Getting Data In

Ask a Question

Discussions

Thread Info

Universal forwarder monitor not working

Universal forwarder is installed in linux server spwdfvml0247. spwdfvml0247:/usr/sap/IX4/SYS # ll [we have below fil...

by Path Finder in

Heavy Forwarder batch stanza bug

Actual Situation: A Heavy Forwarder with the [batch://] stanza configured using default values is reading files fr...

by Path Finder in

Not seeing UDP 514 traffic

I have configured my syslog-ng.conf file as follows; # # This should behave pretty much like the original syslog o...

by Engager in

Will Splunk Continue indexing after restart?

I am currently indexing large amounts of data and need to restart Splunkd and SplunkWeb! Will Splunk continue inde...

by Builder in

splunk for logging syslog traffic over network(tcp)

Hello, I am trying to receive syslog messages from another host over the network using tcp. I am receiving period...

by Engager in

Data Retention and Warm Buckets

My understanding is that a retention policy operates on the events in my cold buckets, meaning that when data grows b...

by Splunk Employee in

Inputs, Props and Transforms per App?

Hello, is it possible in Splunk 4.2.3+ to have separate Inputs, Props and Transforms per App? Example: App1: Li...

by Communicator in

Another timestamp question

I am having a difficult time extracting the correct timestamp from a specific log. As you can see below, the begin...

by Path Finder in

Splunk 2 Splunk SSL Persistent Queues

Am I just missing something or being stupid or are there no persistent queues when using Splunk2Splunk with SSL? I...

by Contributor in

Index Aggregate of Apache Access Logs

I have a series of servers that run apache that serve up the same url via post 99% of the time and in high volume. In...

by Path Finder in

Aggregating WinEventLogs from 2,000 XP machines, total daily volume 20GB

Hi, So we've 2,000 XP machines generating c.20GB of WinEventLogs. For compliance reasons, we want to log it centra...

by Explorer in

Cannot forward data to Splunk Server

Hi All, I am a newbie on Splunk and I am trying to setup a Splunk server and a Splunk Light forwarder to forward d...

by Explorer in

Splunk Forwarder migration

Hi guys, Here is my issue: I have 2 rsyslog servers that are in production in redundant setup. Other servers forwa...

by Explorer in

Indexing Urchin data, specifying timestamps, line breaks

Hi, I am trying to index some processing data from Urchin and having trouble with timestamp recognition and line b...

by Explorer in

Output.csv

What config file defines where the output.csv file gets stored by default into $SPLUNK_HOME/var/run/splunk?

by New Member in

IIS log fields not parsing

Windows 2003 with SUF, inputs.conf: [monitor://C:\WINNT\system32\LogFiles\HTTPERR] disabled = false sourcetype = i...

by Influencer in

Deployment monitor is seeing tcp input as a legacy forwarder

I have a tcp port as input ( and 2 devices are sending data) and its showing up in de deployment monitor (4.2 centos ...

by Contributor in

Splunk is ignoring timestamp and using indexing time

I'm running into an issue with Splunk ignoring the timestamp in a specific log and just using current indexing time. ...

by New Member in

Batch input doesn't honor LINE_BREAKER settings

I've used the var/spool/splunk directory to have Spunk index the output of some scripts. The files are moved there on...

by Influencer in

Windows Universal Forwarder won't stop sending performance data

Splunk Linux Indexer 4.2.3 Splunk Universal Forwarder for Windows 4.2.3-1055Windows Server 2008 Standard Playing w...

by New Member in

How to check Splunk version in Windows?

Is there a way to check the Splunk version number in Windows? Having a hard time tracking it down. Add/Remove Program...

by New Member in

Hidden control characters in logs

I have sinkhole directory which eats pretty much anything what goes in, but there are bunch of log files which are no...

by Path Finder in

failed to parse timestamp for event

HI My splunk failed to parse timestamp of one of the inbound syslog. 10-03-2011 10:55:18.119 +0800 WARN DatePar...

by Explorer in

Problem finding title to use for my BREAK_ONLY_BEFORE

I have an exe that I am calling as a script input. The data is being indexed, but I need the messages to be indexed a...

by New Member in

bad index path

So I added a new index and without thinking I hit submit without changed db info. I restarted and now I can get splun...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Universal forwarder monitor not working

Heavy Forwarder batch stanza bug

Not seeing UDP 514 traffic

Will Splunk Continue indexing after restart?

splunk for logging syslog traffic over network(tcp)

Data Retention and Warm Buckets

Inputs, Props and Transforms per App?

Another timestamp question

Splunk 2 Splunk SSL Persistent Queues

Index Aggregate of Apache Access Logs

Aggregating WinEventLogs from 2,000 XP machines, total daily volume 20GB

Cannot forward data to Splunk Server

Splunk Forwarder migration

Indexing Urchin data, specifying timestamps, line breaks

Output.csv

IIS log fields not parsing

Deployment monitor is seeing tcp input as a legacy forwarder

Splunk is ignoring timestamp and using indexing time

Batch input doesn't honor LINE_BREAKER settings

Windows Universal Forwarder won't stop sending performance data

How to check Splunk version in Windows?

Hidden control characters in logs

failed to parse timestamp for event

Problem finding title to use for my BREAK_ONLY_BEFORE

bad index path

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions