Getting Data In

Discussions

Thread Info

Parsing a Log File

Hi, I have a file with the below format : CustID=129857 CusTime=2012-04-04 CusName=John, Doe CustState=NewJerse...

by New Member in

How do you add sourcetypes to the pre-defined sourcetypes

How can you add additional sourcetypes to the pre-defined sourcetypes, so that way when users add inputs through the ...

by Contributor in

default.xml customization

I would like to ask a question in relation to the Cisco Security app. I got version 1.0.1. I would like to be able to...

by Communicator in

Not all events indexed from file

I’m new to Splunk, and running with the trial licence exactly as it comes out of the box (no fancy config etc.). i.e....

by New Member in

suppressing underscore prefixed columns from report

I have a report: blah, blah, blah | stats count as NbrSaves, dc(UserId) as DistinctUserIds by _date_numericyear, _dat...

by Contributor in

Source Names

Hi, We have a Splunk system set up. When we log into splunk and go to the search dashboard, all the sources appear...

by Path Finder in

Universal forwarder and Indexer and not able to handshek and are not working

Hi, I am trying to setup splunk to send my local system's data to remote indexer, however its not working, logs co...

by New Member in

snmpget with splunk

has anyone ever work with polling system information using snmpget and write it into files or using a scripted data i...

by Path Finder in

Avoid UDP Traffic Flooding in switched environments

Our Splunk Server has a dedicated subinterface for listening on udp port 514 and I belive most customers does the sam...

by Engager in

Filter all windows event logs from single server

I need to filter all windows event log records from being indexed. I am using the universal forwarder, so on my index...

by Communicator in

problem extracting timestamps

I'm unable to get correct timestamps for my snmptrap log-file. This is an example of an snmptrap : 2012-06-18 1...

by Explorer in

Encounter errors when installing Splunk forwarder on Windows 2003 DC

Hi, I have to reinstall Splunk on a different drive(from C:\ to D:) on our Windows 2003 domain controller. When...

by Contributor in

Log rotation for compressed files

We are using Splunk to monitor server.log file from a JBoss instance that rolls over daily (we use the logrotate util...

by Builder in

Not able to start Splunk on Windows when coldpath is set to a CIFS share

We have configured Splunk 4.2.2 running on Windows Server 2008 R2 with a coldPath pointing to a volume ("cold") hoste...

by Splunk Employee in

Universal Forwarder for OSX installed - how is it configured ?

Hello All, I have the OSX Universal Forwarder installed on a 10.5 machine and Splunk installed on a server success...

by New Member in

How can I confirm if missing, but previously indexed data has been rolled out or deleted on my behalf :( ?

How can I confirm if missing, but previously indexed data has been rolled out or deleted on my behalf  ? I have o...

by Engager in

Discarding log entries by specific content

In /var/log/messages on numerous machines I have the following messages: Jun 13 19:55:34 hostabc snmpd[27898]: Rec...

by Explorer in

wild card in monitor path does not work in windows 2008

Hi, I have a question exactly like the described in this question, but I can not solve the problem following the a...

by Engager in

Sourcetype not forwarding for 10 minutes

This is my stab at it: | metadata type=hosts sourcetype="example" | convert ctime(recentTime) as Recent_Time | wh...

by Builder in

Archiving and signing at the same time

Hey guys, I'm new on the Splunk planet. I'm trying to find a script that would : - Send archive data to a nas loca...

by Communicator in

Data not being indexed

I've struggled on this issue for the past few days and I can see to resolve it. I've checked and rechecked my conf...

by Motivator in

Lotus Notes Logs

What do I need to do to monitor my Lotus Notes Server? Is there an App that will do this? What are the common logs th...

by Path Finder in

growing file

I have a growing file on a remote location. Can i use the forwarder to monitor this file without having to reupload i...

by Explorer in

State File Monitoring

i have a state file that writes the same size data file every 5 minutes but the data inside is only sometimes differe...

by Explorer in

Data Retention for different log types

According to the splunk documentation splunk can retain then delete data for a specified interval of time. I have mul...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Parsing a Log File

How do you add sourcetypes to the pre-defined sourcetypes

default.xml customization

Not all events indexed from file

suppressing underscore prefixed columns from report

Source Names

Universal forwarder and Indexer and not able to handshek and are not working

snmpget with splunk

Avoid UDP Traffic Flooding in switched environments

Filter all windows event logs from single server

problem extracting timestamps

Encounter errors when installing Splunk forwarder on Windows 2003 DC

Log rotation for compressed files

Not able to start Splunk on Windows when coldpath is set to a CIFS share

Universal Forwarder for OSX installed - how is it configured ?

How can I confirm if missing, but previously indexed data has been rolled out or deleted on my behalf :( ?

Discarding log entries by specific content

wild card in monitor path does not work in windows 2008

Sourcetype not forwarding for 10 minutes

Archiving and signing at the same time

Data not being indexed

Lotus Notes Logs

growing file

State File Monitoring

Data Retention for different log types

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Ingest old security.evtx files

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions