Getting Data In

Thread Info

Input data from directory sourcetype changing

Hello every one, I am a new user of the splunk. I have facing a problem that input the log file from directory....

by Engager in

Configuing remote OSSEC Agent Management

I am struggling to get the "OSSEC Agent Management" page to display my remote agents. Testing using the ossec_agent_s...

by New Member in

Windows Universal Forwarder Log On As A Service error

Hi all, I am setting up the Universal Forwarder for Windows 2008 and deploying it using a batch file. I am getting hu...

by New Member in

star wildcard in monitor stanza does not look at root directory

I want to write a monitor stanza that picks up a log named "mytest.log" which may be found in either /var/log/app/ or...

by Communicator in

Curl no longer works even with admin role accounts!

I know my users have admin privileges but no matter which login I use, even admin, I keep getting unauthorized or adm...

by Splunk Employee in

Splunk indexed data

Is Splunk's indexed data difficult or nearly impossible to modify?

by Communicator in

Can I modify Data from Splunk using Splunk API?

Lets say if i do not search for the data using the splunk search then can i edit the data directly from the splunk se...

by Communicator in

Splunk REST Input API Endpoint

POST data/inputs/ad/{name} Modifies a given AD monitoring stanza. What does this mean exactly? What can i do us...

by Communicator in

Logging, Splunkforwarder, and Diskless Servers

I've got a bunch of server which boot entirely without local disk. Is there a means to disable splunkforwarder from w...

by New Member in

forwarded logs original address as source

We currently have another syslog server that is handling some network related scripting and can't be shutdown, and ra...

by Path Finder in

File won't index

In testing for implementation on an enterprise Splunk implementation, I am working on my XP desktop with Splunk 4.31 ...

by Communicator in

What can we do when forgot/lost WIndows admin password?

(Spam removed)

by Engager in

Forwarding and Receiving

Hi all, I'm very new to Splunk and am doing it for a school project. I was tasked to forward data from a Forwarder...

by Explorer in

How to assign the appropriate host name for udp input type for universal forwarder?

I have a universal forwarder listening on udp:12000 for messages from various processes and relaying it to splunk ind...

by Communicator in

Cent OS6 - LAMP with Splunk

I followed the basic install of spunk (64-bit) and placed the tar install in /opt/splunk. I successfully started the ...

by Explorer in

How to configure selective data indexing ?

Our configuration has universal forwarder - so the whole log file is being forwarded to the indexer. I know there is ...

by Engager in

Creating large, multi-terabyte indexes

Hi, I have a few indexes that I want to expand to be multiple terabytes. Are there general guidelines about this? ...

by Path Finder in

Log file with differing message formats

I've run across an odd log file from EMC's Data Protection application that is logging two very different log formats...

by Motivator in

Dashboard with status of a host

Hello, Is it possible to create a dashbaord that will show the status (online/offline) of the hosts that send thei...

by Path Finder in

Failed Logs starting at 12am and ending at 11:59pm

Hello, I am using the free version of the splunk and I just want to see the days log files from all the servers I hav...

by New Member in

Filtering specific log file on indexer

I have a very chatty forwarder that I do not have access to, so cannot stop the noise. I have identified the log f...

by Communicator in

Splunk Parsing dates incorrectly

I know there have been other questions asked about splunk parsing dates. However, I have what appears to be a unique ...

by Communicator in

index only part of a log?

Is there a way to index only part of a log? These logs are custom log files from a windows server. There are thousand...

by Path Finder in

Is Splunk SAS70 compliant?

I would think that since Splunk can be configured to forward live events via SSL, that would qualify/meet SAS70 compl...

by Splunk Employee in

Setting the timestamp on a log entry

I can't seem to get this working, logs are getting confused about the time format since it is Day Month Year. the...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Input data from directory sourcetype changing

Configuing remote OSSEC Agent Management

Windows Universal Forwarder Log On As A Service error

star wildcard in monitor stanza does not look at root directory

Curl no longer works even with admin role accounts!

Splunk indexed data

Can I modify Data from Splunk using Splunk API?

Splunk REST Input API Endpoint

Logging, Splunkforwarder, and Diskless Servers

forwarded logs original address as source

File won't index

What can we do when forgot/lost WIndows admin password?

Forwarding and Receiving

How to assign the appropriate host name for udp input type for universal forwarder?

Cent OS6 - LAMP with Splunk

How to configure selective data indexing ?

Creating large, multi-terabyte indexes

Log file with differing message formats

Dashboard with status of a host

Failed Logs starting at 12am and ending at 11:59pm

Filtering specific log file on indexer

Splunk Parsing dates incorrectly

index only part of a log?

Is Splunk SAS70 compliant?

Setting the timestamp on a log entry

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR

JSON Data extraction issues with Comma