Getting Data In

Discussions

Thread Info

Data extraction from multiple servers

Is splunk capable of pulling multiple log files from different servers without installing the universal forwarder on ...

by Splunk Employee in

32 vs 64 bit forwarder

I'm curious what the advantage to running the 64-bit forwarder is. I assume it won't ever need enough memory that it ...

by Path Finder in

Documented recipe for replicating subsets of data to 3rd party system throws errors in 4.3.1 and 4.3.2

In 4.3.1 and 4.3.2, when using the documented procedure to replicate subsets of data to 3rd party systems found here:...

by Splunk Employee in

Index leaving holes and trying to see why

I had a crash the past day so I am setting up a watchdog, but I have splunk monitoring 2 directories. I confirmed the...

by Explorer in

Finding where multiple events have the same time

We had an issue here with one of our web fronted applications when the webserver received multiple requests to the sa...

by Motivator in

Whitelist Would not work

The following logs in Weblogic are being captured in inputs.conf mydomain.log1123213123 mydomain.log4353245254 ...

by Builder in

WMI - How many remote Windows can a Splunk WMI input support?

Hi I am planning to monitor many Windows client via WMI interface. I have one Splunk installed on Windows7. How ma...

by Motivator in

log monitoring problem

Hi, This is Jay Mehta from India. We currently have requirement to do log monitoring and for this we are looking @...

by New Member in

Not receiving Linux logs

Hello, I am setting up a test rig, and not receiving any logs from another Linux box (please see rig details below...

by Communicator in

props.conf not breaking on data correctly

I apologize for the Splunk formatting of my configuration settings....for some reason this UI is removing my "_" from...

by Communicator in

Filter events from forwards

Hello - I want to send only events with keyword BIDPRICE from my application logs. I guess i need to modifiy props.co...

by New Member in

filtering search results

I have a very simple search/chart to look for failed logons on my domain: EventCode=4625 Account_Name="*" | timech...

by Contributor in

Splunk cannot find correct source log

I have a set of log events that contain the following Key value pair "source" : "integer". Therefore, splunk is repor...

by Motivator in

Inputs not routing to correct index

I have data being sent in by universal forwarders on port 9908 that I would like put into a custom index. This is how...

by Path Finder in

Forwarder Not Forwarding New Monitored Logs

I have just added two new logs to be monitored on one of my servers but the data is not coming back for those files. ...

by Contributor in

Breakdown by Sourcetype from Each Forwarder

We have a number of heavy forwarders sending cooked data to our indexers. We can get the total KBs sent by each forwa...

by Contributor in

How to process event exact same for events from multiple event source type?

Let us say you have following lines in your props.conf file: [WinEventLog:Security] REPORT-common = user-accoun...

by Path Finder in

Regex transform on a dynamic default host?

Hello, I have Splunk on some Windows VMs that run on ESX hosts. For each guest, the ESX hosts generate customized ...

by Builder in

What causes queues on Indexer to block?

I was tracking down a problem with a group of Forwarders reporting the parsingqueue was blocked. To resolve that, I h...

by Contributor in

IIS search & report

I have a number of IIS logs being splunked across a number of servers but an struggling to work out how to present th...

by Path Finder in

Trying to drop Windows Events at the Indexer

I am attempting to drop WinEventLog:Security EventCode's at the Indexer and I am not having any success. I have read ...

by Path Finder in

Adding Data TYPE/SOURCE

What is the difference data type and data source. When I used the manager to add a data type (and proceeding with...

by Communicator in

Timezone issue with Splunk on Windows

I've stucked on a couple of issues on Splunk since there was changes in timezone shift in my country. The main pro...

by New Member in

Overriding host values using the log data

http://docs.splunk.com/Documentation/Splunk/latest/Data/overridedefaulthostassignments I've been trying to set up ...

by Contributor in

Create a new sourcetype on the fly

I have a subsearch like this: sourcetype="syslog" SERIAL=* | eval SERIAL_NUM=SERIAL | lookup FileLookup SERIA...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Data extraction from multiple servers

32 vs 64 bit forwarder

Documented recipe for replicating subsets of data to 3rd party system throws errors in 4.3.1 and 4.3.2

Index leaving holes and trying to see why

Finding where multiple events have the same time

Whitelist Would not work

WMI - How many remote Windows can a Splunk WMI input support?

log monitoring problem

Not receiving Linux logs

props.conf not breaking on data correctly

Filter events from forwards

filtering search results

Splunk cannot find correct source log

Inputs not routing to correct index

Forwarder Not Forwarding New Monitored Logs

Breakdown by Sourcetype from Each Forwarder

How to process event exact same for events from multiple event source type?

Regex transform on a dynamic default host?

What causes queues on Indexer to block?

IIS search & report

Trying to drop Windows Events at the Indexer

Adding Data TYPE/SOURCE

Timezone issue with Splunk on Windows

Overriding host values using the log data

Create a new sourcetype on the fly

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Edge Processor Destination not showing up in Pipel...

Palo alto Strata logging service logs

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...