Getting Data In

Thread Info

extremely slow Search head on windows 2008 R2 standard

Hi, is anyone out there having a Slow search and missed alerts on Search head. we have installed search head on 64 bi...

by New Member in

Controlling Forwarders, and "spam" into Splunk

We have a very large environment.. and with Splunk charging by the GB/day, we obviously have an interest in controlli...

by Communicator in

Truncate on a SplunkUniversalForwarder

One of my sources coming from a universal forwarder needs to have have it's truncate option set to 0. I have edited t...

by Explorer in

Deleting data inputs

Hi, I am new to splunk and when i add datainputs i was not known about the timestamp issue and later i explored it. w...

by Explorer in

Splunk syslog event count too low compared to kiwi syslog server on Windows platform

I have configured approx. 100 access points to send syslog events to both Splunk and to a kiwi syslog server I have s...

by New Member in

Under what situation would one monitor a rolled log file?

I've heard that Splunk recommends monitoring of rolled log files (eg. file.log.1, file.log.2, etc) under certain situ...

by Champion in

count uri_host hits including subdomains? Squid logs.

Hey Guys, Im trying to come up with some searches for our HR department. We sometimes have to present them with evide...

by Contributor in

Starting point of index

Hello, i would like to add a monitor for EventLog:Security. This EventLog contains many entries, and if i add it d...

by New Member in

HowTo pull logs into trusted network from a forwarder located in DMZ

Hello, I search a way to get realtime logs from DMZ-Zone into a Trusted Network, where the Indexer is located. A Fo...

by Explorer in

Change the index name of Splunk_CiscoFirewalls

instead of storing the cisco firewall logs into "summary" index. i would like to store in a index called "firewall". ...

by Path Finder in

WinEventLog filtering on indexer

Hello there, I have currently deployed Splunk in our network using SplunkLightForwarders and one central indexing ...

by Path Finder in

WinEventLog Security Regex

Hi Everyone, I have windows security event filter setup and working on my indexer. However I want to filter on thr...

by Explorer in

Replace before importing the data in splunk

by Contributor in

How to add host name in event ?

I am forwarding data from indexer to heavy forwarder How I can append host name in event (_raw) in indxer that will b...

by Builder in

JSON/Syslog and SPATH

Hi, I have JSON data being indexed from a syslog file i.e Nov 2 23:04:47 host1 /usr/local/bin/audit.rb[24503]:...

by Path Finder in

multiple delimeter in transforms.conf is not working

by Contributor in

Splunk_CiscoFirewalls, no data

Good Day, I first tried to use the Cisco Security Suite in anticipation of getting more Cisco devices but realized t...

by New Member in

Data Base Retention Adjustment

Hi All I want to set my Splunk server to keep logs active for 30 days then compress those logs, save it in another...

by New Member in

Scripted input stream mode

Hi, I've been looking at the documentation i.e http://docs.splunk.com/Documentation/Splunk/4.3.2/Developer/Scripte...

by Path Finder in

Indexer volume unbalanced

It seems like our indexers do not properly get distributed load in our cluster according to our volume report alerts,...

by Contributor in

md5, crcSalt, gzip, oh my!

Hello Splunkers - I'm having trouble figuring out how to make the following work. I get usage files from a popu...

by Engager in

Splunk's mechanism to detect files with the same content

The documentation says Splunk is creating a CRC hash of the first and last 256 bytes of a file in order to detect wea...

by Influencer in

duplicate log entries with crcSalt= and symbolic links

Hi. We are seeing duplicate logfile entries in our Search results with certain logfiles. It is happening in a directo...

by Path Finder in

Trouble re-creating sourcetype after delete

I created some incorrect logs with the command sourcetype="DS Logs" | delete I have can_delete permission, and...

by Communicator in

Total number if indexed volume for all hosts per day

I would like to generate a report that'll list all the indexes and indexed volume usage for all the servers in my env...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

extremely slow Search head on windows 2008 R2 standard

Controlling Forwarders, and "spam" into Splunk

Truncate on a SplunkUniversalForwarder

Deleting data inputs

Splunk syslog event count too low compared to kiwi syslog server on Windows platform

Under what situation would one monitor a rolled log file?

count uri_host hits including subdomains? Squid logs.

Starting point of index

HowTo pull logs into trusted network from a forwarder located in DMZ

Change the index name of Splunk_CiscoFirewalls

WinEventLog filtering on indexer

WinEventLog Security Regex

Replace before importing the data in splunk

How to add host name in event ?

JSON/Syslog and SPATH

multiple delimeter in transforms.conf is not working

Splunk_CiscoFirewalls, no data

Data Base Retention Adjustment

Scripted input stream mode

Indexer volume unbalanced

md5, crcSalt, gzip, oh my!

Splunk's mechanism to detect files with the same content

duplicate log entries with crcSalt= and symbolic links

Trouble re-creating sourcetype after delete

Total number if indexed volume for all hosts per day

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

s3 - Multiple directories data to be ingested into...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions