Getting Data In

Thread Info

Can I run multiple Universal Forwarders on Windows Server 2008?

I have a Universal Forwarder looking at a directory holding our proxy logs. New logs are dumped into the directory ev...

by Communicator in

universal forwarder

please I need help , I deployed a universal forward by following tutorial "distributed deployement manual" Th...

by Path Finder in

Filtering and sending only specific data

Hi again, I got one question in filtering and routing to indexer. i got my props like this: pros.conf ...

by Explorer in

Segregation of incoming data

In our environment (mid-size enterprise with remote sites) we have our primary indexer on dedicated hardware. All dat...

by Engager in

Indexing content that may contain in-line gzip

We need to index content that may contain in-line gzip (or other compression) content. We do not need to search on th...

by New Member in

Why won't Splunk re-index my data?

I wanted to see how Splunk would index my data, so I configured it to index a few files into a 'test' index. Now that...

by Splunk Employee in

Major discrepancy between per_sourcetype_thruput and tcpin_connections - which is right?

I'm looking at a Splunk instance right now that is getting 99+% of its data as one particular sourcetype, from two he...

by Motivator in

warning and violations, how to reduce my indexed volume ?

Hi I have a license pool for X Gb per day, and I blow it every almost every single day. How to selectively reduce my...

by Communicator in

Explain this transform

v4.3 sles 11.1 can you explain for me this transform [csafields] REGEX = ^[^\|]+\|([^\|]+)\|([^\|]+)\|([^\|]+)\...

by Contributor in

want to have Mutiline log file as single event - props.conf

My log goes like this. I want all contents between "BeginEvent" and "EndEvent" as a single event. Any help? Will grea...

by Contributor in

Forwarder keeps monitoring after app undeployed

Hi, I'm just setting up a deployment server and created a simple app to test it. The app was installed fine on my ...

by Builder in

Splunk going down in events indexed

All day, I've been watching the amount of events indexed in Splunk go up and down. It stays in the 1.8-1.9 billion ev...

by Explorer in

List of checkpoint libraries necessary for lea-loggrabber

Hi, I'm getting ready to deploy the splunk Lea-Loggrabber client (32-bit) on RH6 64-bit OS. Would anyone happen to ha...

by Splunk Employee in

Incorrect hostname for Cisco WAAS Logs

I've got a weird issue with some Cisco WAAS devices identifying their hostname correctly in Splunk. We are in the pro...

by Engager in

Receiver not receiving newly added index and data from sender!

I am currently successfully forwarding data of a created index from a sender to a receiver, the issue is I have creat...

by Builder in

Data Index Question - Data Also On Indexer Not Indexing

Hello Everyone, I currently have an indexer (one box) which also has data that I want to index. I specified the lo...

by New Member in

Generate graph from 'CPU RAM process' log

How should I configure the Search (and Report) so to get a CPU & RAM line chart (the values not a count) by process? ...

by Builder in

migrate data from single splunk indexer, split to two new indexers (sanity check)

I have a plan to migrate data from a single splunk indexer to two separate indexers, reconfiguring the production sys...

by Contributor in

Multi-value fields not populating for index

Hello, I think i'm doing something wrong, but i've read through all the manuals and can't figure out what it is! I...

by Explorer in

Remove Raw data from splunk server

We are running splunk 4.2.3 on a RHEL 5.7 server and nearly 250 universal forwarders forwarding data to this splunk s...

by Explorer in

universal forwarder

hello can we install the splunk instance as an indexer and universal forwarder in the same machine and try to forw...

by Path Finder in

connection error from forwarder

I configured a splunk instance on a linux server and added forwarder to another remote splunk instance. I also config...

by Engager in

Which Logback Appender to use to send new events to splunk via REST reciever endpoint?

May i know which Logback appender should i use if i want to create new events using the Splunk's REST receivers endpo...

by Communicator in

How to upgrade forwarders with deployment server?

I want to upgrade several forwarders. They are deployment clients. How to do this?

by Engager in

Timestamp broken up by a |

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Can I run multiple Universal Forwarders on Windows Server 2008?

universal forwarder

Filtering and sending only specific data

Segregation of incoming data

Indexing content that may contain in-line gzip

Why won't Splunk re-index my data?

Major discrepancy between per_sourcetype_thruput and tcpin_connections - which is right?

warning and violations, how to reduce my indexed volume ?

Explain this transform

want to have Mutiline log file as single event - props.conf

Forwarder keeps monitoring after app undeployed

Splunk going down in events indexed

List of checkpoint libraries necessary for lea-loggrabber

Incorrect hostname for Cisco WAAS Logs

Receiver not receiving newly added index and data from sender!

Data Index Question - Data Also On Indexer Not Indexing

Generate graph from 'CPU RAM process' log

migrate data from single splunk indexer, split to two new indexers (sanity check)

Multi-value fields not populating for index

Remove Raw data from splunk server

universal forwarder

connection error from forwarder

Which Logback Appender to use to send new events to splunk via REST reciever endpoint?

How to upgrade forwarders with deployment server?

Timestamp broken up by a |

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

How to add 2 separate filters to a single _raw spl...

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

Getting Data In

Are you a member of the Splunk Community?

Discussions