Getting Data In

Thread Info

Trying to override a syslog UDP sourcetype based on a host naming convention; not working

I've read many threads and tried multiple examples on this and am getting nowhere. first some history on the issue: ...

by Contributor in

Lookup- subnet matching in csv to autolookup in multiple indexes

Hey Guys, I am still figuring out the lookup feature. I have checked the previous question but couldnt get a way o...

by Engager in

Reading WindowsEvent logs from UNC path

Hi, I have some issues with setting up Splunk to read a WindwsEvent file stored on a network share. It seems like ...

by Explorer in

iso 27001 27002 report generation

how can I generate iso 27001 27002 report ? Thank you !

by Communicator in

Splunk, filter events for some users but discard it if the event contain specific field

i have configured transforms.conf like this: [setnull] REGEX = . DEST_KEY = queue FORMAT = nullQueue [setparsing]...

by Explorer in

How do I set retention for an index to 30 days?

Hi, I am trying to configure retention period for an index. I want to archive (compress) the indexed data after...

by Motivator in

Splunk stop indexing after restart

Hi, After I restart splunk, Log files doesn't get indexed. Any idea how can I overcome this issue? I tried...

by New Member in

how to 'tail' the input that is being sent to indexer

Hi Is it possible to tail the log files and send to indexer rather than sending one file as such. To make it cl...

by Path Finder in

enabling rest api access

Hi, I have a customer who would like to interact with Splunk, via REST. How do I enable an account to have REST ac...

by Champion in

FilterType=whitelist, blacklisting not working

We're trying to exclude a machine from receiving an app through the Deployment server. In the serverclass "Windows In...

by Contributor in

About Summary Indexing

Good day! May i ask you guys a favor can you tell us on how we can use Summary indexing or how to configure it? i ...

by Path Finder in

Forwarder missing log rotation

I have noticed that some forwarders are not sending all of the log files. The log files are rotated hourly and I can ...

by Path Finder in

UDP droppage because of ext4 filesystem:

I have been having an issue where one of my 2 log servers have dropping a tremendous amount of UDP packet data (from ...

by Contributor in

Sharding an index on shared storage for load balancing

Goal: Load balance across two indexers writing to the same location on a NetApp Filer (NFS) 2 IndexersMultiple For...

by Motivator in

rsyslog -> splunk UDP port 515

Hi, I already have a syslog receiver (rsyslogd) that receives ALL syslog messages from our environment. I configured ...

by New Member in

Is there a limit on the number of files a forwarder can monitor?

Is there a limit to the number of files an Universal Forwarder can monitor? When should I install multiple Universal ...

by Path Finder in

How to Filter Null Records in Report

Hi All, How to Filter Null Records in Report. Please find the Below Search and Report. sourcetype="informatica"...

by New Member in

SNMP Traffic from windows to Splunk

Hello Everyone, just after some help with Splunk and Windows SNMP data collection, ive had a bit of a read on here an...

by Explorer in

Log Filtering Performance Metrics or Performance Issues

Hi, I have an open question about splunk "log filtering" performance. Is there any document or technical report me...

by Explorer in

Filtering application log

I am new to this Splunk...I have universal forwarder installed on my two linux machine and successfully forwarding ap...

by Path Finder in

WMI:FreeDiskSpace returns information about the CD-ROM drive on the server

I am using the following wmi query to gather free disk space info on a Windows 2008 R2 server. The problem I have is ...

by Path Finder in

Windows app indicates "not set up" after upgrading from 4.0.1 to 4.3.3

After upgrading Splunk from 4.0.1 to 4.3.3 and installing the most recent Windows app, the windows app will first sta...

by Splunk Employee in

Why does indexer use only one core?

Hi. We have a distributed environment with a total of two indexers. These run on 12-core machines. After upgrading to...

by Path Finder in

what logs for active directory and exchange

our customer has password issues between active directory and exchange, what are log file names between each applicat...

by New Member in

Timestamp setting

Hey, I have an index where each event starts with a UTC timestamp. It is using this UTC timestamp for the _time fi...

by Motivator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Trying to override a syslog UDP sourcetype based on a host naming convention; not working

Lookup- subnet matching in csv to autolookup in multiple indexes

Reading WindowsEvent logs from UNC path

iso 27001 27002 report generation

Splunk, filter events for some users but discard it if the event contain specific field

How do I set retention for an index to 30 days?

Splunk stop indexing after restart

how to 'tail' the input that is being sent to indexer

enabling rest api access

FilterType=whitelist, blacklisting not working

About Summary Indexing

Forwarder missing log rotation

UDP droppage because of ext4 filesystem:

Sharding an index on shared storage for load balancing

rsyslog -> splunk UDP port 515

Is there a limit on the number of files a forwarder can monitor?

How to Filter Null Records in Report

SNMP Traffic from windows to Splunk

Log Filtering Performance Metrics or Performance Issues

Filtering application log

WMI:FreeDiskSpace returns information about the CD-ROM drive on the server

Windows app indicates "not set up" after upgrading from 4.0.1 to 4.3.3

Why does indexer use only one core?

what logs for active directory and exchange

Timestamp setting

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions