Getting Data In

Discussions

Thread Info

Cannot filter WMI events to nullQueue in 4.2.x

I am sending some events to the nullQueue and it used to work in 4.0.x and 4.1.x, but now it is not sending any event...

by Splunk Employee in

Blank source and sourcetype?

I thought Splunk always assigned a source and at least guessed a sourcetype for ALL data. Why am I seeing data in ...

by Motivator in

Single events are combined into multi-line events

Hello, I have a log file that is being indexed and many of the lines show up combined into multi-line events howev...

by Explorer in

Configuring Apache log data forwarding

I have a linux web server (Ubuntu 10.04 x64) that I would like to forward apache log data from. I have installed the ...

by Engager in

When using volumes, does Splunk count only index files or others too?

Question regarding 4.2+'s abililty to put a maxVolumeDataSizeMB on an arbitrary path, call it a volume, and put index...

by Motivator in

Scripted Inputs via Separate Outputs

Is it possible to have two scripted inputs on a light forwarder (raw data) sent out to two different remote ports in ...

by Communicator in

Best way to toggle inputs?

Our developers send TRACE and DEBUG logs in massive quantities. They don't need them on 24/7. The test systems are no...

by Influencer in

Splunk Script repository collections ?

Hi Everyone, I'm new to Splunk world so I wonder if there is any Splunk code / script repository that is compiled ...

by New Member in

How can i configure input/output on universal forwarder

Hi I am using ubuntu OS on AWS and i have five servers. I used full spunk installation on first server and universal ...

by Explorer in

How to identify Lightweight Forwarders vs Universal Forwarders from Deployment Server?

I'm dealing with an environment of mixed Lightweight Forwarders and Universal Forwarders. How can I tell, without log...

by Motivator in

Forwarding logs from AIX to Splunk on Windows?

We have installed Splunk on Windows . We would like to forward log messages from AIX box to Splunk on Windows. Howeve...

by New Member in

Which input provides better performance batch or monitor

I'm looking to forward data collected via a lightweight forwarder. Which input provides better performance batch or m...

by Communicator in

WinEventLog:Security filtering does not work

Even after reading the documentation and a lot of posts here on answers, I just can't get filtering to work. I've rec...

by Explorer in

Good example of a working custom REST endpoint (but not an admin:* one)

I'm trying to piece things together from the restmap.conf docs, to get a working custom endpoint that I can use. Note...

by SplunkTrust in

Universal forwarder adds -root to servername?

As I don't know if this is a bug or intended I'll try to see if anyone know. When doing a new install of the unive...

by Engager in

Forwarding one instance to another

Hi, I have a splunk server setup on an internal network which has differing numbers of machines all using either s...

by Champion in

multiple fschange on the same files

Will this cause any issues, I would like to do [fschange:/etc] index = linux-security recurse = true followLinks =...

by Path Finder in

Perform: only give host name instead of FQDN

I have a splunk universal forwarder , The Perform can only give me the short host name. but at the same time WinEvent...

by Explorer in

CPU usage using the lightforwarder

I am using the light forwarder on AIX and running into high CPU usage (80-90% of a CPU). We tracked it down to using ...

by Path Finder in

Multiple Intermediate Forwarders (internal/external) for mobile clients

Does anyone know of any solution that will allow me to install a SPLUNK universal forwarder on a laptop and when the ...

by Path Finder in

Getting Data In

Discussions

Cannot filter WMI events to nullQueue in 4.2.x

Blank source and sourcetype?

Single events are combined into multi-line events

Configuring Apache log data forwarding

When using volumes, does Splunk count only index files or others too?

Scripted Inputs via Separate Outputs

Best way to toggle inputs?

Splunk Script repository collections ?

How can i configure input/output on universal forwarder

How to identify Lightweight Forwarders vs Universal Forwarders from Deployment Server?

Forwarding logs from AIX to Splunk on Windows?

Which input provides better performance batch or monitor

WinEventLog:Security filtering does not work

Good example of a working custom REST endpoint (but not an admin:* one)

Universal forwarder adds -root to servername?

Forwarding one instance to another

multiple fschange on the same files

Perform: only give host name instead of FQDN

CPU usage using the lightforwarder

Multiple Intermediate Forwarders (internal/external) for mobile clients

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!

Full Details! >

Admon duplicating logs

Read only the JSON section of each line in a monit...

Splunk Metrics

Cortex XDR Alerts into Splunk

ERROR JsonLineBreaker causes

Getting Data In

Discussions

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey.Earn $50 in Amazon cash! Full Details! >

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!

Full Details! >