Getting Data In

Discussions

Thread Info

Universal Forwarder to monitor Windows Event Logs

Hi, This is probably very basic, but I'm not sure where the actual log file sits for Windows Event Logs. Tryin...

by Communicator in

Windows 2008 Server Event Viewer Logs

In the Server 2008 Event Viewer there are now a "Microsoft --> Windows" folders nested under the "Applications and Se...

by Communicator in

need props.conf for custom log

I have a custom log in the format where each new record has a entry followed by a pipe (|) example log: ...

by Explorer in

Can I specify TimeZone (TZ) by Index?

In my props.conf I know I can change: $SPLUNK_HOME/etc/system/local/ and add: [source::xyz123] TZ=US/Eastern or by ho...

by Contributor in

Reconcile hosts from multiple timezones in splunk?

Hey everyone. I'm wondering how this is possible to accomplish - we have windows server farms across numerous timezo...

by Builder in

Universal Forwarder block stops all indexing completely

Hi All, We have a customer who could not justify the cost of a clustered solution. So they went down the following...

by Builder in

WinEventLog filters failing :Windows 2003 and splunk 6 SPL-78726

After upgrading my Windows servers 2003 to Splunk 6. I discovered that all my nullQueues filter stopped working, and ...

by Splunk Employee in

how do you configure the searchead so it sends summary index data to a summary index defined on distributed indexers?

I want to be able to use the search GUI to create summary index searches, but i want the actual resulting summary ind...

by Communicator in

Splunk Universal Forwarders attempting to communicate with indexer on wrong network

We've installed and are evaluating Splunk Enterprise 6.0 in a Windows environment (desktops are running Windows 7 Pro...

by Explorer in

Universal forwarder scripted install

Does anyone know if it is possible to automatically add the current_only = [0|1] attribute in a scripted Universal Fo...

by Explorer in

Unable to Start Splunk Service on Windows- failed with ERROR ConfObjectManagerDB - Cannot initialize: D:\Program Files\Splunk\etc\apps\ learned\metadata\default.meta: The operation completed successfully."

We are able to start splunk services - But getting following error while starting the services in Heavy Forwarder ...

by Splunk Employee in

How do I get an alert if my forwarder is not responding? - Monitoring Splunk Forwarder

Recently some of our universal forwarders stopped sending events to indexer? Is there a way to get an alert if for...

by Explorer in

How to know what inputs.conf a given event came from?

So if you have any reasonably complicated deployment, likely you have a fair number of inputs.conf that your UF is re...

by Communicator in

user-specific configurations to scripted inputs as input arguments

I am working on a scripted input that requires user-specific configurations (e.g. AccountKey, UserToken) as input arg...

by Path Finder in

When running splunkforwarder-6.0.1-189883-x64-release.msi you get an error message -Please re-launch the installer as an Administrator. This is required to configure the installation for remote data collection.

When running splunkforwarder-6.0.1-189883-x64-release.msi you get an error message "Please re-launch the installer as...

by Splunk Employee in

Splunk not receiving data from forwarders (needs restart)

We have a Splunk server that is receiving data from more than 10 forwarders. It also receives data directly via UDP a...

by Path Finder in

Has anybody tried to index NMON files?

Hi, I have indexed an NMON file on SPLUNK - just for test purpose as we would like to keep all measurements in one pl...

by Communicator in

AIX NMON Data show

Who Will aix nmon the I / O tps data demonstrate experience in the field is the extraction of each AIX NMON TPS field...

by New Member in

Identify IP address from host

Hi, We are seeing two suspicious servers which are sending syslogs in huge count. and Upto my knowledge, we di...

by Communicator in

_TCP_ROUTING for windows monitored data is not routed appropriately in Splunk Version 6

After upgrading SplunkUniversalForwader from Version 5.x to 6.x, now _TCP_ROUTING for windows monitored data is not r...

by Splunk Employee in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Universal Forwarder to monitor Windows Event Logs

Windows 2008 Server Event Viewer Logs

need props.conf for custom log

Can I specify TimeZone (TZ) by Index?

Reconcile hosts from multiple timezones in splunk?

Universal Forwarder block stops all indexing completely

WinEventLog filters failing :Windows 2003 and splunk 6 SPL-78726

how do you configure the searchead so it sends summary index data to a summary index defined on distributed indexers?

Splunk Universal Forwarders attempting to communicate with indexer on wrong network

Universal forwarder scripted install

Unable to Start Splunk Service on Windows- failed with ERROR ConfObjectManagerDB - Cannot initialize: D:\Program Files\Splunk\etc\apps\ learned\metadata\default.meta: The operation completed successfully."

How do I get an alert if my forwarder is not responding? - Monitoring Splunk Forwarder

How to know what inputs.conf a given event came from?

user-specific configurations to scripted inputs as input arguments

When running splunkforwarder-6.0.1-189883-x64-release.msi you get an error message -Please re-launch the installer as an Administrator. This is required to configure the installation for remote data collection.

Splunk not receiving data from forwarders (needs restart)

Has anybody tried to index NMON files?

AIX NMON Data show

Identify IP address from host

_TCP_ROUTING for windows monitored data is not routed appropriately in Splunk Version 6

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

Admin Your Splunk Cloud, Your Way

Splunk OTEL Forwarder

Using whitelist or blacklist within linux log file...

Renamed serverclass, but not updated in data input...

How do I ship json file uusing HTTP Event Collecto...

How to highlight the data in the Map for regions E...