Getting Data In

Ask a Question

Discussions

Thread Info

Indexes Overloaded?

Im currently indexing large amount of data and monitoring the process and usage from the Deployment Monitor. For s...

by Builder in

ftp to non-windows platform

Hello i have been struggling to get some logs from a machine on a non-windows platform. Would like to know if it i...

by New Member in

inputs.conf not picking up monitored file

I have what appears to be a simple monitor to watch for a specific file name with a regex to define the date stamped ...

by Communicator in

REST and javascript not working

Greetings, I am working with the REST API, and have had some success from the command line. For instance: curl ...

by Contributor in

Issue with csv timestamp extraction

Hey everyone. All of my input data comes into splunk in .csv format. Each line is a record, and it has numerous times...

by Builder in

Sizing my Splunk for MSExchange App

I would like to know what to expect with regard to Splunk's daily indexing volume for my Splunk for MSExchange App. ...

by Splunk Employee in

Start Splunk & an unclean shutdown : How to answer "yes" automatically to the request for faster recovery?

Hello all, sometimes when I start splunk I get following message: Splunk has detected an unclean shutdown....

by Explorer in

Problems with File Import and props.conf

Hello, we use Splunk 4.1.7 and we would like to import once every night a file with the following content: 1970...

by Contributor in

existing central sysloghost data to new splunk server

I have: two existing OpenBSD Centralized Syslog loghosts (one is syslog-ng, one is syslogd)a new dedicated server ...

by Engager in

How do you parse a log with one JSON object per line which is being sent by a forwarder?

this solution worked for me for log files that are on the same machine as the splunk server. But when I started forwa...

by Explorer in

Automatically remove events older than one year

I have a requirement to have data older than one year removed from Splunk. By "older than year", I mean the event has...

by Builder in

Can a sourcetype be applied on the server, or does it need to be applied in the forwarder?

I am trying to set up a universal forwarder with an inputs.conf which only contains something like this: [monitor:...

by Explorer in

TCP connection flowchart

Is there a TCP connection flowchart showing how the TCP connections are being established, controlled and closed betw...

by Legend in

Can't index data on network drives in (VirtualBox WinXP SP3)

Hello all, I got the problem, that Splunk is not able to index any data which is on the host system. Splunk itself...

by Path Finder in

Using a CSV to search

I am pretty sure this involves lookups but here is what I am attempting. I have a list of users in a CSV (users.cs...

by Explorer in

How to ask splunk to extract time_stamp only if time string is at the start of a line?

I tried to put the "TIME_PREFIX = ^" at props.conf at system/default, system/local, myapp/default, myapp/local but no...

by Engager in

How to get the number of "unique" request with splunk

We are currently looking for a way to find the number of "unique" request for a given event type with splunk. Like th...

by New Member in

The system cannot find the path specified.

Hello all, I am running Splunk 4.2.3 on WinXP 32Bit in VirtualBox. Everytime I try to add some files to my databas...

by Path Finder in

Forwarder / Indexer Transforms.

Hi guys, I have some universal-forwarders forwarding to an indexer (4.2.2) and all works great, i set the sourcety...

by Communicator in

Unable to pull Perfmon Counter for %Processor Time Windows 2003 32-bit

Has anyone seen the errors below and know how to correct? This same perfmon.conf is applied to both Windows 2008 64-b...

by New Member in

Splunk for Exchange App (i.e. activity monitoring app)

Is Splunk planning to create and/or provide a Splunk for Exchange App soon, to monitor emailing and other user activi...

by Splunk Employee in

Configure Splunk to use Exchange?

I'm in the process of evaluating Splunk within my company as a means to monitor certain server activity. I have a ...

by Engager in

Multi line Events parsing not working

Hi I have multilines events , splunk indexes the same event as multiple events. I want Splunk to consider the new...

by New Member in

How to recognize event time that is embedded in json string in epoch seconds?

I'm using "From files and directories" --> "Upload and index a file" to feed the data file. The file has data in foll...

by New Member in

OPSEC LEA for Solaris x86 intel based

Hi, is there any way to grab checkpoint log using Solaris x86 based? I see at splunkbase, the app only for SPARC. ...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Indexes Overloaded?

ftp to non-windows platform

inputs.conf not picking up monitored file

REST and javascript not working

Issue with csv timestamp extraction

Sizing my Splunk for MSExchange App

Start Splunk & an unclean shutdown : How to answer "yes" automatically to the request for faster recovery?

Problems with File Import and props.conf

existing central sysloghost data to new splunk server

How do you parse a log with one JSON object per line which is being sent by a forwarder?

Automatically remove events older than one year

Can a sourcetype be applied on the server, or does it need to be applied in the forwarder?

TCP connection flowchart

Can't index data on network drives in (VirtualBox WinXP SP3)

Using a CSV to search

How to ask splunk to extract time_stamp only if time string is at the start of a line?

How to get the number of "unique" request with splunk

The system cannot find the path specified.

Forwarder / Indexer Transforms.

Unable to pull Perfmon Counter for %Processor Time Windows 2003 32-bit

Splunk for Exchange App (i.e. activity monitoring app)

Configure Splunk to use Exchange?

Multi line Events parsing not working

How to recognize event time that is embedded in json string in epoch seconds?

OPSEC LEA for Solaris x86 intel based

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

How To Create HEC Http_Input in Indexer Cluster En...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction