Getting Data In

Discussions

Thread Info

Universal forwarder windows to syslog doesn't work

I am trying to get the Universal Forwarder to forward event logs (System and Security) from Windows to syslog on Linu...

by Path Finder in

Log time differs from time on splunk host

I'm running splunk in windows where the time is in PST. I read logs in GMT time, so when I search for most recent,...

by Path Finder in

Indexing xml log file input

I have a log file wherea typical line entry is as below ... I am trying to construct REGEX to be included in the "tra...

by Path Finder in

Logs with no timestamp incorrectly getting date from file name

I have a sourcetype where Splunk is correctly getting the time stamp from the events, but the events don't contain a ...

by Communicator in

Collect Windows Version

Is there a recommended best-practice for collecting the version of windows that a certain Splunk-instance is running ...

by Contributor in

How do I process rar files on a Windows Splunk install?

I thought that Splunk would read compressed files and load them, however it is telling me the rar file is a binary. I...

by Path Finder in

What's a best practice for ignoring Windows 2008 security events

Like most of us with Windows servers, I'm fighting with keeping my license usage down in the face of Windows Server 2...

by Communicator in

Splunk, monitor file changes and MD5 checksum

Hi all, I'm trying to index a log file which consists of some counters. This file doesn't change a lot as counters...

by Explorer in

Distance between a Search Head and an Indexer

We are looking at merging Splunk instances between different data centers and having a single Search head cluster. ...

by Builder in

Index just filenames in a directory

Is it possible to just index a directory of filenames? I have a directory containing gobs of logfiles. I really don't...

by Explorer in

Search for failed inputs

I indexed 365 files (a daily IIS log for a year) and according to the TailingProcessor:FileStatus there were some tha...

by Path Finder in

Problems with a dynamic input header in a scripted input

I have a number of custom scripted inputs that use the dynamic input header (***SPLUNK*** key=val) to establish vario...

by Super Champion in

How do you override "source" on a oneshot?

I'm using oneshot to do a one-time import of data: splunk add oneshot $(pwd)/mydata -sourcetype mytype -index main...

by Splunk Employee in

SUF sending to one port from many hosts, events overlap each other

IGNORE this question/problem. Bad search skills led to bad conslusion. About 30 Splunk Universal Forwarders se...

by Influencer in

Does the UF use props.conf and/or transforms.conf or not?

If I am reading http://splunk-base.splunk.com/answers/27373/universal-forwarder-and-propsconf-and-transformsconf corr...

by Explorer in

Why is the batch processor not honouring the metadata header?

Something's up with the batch processor. I send the following file to a sink and it doesn't set any of the metadata f...

by Communicator in

Splunk could not find a controller to import for the following module: "Splunk.Module.Test".

I am working on a custom module that extends the SingleValue module. I couldn't get the custom module to work correct...

by Explorer in

sourcetype=tcp-raw

I'm using a forwarder (regular) to forward TCP input to indexer. The events are being forwarded correctly to the inde...

by Explorer in

Preferred placement of files to be monitored (which inputs.conf)

My indexer is on Linux, but all the forwarders are on Windows. I've been putting the file names being monitored into ...

by Contributor in

SSL on universal, heavy, and splunk server?

Reading the questions that reference SSL certificates for splunk data I'm confused. If I simply use SSL to encrypt da...

by Engager in

Don't store "success" log entries

Is there a way to make it so Splunk will discard a log entry that comes in with a certain substring in the message su...

by Engager in

not indexing after cleaning eventdata

So i created an app folder... and indexes.conf .. and an inputs.conf to monitor a directory. I then restarted splu...

by Contributor in

extracting from logs before indexing to server

Hi Is there a way to extract a part of log event before it being indexed to splunk server for example Below is th...

by Path Finder in

How do I "watch" a specific log file and only send updates based on specific strings?

I need to watch log files for certain error strings only. Ideally this would be done on the machine that contains the...

by New Member in

Cannot figure Universal forwarder out

I have done 3-4 days of research and have been striking out. Here is the process that I follow. I install the univers...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Universal forwarder windows to syslog doesn't work

Log time differs from time on splunk host

Indexing xml log file input

Logs with no timestamp incorrectly getting date from file name

Collect Windows Version

How do I process rar files on a Windows Splunk install?

What's a best practice for ignoring Windows 2008 security events

Splunk, monitor file changes and MD5 checksum

Distance between a Search Head and an Indexer

Index just filenames in a directory

Search for failed inputs

Problems with a dynamic input header in a scripted input

How do you override "source" on a oneshot?

SUF sending to one port from many hosts, events overlap each other

Does the UF use props.conf and/or transforms.conf or not?

Why is the batch processor not honouring the metadata header?

Splunk could not find a controller to import for the following module: "Splunk.Module.Test".

sourcetype=tcp-raw

Preferred placement of files to be monitored (which inputs.conf)

SSL on universal, heavy, and splunk server?

Don't store "success" log entries

not indexing after cleaning eventdata

extracting from logs before indexing to server

How do I "watch" a specific log file and only send updates based on specific strings?

Cannot figure Universal forwarder out

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions