?

Proper Splunk Indexer Replacement Procedure

SonicWall Viewpoint 6.0: export logs to Splunk via syslog (UDP port 514)?

Send Host with SNMP Trap

Splunk not indexing all data in a file

[Fowarder] In AIX 6.1 enviroment, Is it have a problem forwading universal forwarder?

Getting Garbled Data while exporting the data in .csv format

CSV Filter / Automated lookups issue. Need to NOT show items in CSV

ERROR TailingProcessor -Splunk not showing logs

Host override issues

Change sourcetype/index after data is indexed from forwarder

splunk does not start and has indexing disabled

indexes.conf - Can multiple indexers save to same "cold" directory?

Heartbeat for forwarder

listdown the sourcetype from the index

Indexing issues

Some Single Line Messages Are Merged into a Single Event

Delete a record conditional

Why are so many files being tracked because of this one monitor?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions