Getting Data In

Thread Info

Timezone issue with Splunk on Windows

I've stucked on a couple of issues on Splunk since there was changes in timezone shift in my country. The main pro...

by New Member in

Overriding host values using the log data

http://docs.splunk.com/Documentation/Splunk/latest/Data/overridedefaulthostassignments I've been trying to set up ...

by Contributor in

Create a new sourcetype on the fly

I have a subsearch like this: sourcetype="syslog" SERIAL=* | eval SERIAL_NUM=SERIAL | lookup FileLookup SERIA...

by Builder in

Tag Logs Based on Host

There are several servers with universal forwarders loaded that are sending logs to our Splunk environment. These ser...

by Builder in

How can we monitor binary log data in splunk? is invalid. Reason: binary

I have a python script that read data from the stdin, convert the input and output human readable text to the stdout....

by Engager in

Does fschange input work with Universal Forwarder?

If I enable fschange input on my Splunk Universal Forwarder, will it work the same as on a regular forwarder?

by Splunk Employee in

Routing syslog streams to different index

I have a stream (udp 518) of syslog coming in from two different syslog servers. I thought that I would be able to sp...

by Path Finder in

filter data problem with windows path

I have installed splunk on windows 2008 to analyze iis log file. I want to avoid to index log entries with 401 http s...

by Path Finder in

how to setup splunk to analyse logs produced on a remote server?

Hi! I am a newbie to Splunk. I have an application on a linux server that produces logs in log4j format. I want to re...

by New Member in

Discard Source type

I have a situation. I have defined the source type under Deployment server- deployment app>local>prop.conf> as [...

by Path Finder in

Using splunk deployment server to detect virtual containers

Can Splunk deployment server detect a container ID in a virtual environment, which was created... say by openvz, and ...

by Explorer in

Using the Splunk deployment server to manage the inputs.conf file for multiple servers

Is it possible to create different classes of servers so when the forwarder checks in, it get a specific configuratio...

by Explorer in

Send SNMP trap to other systems

I've read the documentation on how to send SNMP traps to other systems, however, I'm confused. How does traphosts.pl ...

by Engager in

trouble getting started

I'm trying to find a way to analyse iTunes log files - I'm pretty sure Splunk can help me here, have got some data in...

by New Member in

Sourcetype / Line-breaking issue with multi-timestamp events

Hi, I am having an issue with line breaking. My events look like this: 2012-04-17 11:24:45 ***************** ru...

by Path Finder in

Can't get data from Universal Forwarder to show up in index and search

I have a simple setup: a Universal Forwarder monitoring a couple of files and sending the cooked data over TCP port 8...

by Explorer in

Reached end-of-stream while waiting for more data from peer

Every now and again I see this message in a distributed search setup with a few peers and a couple of pooled search h...

by Ultra Champion in

Really long events being broken up

I have an event being imported with a custom source type. in that source type i have NO_BINARY_CHECK=1 CHECK_FOR_...

by Path Finder in

IIS Logs and URI

I want to create a dashboard showing all the stats of a web site by URI. eg. if the main site is www.mysite.com I wan...

by New Member in

source type issues

Hello All, we have started working with splunk to deal with a pile of date. for that we have created a custom sour...

by New Member in

Not able to see the Forwarder host name in the receivers Host lists

Hi, I have installed 4.3.1 as receiver in windows 7 and universal forwarder in RHEl 5. I have configured both as p...

by New Member in

Adding data from Wireshark capture windows txt file into Splunk

Lets say i have already converted a wireshark pcap file to a windows text file, so do i need to "format" the data fro...

by Communicator in

Missing events from several indexes / sourcetypes

I am not sure if anyone else has seen this issue, but at least 3 times lately I have done a broad search on an IP, in...

by Explorer in

Search script - stdin contents

Hi. I'm starting to work with custom search commands. For now, I need to use Perl. Just to get started, I did a si...

by Path Finder in

lea_loggrabber functionality

I am connecting to a Checkpoint Smart Manager (SPLAT) using the "lea-loggrabber-splunk-linux-4x-42928" App. I nee...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Timezone issue with Splunk on Windows

Overriding host values using the log data

Create a new sourcetype on the fly

Tag Logs Based on Host

How can we monitor binary log data in splunk? is invalid. Reason: binary

Does fschange input work with Universal Forwarder?

Routing syslog streams to different index

filter data problem with windows path

how to setup splunk to analyse logs produced on a remote server?

Discard Source type

Using splunk deployment server to detect virtual containers

Using the Splunk deployment server to manage the inputs.conf file for multiple servers

Send SNMP trap to other systems

trouble getting started

Sourcetype / Line-breaking issue with multi-timestamp events

Can't get data from Universal Forwarder to show up in index and search

Reached end-of-stream while waiting for more data from peer

Really long events being broken up

IIS Logs and URI

source type issues

Not able to see the Forwarder host name in the receivers Host lists

Adding data from Wireshark capture windows txt file into Splunk

Missing events from several indexes / sourcetypes

Search script - stdin contents

lea_loggrabber functionality

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions