Getting Data In

Discussions

Thread Info

recommended index sizes

hi guys - i have a stand-alone splunk server that i'm trying to size appropriately. we have a fixed 3TB volume to...

by Contributor in

File age/processing measurement

Have a set of directories that act as "holding" or "pending" directories for file transfer. Essentially we transfer t...

by Communicator in

data cloning

hi all, In splunk 4.3.3 if we clone the the views the copy of that XML is getting replicated. but if we want to...

by Communicator in

Splunk fails monitoring a log file...

I have a log file that is a text file. Splunk does not monitor this file because it finds it as a binary file. The fo...

by Motivator in

Receiving SNMP alerts without a Data Input configured

I am trying to stop indexing any SNMP traffic on UDP ports 161 and 162 and they are still coming in even though I do ...

by Path Finder in

Estimating Splunk storage requirements per input

In Splunk 4.1.5 we are attempting to estimate our storage requirements per input, with the ultimate purpose of splitt...

by New Member in

Splunk getting the hostname wrong from ESXi hosts

I have Splunk crawling a /logs directory, which is where it receives most of its data. (/logs is populated via syslog...

by Builder in

Troubleshooting Universal Forwarder on Linux

When I try to add my indexer to the configuration of my linux box where I have installed the universal forwarder, it ...

by Engager in

Frozen Time Period in seconds based on Sourcetype

Why cant I choose a source type of an index instead of the whole index to move my index data from the specific source...

by Builder in

Best way to debug indexing based on props.conf

Im having issues and I know its related to props.conf, but I have over 100 regexes and I dont want to test each one, ...

by Builder in

Why is the fschange monitor being deprecated?

The Splunk 5 release notes say the fschange monitor is being deprecated? Why is Splunk dropping one of the better sec...

by Builder in

delete command timesout and is very slow

I have old sources that were indexed in splunk. I'm trying to delete them but the | delete command is very slow and i...

by Explorer in

File path does not exist

I am facing problem with adding a remote file on a windows server. Keep getting 'File path does not exist' error mess...

by Communicator in

Best way to log to SPLUNK

Hello there, I am using the nlog logging framework for my C# applications. Does anybody know of a logging target s...

by Explorer in

listing the starting and ending time for a field value

hi, my log contains several users and i have to create a text report or a table listing the starting and ending time ...

by Builder in

How to get host name in syslog

I am sending data from forwarder to indexer to Heavy forwarder to syslog, in sylog I am getting Heavy forwarder host...

by Builder in

Techniques for limiting size of windows event logs

Hi, We currently have a number of servers that have the universal forwarder installed and set to forward to an Ent...

by New Member in

Problem indexing .sdf logs

Our enviroment consist of splunk light forwarder > intermediate forwarder > indexer. I'm trying to index the .sdf...

by Splunk Employee in

IIS Monitor causing tail errors on universal forwarder

I added this to my inputs.conf: [monitor://C:\WINDOWS\system32\LogFiles\W3SVC*\] disabled = false followTail = 0 r...

by Builder in

Indexing and extracting fields from IIS 7.5 logs

Hello I am having a difficult time getting Splunk to recognize fields from my IIS 7.5 logs. I know that there are man...

by Path Finder in

macros in Cisco ASA app don't seem to exist?

I am having issues with the following macros - [macros/conf-change] access = read : [ * ], write : [ admin, power...

by Communicator in

steps to get the scripted input of curl http request

what is the best way to get the data in using curl http://myhost/mylog.log

by New Member in

Can Heavy Forwarder perform remote WMI data collection?

My question is, can a Heavy Forwarder perform remote WMI data collection or this feature requires an Indexer? I ha...

by Communicator in

splunk-perfmon.path (sic?)

Hi, As I'm installing TA's on windows hosts, I see that the PerformanceMonitor source is specified as [script:/...

by Builder in

indexing the data

Hi all, while adding the input data to the splunk at final stage it has some three options as, 1.)Continuously ...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

recommended index sizes

File age/processing measurement

data cloning

Splunk fails monitoring a log file...

Receiving SNMP alerts without a Data Input configured

Estimating Splunk storage requirements per input

Splunk getting the hostname wrong from ESXi hosts

Troubleshooting Universal Forwarder on Linux

Frozen Time Period in seconds based on Sourcetype

Best way to debug indexing based on props.conf

Why is the fschange monitor being deprecated?

delete command timesout and is very slow

File path does not exist

Best way to log to SPLUNK

listing the starting and ending time for a field value

How to get host name in syslog

Techniques for limiting size of windows event logs

Problem indexing .sdf logs

IIS Monitor causing tail errors on universal forwarder

Indexing and extracting fields from IIS 7.5 logs

macros in Cisco ASA app don't seem to exist?

steps to get the scripted input of curl http request

Can Heavy Forwarder perform remote WMI data collection?

splunk-perfmon.path (sic?)

indexing the data

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Re-ingest Windows logs across enterprise

SC4S Syslog server update fails during download wi...

Event break multiline PowerShell Transcript Log

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Getting Data In

Are you a member of the Splunk Community?

Discussions