Getting Data In

Discussions

Thread Info

Alternate timestamp for CSV files or forwarded data

Does anyone know how we can use the timestamp of the file from the operating system as the timestamp for events? For ...

by Explorer in

forward data to a syslog server

We're trying to forward data to a syslog server from a splunk server. However, seems that the hostname and process id...

by Explorer in

No time or host in forwarded syslog messages

I have a Splunk indexer (splunk-4.0.9-74233-linux-2.6-x86_64.rpm) sending cooked data to a Splunk forwarder (active_g...

by Explorer in

Difference between monitor and fschange

[1] May I know what are the differences between using monitor or fschange? [2] Is there a documentation about fsch...

by Splunk Employee in

Filtering with a UF before indexing

I've seen a number of posts about this with varied responses. Here's what I'm trying to do: We have some web a...

by Builder in

Dynamic lookup file name in Transforms.conf

Hi, We have a cron job which periodically updates the lookup file. The file name is of the format lookup_mmddyyyy....

by Explorer in

Directory Names

I am new to splunk and am trying to set up a monitored directory. It appears that when browsing for an existing direc...

by Engager in

UF and Indexers, problem with props.conf

We are converting from a single Splunk instantance to a cluster. At this time we are also implementing Universal Forw...

by Builder in

Splunk indexer is not sending to syslog - please help

Hi, I've tried everything. I have read all the answers and docs. A cannot force splunk indexer to forward all even...

by New Member in

How do I send Windows Event logs to Splunk Indexer installed in Linux?

Hi Splunkers, I am very new to Splunk and would like to monitor Windows servers, how do I configure the Windows bo...

by Engager in

DateParserVerbose issue

I indexed a huge log with data that is going back to 2006. However when I try to search on this data it doesn't show ...

by Builder in

Filtering Windows logs at Source with Universal Forwarder

Hi Splunk Gurus We have problem with Splunk on Windows. Windows sends way to many events and logs to splunk indexe...

by New Member in

addtional host data in the index, but not displaying data on the graph

Hello, I have been try to configure the windows app to display data from additional hosts, but without success. ...

by New Member in

How do I set hostname without syslog

I have a UF sending logs to my indexer. The UF receives logs, via syslog, from several other systems. All my UFs, ind...

by Communicator in

Sending certain logs from UDP port 514 to specific indexes

We have some Cisco devices that are sending syslog via port 514 natively (no splunk forwarder installed, obviously). ...

by Builder in

Not Seeing Monitored Files from Forwarder in My Indexer

I'm testing Splunk with the following configuration: Splunk 4.3 indexer and Splunk Universal Forwarder 4.3 on a separ...

by New Member in

monitor csv data

I am performing the following test in my env, props.conf [newcsvtest] REPORT-newcsvtest = newcsvtest SHOULD_LINEME...

by Explorer in

Many 4663 Win Events for the same file

Dear Colleagues, I am configuring Splunk to listen my File Server in the WMI Security Events. Splunk is listening ...

by New Member in

coldToFrozenDir per index

I was running a cold to frozen script that moved the forzen files into a separate directory per index. /opt/splun...

by Path Finder in

Why is my universal forwarder not evenly spreading events coming from a high-traffic input input across all indexers?

I have noticed that universal forwarders receiving data from a high-traffic input will fail to distribute events even...

by Splunk Employee in

Syslog from Firewall issue

I asked my Firewall admin to change the port for syslog to the Splunk indexer. He changed it from 514 to 1514. ...

by Motivator in

transforms.conf fields are visible but returns zero rows when clicked/selected

My props and transforms.conf work fine and I am able to see the fields on the GUI of search heads ( We are running sp...

by Path Finder in

Splunk server stops taking client data

Situation: I log into to splunk and find that data is not present when it should be. I log into the client machine...

by Contributor in

How much data can i index per second on a single indexer?

I've already got my single indexer spec'd to handle under 100Gigs a day and it meets the requirements. However i am g...

by Splunk Employee in

Removing Header row after outputcsv command

What are some of the methods that I can remove the header row after running the 'outputcsv' command in my search? ...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Alternate timestamp for CSV files or forwarded data

forward data to a syslog server

No time or host in forwarded syslog messages

Difference between monitor and fschange

Filtering with a UF before indexing

Dynamic lookup file name in Transforms.conf

Directory Names

UF and Indexers, problem with props.conf

Splunk indexer is not sending to syslog - please help

How do I send Windows Event logs to Splunk Indexer installed in Linux?

DateParserVerbose issue

Filtering Windows logs at Source with Universal Forwarder

addtional host data in the index, but not displaying data on the graph

How do I set hostname without syslog

Sending certain logs from UDP port 514 to specific indexes

Not Seeing Monitored Files from Forwarder in My Indexer

monitor csv data

Many 4663 Win Events for the same file

coldToFrozenDir per index

Why is my universal forwarder not evenly spreading events coming from a high-traffic input input across all indexers?

Syslog from Firewall issue

transforms.conf fields are visible but returns zero rows when clicked/selected

Splunk server stops taking client data

How much data can i index per second on a single indexer?

Removing Header row after outputcsv command

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout