Getting Data In

Thread Info

Prompt for Splunk user when configuring Universal Forwarder

I've just upgraded to Splunk 4.2 and have installed and started the UF on a Linux box. But when I try to run, ./sp...

by Engager in

Windows Server with Corrupted Security Log

I have a server that had a corrupted Security Log. In order to resolve that problem I backed up the security log a...

by Engager in

Will LWF's metrics.log be forwarded to the Indexer as default?

I've noticed LWF's metrics.log were forwarded to the indexer as default in some version of splunk. But, not all the v...

by Splunk Employee in

Monitoring folder stops monitoring files

I suspect that this has something to do with the fact that my log files are being generated by appending to the end o...

by Explorer in

Read and transfer data from splunk index to other application

I would like to know if there is a way to read from splunk DB and redirect that data to some other application. I hav...

by Explorer in

Forwarding all events from a Splunk Instance

I am using Splunk to collect logs from a diverse environment. The same events, or at least a large subset, need to be...

by Explorer in

Export to Syslog

Hi All, Does anyone know if it's possible to take logs that have been grabbed from Windows WMI and indexed, and th...

by Explorer in

Faulting application splunkd.exe on Win2003 x86 Servers

I have installed Splunk as a forwarder/light forwarder on a few of our Win2003 x86 servers as a test and am receiving...

by Engager in

Opsec_lea not breaking even reliably

i have the lea-loggrabber.sh script working well and reliably getting all new logs from checkpoint cma into splunk. I...

by Communicator in

Data Inputs / TCP or UDP

I am not very familiar with Splunk and syslog servers in general, but I am trying to learn. There is a "Broadcast on ...

by Engager in

Splunk Forwarder License

I recently copied the splunk-forwarder.license details mentioned in our indexer to splunk.license (into one of our fo...

by Path Finder in

1MB Forwarder license expiring?

At a few customers now I have seen a 1MB (forwarder) license with an expiration of early March. I'm not sure where th...

by Motivator in

Route data to index based on host

Hi folks, I'd like to route WMI logs to different indexes based off the host name (I have a few environments) G...

by Path Finder in

Multi-Line Syslog Interpretted as Separate Messages

2011-03-09T11:21:34-04:00 ab-wtsk-mg3200-2 [Src=10.157.32.26/49842 Dst=4070 PType=6] ErrMgs=1 Cid=23: 1 RTP packets l...

by Explorer in

Scripted input rlog.sh is indexing multiple same events

Hi I've enabled the script input /opt/splunk/etc/apps/unix/bin/rlog.sh to read audit events. However I noticed ...

by Contributor in

Splunk on Linux making WMI queries to Windows servers

I have Splunk running on a Linux server and I need to index WMI-based events, like perfmon data, from my Windows serv...

by Splunk Employee in

label fields in a flat file

I have activity files from a vpn radius server and I'd like to label the fields as they go into splunk... I'm not eve...

by New Member in

How can I use REST endpoints (or gui) to upload a file to role-restricted indexes?

Our Splunk environment has multiple indexes, with role restrictions on index access. I want to allow users to uplo...

by Path Finder in

Why is the license on the forwarder/search head displaying a message it is expiring in x days on March 7, 2011?

I have a perpetual Enterprise license and having not been having any issues until the today when I started to see a m...

by Splunk Employee in

CSV fields and multiple timestamps

I have a csv tab-delimited file with entries that looks like this: GPDB20A LTO3 L03 03/08/11 06:01:20 1299592...

by Path Finder in

Yet another filtering problem. Many transforms in transforms.conf not filtering

I am trying to filter with many transform statements. I believe everything is configured correctly. But I get ALL eve...

by Path Finder in

I only want to index the last 365 days of data. Can this be done?

I only want to index the last 365 days of data. Can this be done in Splunk 4.1? Any data older than one year should b...

by New Member in

Splunk Hosts Not Showing Up

I have one Splunk receiver set up and several forwarders (forwarders using free version). About 9 of my hosts are lis...

by Explorer in

Parsing appended Robocopy job logs

Has anybody dealt with splunking Windows Robocopy.exe logs? I'm about to dive into it, and am looking for prior art. ...

by Path Finder in

Question about using virtual machines for intermediate forwarders

Hello folks, I'm trying to puzzle out getting around SPL-34965 (WMI not load balancing), not inundating a single i...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Prompt for Splunk user when configuring Universal Forwarder

Windows Server with Corrupted Security Log

Will LWF's metrics.log be forwarded to the Indexer as default?

Monitoring folder stops monitoring files

Read and transfer data from splunk index to other application

Forwarding all events from a Splunk Instance

Export to Syslog

Faulting application splunkd.exe on Win2003 x86 Servers

Opsec_lea not breaking even reliably

Data Inputs / TCP or UDP

Splunk Forwarder License

1MB Forwarder license expiring?

Route data to index based on host

Multi-Line Syslog Interpretted as Separate Messages

Scripted input rlog.sh is indexing multiple same events

Splunk on Linux making WMI queries to Windows servers

label fields in a flat file

How can I use REST endpoints (or gui) to upload a file to role-restricted indexes?

Why is the license on the forwarder/search head displaying a message it is expiring in x days on March 7, 2011?

CSV fields and multiple timestamps

Yet another filtering problem. Many transforms in transforms.conf not filtering

I only want to index the last 365 days of data. Can this be done?

Splunk Hosts Not Showing Up

Parsing appended Robocopy job logs

Question about using virtual machines for intermediate forwarders

Mastering Data Pipelines: Unlocking Value with Splunk

The Latest Cisco Integrations With Splunk Platform!

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Palo alto Strata logging service logs

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?