Getting Data In

Discussions

Thread Info

Encoding for forwarded data

I have files in CP866 encoding. For indexing them in Splunk i made _russian-CP866.ngram file and changed props.conf t...

by Contributor in

How to replace meta information?

Hi, I have a small lab where there is a heavy forwarder. I can/want to perform transformation on Meta info at Heav...

by Explorer in

Monitor a FTP server?

FTP download is the only way this particular system is allowing us to access its logs. Files are dumped into the FTP ...

by Motivator in

inputs.conf error

I'm getting following error while starting splunkforwarder after updating inputs.conf under splunkforwarder. These ar...

by New Member in

inputs.conf error in SplunkForwarder

I have updated the inputs.conf under /opt/splunkforwarder/etc/system/local, but after restarting splunk I'm getting t...

by New Member in

Logs from remote host

I have access to shared folder in my network. I want to get logs for Splunk from this folder. How can i make it? May ...

by Contributor in

Monitor cisco router interfaces- Is syslog enough or do I have to use snmp?

I'm looking for a way to monitor several router and several interfaces (physical, tunnel...).I need to extract status...

by Path Finder in

Events from second-tier Windows Universal Forwarders not appearing in Splunk

We are failing to get events indexed with the following topology: Splunk 4.2 receiving compressed events over the int...

by Path Finder in

Hot Bucket Data on Splunk Crash

If Splunk Crashes will I lose everything that was being indexed in the Hot Bucket?.....is it safe to configure Splunk...

by Builder in

Can you blacklist a host?

Here's the situation I'm trying to muddle through: We have a production server that inputs.conf is monitoring, all...

by Explorer in

Command Usage with Examples..

Hi, Today I've read the page(docs) all about "splunk" , and listened to few of videos and it's great , impressed ,...

by New Member in

new monitor stanza not indexed

Hello, On my Windows box, I've added a new monitor stanza in my local inputs.conf file. The config is: [monitor...

by Explorer in

Problem reading syslog events

My firewall is using syslog-ng to send logs to my log server over TCP on port 514. In Splunk>>Manager>>Data inputs>>T...

by Path Finder in

Data Collection from Printers

Can Splunk be used to collect data from printers (and other network devices like routers, switches). Sorry if this...

by Path Finder in

Does Universal Forwarder Solaris v8 app work on Ultra-60?

Downloaded and installed the Solaris 8 packagewith: % pkgadd -d splunkforwarder-4.2.3-105575-solaris-8-sparc.pkg ...

by Engager in

Universal Forwarder Not Forwarding Windows Event Logs

I have just installed a Universal forwarder on a windows server and during the installation I selected the option to ...

by Path Finder in

Splunk for Exchange 2010 error

Hi ! I have a lot's of errors like that, when I try to log an Exchange server : 10-19-2011 20:37:04.309 +0200 E...

by New Member in

Current date exclusion from search events

I have an event that contains the following date format/range text within it: 2011-10-07T00:00:00.000Z-2011-10-07T...

by Path Finder in

the number of files column in the data inputs manager

For my input [monitor::///home/mataharry/invasionplans/] index=statesecret whitelist=*.secret recurse=true In the ...

by Communicator in

Index Local Machine

I'm very new to Splunk. I just installed it in my environment and in the process of testing it. I'm wondering why a l...

by Path Finder in

Setting custom sourcetypes on 'managed' universal forwarder

I struggling getting my props.conf to work now that i have moved to a universal forwarder. On previous versions of...

by Path Finder in

hostname override

I have a file that is being auto sourcetyped as syslog, and the file is read by a splunk agent. An example follows: ...

by Path Finder in

Rewrite hostname don't work

Hi all, I need to append the domain to all hosts that send data to my splunk indexer, to avoid duplications (hostname...

by Path Finder in

can a universal forwarder serve as a relay between another forwarder and the indexer?

Can I have a universal forwarder collect data from other universal forwarders and then send that off to the indexer?

by Splunk Employee in

How to listen on UDP but Splunk 4.1.7 is not listening?

Hi, i have setup before UDP as input for Splunk 4.1.7. But this time my configuration doesn´t work and i have no ...

by Contributor in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Encoding for forwarded data

How to replace meta information?

Monitor a FTP server?

inputs.conf error

inputs.conf error in SplunkForwarder

Logs from remote host

Monitor cisco router interfaces- Is syslog enough or do I have to use snmp?

Events from second-tier Windows Universal Forwarders not appearing in Splunk

Hot Bucket Data on Splunk Crash

Can you blacklist a host?

Command Usage with Examples..

new monitor stanza not indexed

Problem reading syslog events

Data Collection from Printers

Does Universal Forwarder Solaris v8 app work on Ultra-60?

Universal Forwarder Not Forwarding Windows Event Logs

Splunk for Exchange 2010 error

Current date exclusion from search events

the number of files column in the data inputs manager

Index Local Machine

Setting custom sourcetypes on 'managed' universal forwarder

hostname override

Rewrite hostname don't work

can a universal forwarder serve as a relay between another forwarder and the indexer?

How to listen on UDP but Splunk 4.1.7 is not listening?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions