Getting Data In

Discussions

Thread Info

delivery of reports in pdf format

Hi every one , i am using Splunk on windows operationg system. I would like to deliver reports in pdf format to end u...

by Explorer in

capturing windows failed login

I have been trying with the below query to capture the failed login attempts made on the windows servers. source="...

by Explorer in

Squid Log files

Hey All, I enabled the squid app for splunk and threw a log file into it. Pretty quick and easy, and I whipped ou...

by Contributor in

4.2 UDP input with source IP: not working?

EDIT: I've discovered this only happens if I specify more than one stanza on the same port -- different remote IPs, s...

by Influencer in

Return NULL events based on inputlookup

I'm trying to create a search to determine which hosts in a CSV file don't have any events associated with it within ...

by Path Finder in

Anyone setup a netstat like input for Windows?

Has anyone setup the windows "netstat" command as an input? I like the "netstat" source provided in the unix app, ...

by Super Champion in

Post Server Rename weirdness

We performed renames on several servers and am seeing them all show with a weird issue. It seems that there are still...

by New Member in

filter data at indexer from forwarder-- not working

I have set up a few heavy forwarders. I did this to filter data, and learn how. Some of these are on a WAN and will r...

by Contributor in

Universal forwarder with splunk indexer 4.1.7 - will it work?

Can I use the universal forwarder 4.2 to send data to an indexer running Splunk 4.1.7 (or older) ?

by Path Finder in

Change the INDEX for data received from Splunk Windows Forwarder

Hi, is it possible to use different indexes on the main splunk server which received the data from windows forwar...

by Contributor in

how to assign index and sourcetype to multiple different file types that live in the same directory

I have a handful of different sourcetypes that all get written to log files in /var/log/app. I also have more than on...

by Communicator in

Filtering during index-time not working

I have the following stanza in transforms.conf: [medusa_media_access-drop-events] REGEX = ^\S+\s++\S+\s++\[[^\]]*\...

by Path Finder in

Merge Multiline Java Stack trace via syslog

I'm having a heck of a time figuring out the best way to get splunk to show these multiline events in one event. Any ...

by Explorer in

Need help rewriting DNS log lines

I have DNS log lines that look like the following: (4)mail(6)google(3)com(0) (7)twitter(3)com(0) (12)spreadsheets(...

by Champion in

addition of log files to already configured input path

Hi , I have below configuration in inputs .conf [monitor:C:\Program Files\Splunk\etc\apps\sampleApp\samplelogs] ...

by Path Finder in

load compressed files

Hi, as we know , before splunk eat a compressed file, splunk will decompress it first then index it. but, if w...

by Communicator in

Multiple Sources on a single host

I have a Splunk 4.1.7, build 95063 instance and am trying to pull logs from Informix DB on Solaris 10. So I had set t...

by Explorer in

Another Newbee Question...Searching Indexed Data

Totally new with Splunk. Have mercy on my soul!  I am trying to set up Splunk on my laptop as I am awaiting licen...

by New Member in

Agent vrs Forwarder?

Is a Splunk Agent the same as a Splunk Forwarder? Thanks, Ray

by New Member in

Change source name for exisiting data.

I tried out the option "source name override" when setting up a UDP data input to replace "UDP:514" with "mynetworkSy...

by Explorer in

Using transforms to divide monitor input to multiple indexes

I am trying to filter a log file coming in via a universal forwarder (both installs are 4.2) so that messages contain...

by Explorer in

splunk stopped forwarding...

I have a simple setup. A light forwarder, forwarder and an indexer. The light forwarder stopped working about 5 days ...

by Contributor in

Is there any sensitive data in the _internal index

Hi Splunkers, We have a macro here we're using to allow users to search their previous search history. It relies o...

by Explorer in

Where is my host data coming from?

I have about 50 forwarders in my environment. Somewhere I have screwed up, and included the same set of host data twi...

by Path Finder in

missing data in All Forwarders - Splunk Deployment App

We just updated to 4.2 on our splunk server, and I am in the midst of pushing the Universal Forwarder out to replace ...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

delivery of reports in pdf format

capturing windows failed login

Squid Log files

4.2 UDP input with source IP: not working?

Return NULL events based on inputlookup

Anyone setup a netstat like input for Windows?

Post Server Rename weirdness

filter data at indexer from forwarder-- not working

Universal forwarder with splunk indexer 4.1.7 - will it work?

Change the INDEX for data received from Splunk Windows Forwarder

how to assign index and sourcetype to multiple different file types that live in the same directory

Filtering during index-time not working

Merge Multiline Java Stack trace via syslog

Need help rewriting DNS log lines

addition of log files to already configured input path

load compressed files

Multiple Sources on a single host

Another Newbee Question...Searching Indexed Data

Agent vrs Forwarder?

Change source name for exisiting data.

Using transforms to divide monitor input to multiple indexes

splunk stopped forwarding...

Is there any sensitive data in the _internal index

Where is my host data coming from?

missing data in All Forwarders - Splunk Deployment App

Advanced Splunk Data Management Strategies

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?