Getting Data In

Discussions

Thread Info

Splunk Index is slow or delayed

The issue I'm having is with an index and real time reporting that uses that index. We currently use Rabbit MQ to sen...

by New Member in

SplunkUniversalForwarder: Cooked connection to ip=192.168.0.115:9997 timed out

I installed Splunk on my laptop and wanted to receive the logs from 2 other desktops. So on these desktops I installe...

by New Member in

Unable to find the source file

hi, I have this source showing in the splunk source=/opt/splunk/var/spool/splunk/singlehost.sample.sav But when...

by Path Finder in

I can not set the timezone.

Hi. With some network devices to the server Splunk receives syslog-events. Time on these devices is set to GMT. Event...

by Engager in

TIME_PREFIX regex help

Hi, I seem to be incapable of figuring out what regex to provide in the TIME_PREFIX for my source type in order to...

by Explorer in

Problem running Custom Script

Have created a custom Perl script, added it to commands.conf - it finds the script just fine. The script outputs the ...

by Path Finder in

Setting up syslog on a wireless router

I have configured Splunk to capture syslog data on UDP:514 of my router but do not see any log data being captured, n...

by New Member in

keep some events and discard the rest

i have a huge log file with events, i need to keep around 20-30 events and discard the rest. I have used a stanza in ...

by Engager in

Index files in order of timestamp or record file timestamp as a field

I'm indexing a bunch of CSV files provided by an external vendor over ftp ( mapped or synched to my local drive ) the...

by Explorer in

How to test succesful Universal Forwarder installation?

I've installed the universal forwarder on a windows client to forward the data to my central log collecter which is a...

by New Member in

Can the universal forwarder route based on field found in the log message?

A file I am monitoring looks something like the following [timestamp] index=layer1 message="123456" [timestamp] in...

by Communicator in

Is it possible to manage Forwarders with mounted knowledge bundles?

I'm considering a Splunk cluster setup, where the Search Heads and Indexers (Peers) will be managed using mounted kno...

by New Member in

Splunk forwarder config not working

since are trying to separate out splunk forwarder config ("inputs.conf") according to indexer. we defined forwarder c...

by New Member in

search/jobs/export does not return results with empty column headers

I using the following command to retrieve a particular macro search result. curl -k -u admin:admin https:// ...

by Engager in

Monitoring files from multiple inputs

How can I set my monitor in inputs.conf so that both of these directories are monitored- 1./var/lib/usr 2. /var/lib/n...

by Engager in

Exchange App (Lookup - Database Information) not working

I'm setting up the Exchange App, data is received in the correct indexes however I'm not seeing data in all the dashb...

by Path Finder in

Define a default date format per Database

I've realised that there is no default Date format, so every date is in timestamp format, and so not readable for the...

by Builder in

How would you determine if data is pre-parsed?

We have three (Windows 2008 R2) domain controllers sending events to a single Splunk collector. We need to reduce ou...

by Explorer in

Timestamp detection fails

I try to parse out the timestamp of this line: Jun 3 17:39:09 svlog.myserver.net svdcdev 04/29/2013 09:14:37 AM ...

by Contributor in

Scripting Question

I am looking for some assistance to be able to script this lookup for windows systems tasklist /fo csv /v any i...

by Path Finder in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Getting Data In

Discussions

Splunk Index is slow or delayed

SplunkUniversalForwarder: Cooked connection to ip=192.168.0.115:9997 timed out

Unable to find the source file

I can not set the timezone.

TIME_PREFIX regex help

Problem running Custom Script

Setting up syslog on a wireless router

keep some events and discard the rest

Index files in order of timestamp or record file timestamp as a field

How to test succesful Universal Forwarder installation?

Can the universal forwarder route based on field found in the log message?

Is it possible to manage Forwarders with mounted knowledge bundles?

Splunk forwarder config not working

search/jobs/export does not return results with empty column headers

Monitoring files from multiple inputs

Exchange App (Lookup - Database Information) not working

Define a default date format per Database

How would you determine if data is pre-parsed?

Timestamp detection fails

Scripting Question

How to get on-prem MuleSoft data into Splunk?

Why is there a certificate issue while integrating...

opentelemetry LOG Data over HEC - What are the bes...

Creating Sourcetype form event data not data

Monitoring Exchange logs over CIFS