Getting Data In

Discussions

Thread Info

Cisco IPS works, but it does not transfer events to Splunk

Hello everybody, We have four Cisco ipsen. As described in the manual, the Cisco IPS Addon was installed. The Cisc...

by New Member in

no_appending_timestamp behaviour for splunktcp source

Scenario: I want to forward syslog data using a splunk universal forwarder. However, when it gets to the central splu...

by Explorer in

After upgrading to 4.2 Failed to start splunkweb service

Upgrade from 4.1.x to 4.2, when I try to start Splunk Splunkd starts but splunkweb fails with the following message: ...

by Splunk Employee in

How to restart windows universal forwarder?

How do you restart the windows universal forwarder after a post-install change in the configuration?

by Explorer in

How can I avoid duplicates when indexing logfiles on a cluster filesystem?

I have a couple of clusters with logfiles that reside on a shared cluster filesystem that all hosts in the cluster lo...

by Explorer in

Will Splunk re-index a log file if I compress it after it's been indexed?

I have an environment set-up such that syslog-ng redirects syslog to my central log host in this format: /server/host...

by Builder in

forward a subset of existing input

I’m trying to take a subset of our regular logs and forward them on to another department. Am I doing this right? Is ...

by Path Finder in

Forwarder is not forwarding all the files in directory.

I have configured a forwarder on Linux and receiver on different Linux box. After restarting the forwarder I can s...

by New Member in

Load Balancing Universal Forwarders

I am getting ready for a new install of Splunk. I am going to start with version 4.2. I would like to do a universal ...

by Explorer in

training splunk to recognize events from bacula

I am running into trouble getting splunk to properly break down events from bacula. Below is an example of a bacula e...

by Communicator in

How to manage indexing rolling log files without duplicating data in the Index

We are testing in a high throughput environment capturing logs that grow to 251MB in ~ 4-6 minutes at which time the ...

by Path Finder in

How do I delete a duplicate data input

Somehow I have a duplicate remote directory input listed in my inputs it is in the format ///servername//direcotory//...

by New Member in

What is the virtual memory footprint for Universal Forwarder?

How much memory can I expect the Universal Forwarder to require on a machine? Is there a hard ceiling for the virtual...

by Splunk Employee in

Prompt for Splunk user when configuring Universal Forwarder

I've just upgraded to Splunk 4.2 and have installed and started the UF on a Linux box. But when I try to run, ./sp...

by Engager in

Windows Server with Corrupted Security Log

I have a server that had a corrupted Security Log. In order to resolve that problem I backed up the security log a...

by Engager in

Will LWF's metrics.log be forwarded to the Indexer as default?

I've noticed LWF's metrics.log were forwarded to the indexer as default in some version of splunk. But, not all the v...

by Splunk Employee in

Monitoring folder stops monitoring files

I suspect that this has something to do with the fact that my log files are being generated by appending to the end o...

by Explorer in

Read and transfer data from splunk index to other application

I would like to know if there is a way to read from splunk DB and redirect that data to some other application. I hav...

by Explorer in

Forwarding all events from a Splunk Instance

I am using Splunk to collect logs from a diverse environment. The same events, or at least a large subset, need to be...

by Explorer in

Export to Syslog

Hi All, Does anyone know if it's possible to take logs that have been grabbed from Windows WMI and indexed, and th...

by Explorer in

Faulting application splunkd.exe on Win2003 x86 Servers

I have installed Splunk as a forwarder/light forwarder on a few of our Win2003 x86 servers as a test and am receiving...

by Engager in

Opsec_lea not breaking even reliably

i have the lea-loggrabber.sh script working well and reliably getting all new logs from checkpoint cma into splunk. I...

by Communicator in

Data Inputs / TCP or UDP

I am not very familiar with Splunk and syslog servers in general, but I am trying to learn. There is a "Broadcast on ...

by Engager in

Splunk Forwarder License

I recently copied the splunk-forwarder.license details mentioned in our indexer to splunk.license (into one of our fo...

by Path Finder in

1MB Forwarder license expiring?

At a few customers now I have seen a 1MB (forwarder) license with an expiration of early March. I'm not sure where th...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Cisco IPS works, but it does not transfer events to Splunk

no_appending_timestamp behaviour for splunktcp source

After upgrading to 4.2 Failed to start splunkweb service

How to restart windows universal forwarder?

How can I avoid duplicates when indexing logfiles on a cluster filesystem?

Will Splunk re-index a log file if I compress it after it's been indexed?

forward a subset of existing input

Forwarder is not forwarding all the files in directory.

Load Balancing Universal Forwarders

training splunk to recognize events from bacula

How to manage indexing rolling log files without duplicating data in the Index

How do I delete a duplicate data input

What is the virtual memory footprint for Universal Forwarder?

Prompt for Splunk user when configuring Universal Forwarder

Windows Server with Corrupted Security Log

Will LWF's metrics.log be forwarded to the Indexer as default?

Monitoring folder stops monitoring files

Read and transfer data from splunk index to other application

Forwarding all events from a Splunk Instance

Export to Syslog

Faulting application splunkd.exe on Win2003 x86 Servers

Opsec_lea not breaking even reliably

Data Inputs / TCP or UDP

Splunk Forwarder License

1MB Forwarder license expiring?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

UF

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout