Getting Data In

Ask a Question

Discussions

Thread Info

Universal forwarder adds -root to servername?

As I don't know if this is a bug or intended I'll try to see if anyone know. When doing a new install of the unive...

by Engager in

Forwarding one instance to another

Hi, I have a splunk server setup on an internal network which has differing numbers of machines all using either s...

by Champion in

multiple fschange on the same files

Will this cause any issues, I would like to do [fschange:/etc] index = linux-security recurse = true followLinks =...

by Path Finder in

Perform: only give host name instead of FQDN

I have a splunk universal forwarder , The Perform can only give me the short host name. but at the same time WinEvent...

by Explorer in

CPU usage using the lightforwarder

I am using the light forwarder on AIX and running into high CPU usage (80-90% of a CPU). We tracked it down to using ...

by Path Finder in

Multiple Intermediate Forwarders (internal/external) for mobile clients

Does anyone know of any solution that will allow me to install a SPLUNK universal forwarder on a laptop and when the ...

by Path Finder in

How can I merge _meta from several inputs.conf files

I use the universal forwarders ability to enrich the transported files with _meta keywords as follows: ./etc/apps/...

by Path Finder in

Forwarder configuration to forward os data

Hello, How can I install and configure a forwarder at my windows machine to transfer OS data (cpu load, memory etc...

by Explorer in

What does "blockSignatureDatabase tag required in config" mean?

I use Universal Forwarder (UF) and try to configure it using DeploymentServer located on det index server. The applic...

by Explorer in

Unique users, above threshhold, within timespan

Hi all, Having developed a filter that dials in the events and fields I want, I'd now like to have it display only...

by New Member in

Tranformations to set different sourcetypes based on fields in an event

I am trying to change the sourcetype on the events from a dataset based on certain fields in the dataset that is curr...

by New Member in

Can we Tag logs to determine which forwarder sent the logs?

All, We have three 4.1.8 forwarders that send to an indexer. Is there anyways we can determine from the indexer, w...

by Communicator in

Does Splunk support indexing of timestamps in tai64nlocal format?

I did not find this in the Splunk docs. As a test, I just indexed some sample events with tai64nlocal format and i...

by Splunk Employee in

perfmon no longer working?

Installed via command line with: msiexec /I splunk...msi /qn ALLUSERS=1 REBOOT=ReallySuppress AGREETOLICENSE=Yes ...

by Influencer in

Monitoring indexers through health checks / heartbeats?

Greetings Splunkers, I've seen in a lot of the online documentation about the "autoLB" mode of load-balancing, how...

by Builder in

Can I chain fields together between two different lookups (.csv files)?

Can I perform a lookup using one csv file and then use a returned field from that one to perform a second lookup in a...

by Splunk Employee in

dc01 and DC01 different host accoring to splunk

For some reason, splunk is showing one host as two, one as DC01 (example) and dc01. Is there any way to merge them?

by Path Finder in

Convert original log timestamp

The timestamp of log is 2011-06-02 06:06:45 , splunk will resolve it as 11-6-2 AM 06:06:45.000. But this is UTC time....

by Contributor in

Unviersal Forwarder without an app

Basically I want to be able to send JBoss server logs from one linux machine to another using the Splunk Universal Fo...

by Path Finder in

how can I setup splunk to monitor syslog-ng and other other logs via the UF?

Hi, Am a newbie to splunk, I am able to install splunk but i am not able to understand forwarders and where and ho...

by New Member in

Split multi-line events

I have a file that has multiple multi line events. Each event is broken up into "INFO: ---" or "ERROR: ---" ERROR:...

by Explorer in

esxi timezone

Hello I'm having trouble getting splunk to adjust the timezone. The data shows up two hours behind the timezone on...

by Path Finder in

Universal Forwarder

I have multiple LAMP servers that I am looking to monitor with Splunk. I got my server setup last Friday and setup th...

by New Member in

Why is "Number of files" 1 ?

I have installed latest Splunk and have monitoring on a number of shared log-directories on remote servers. If I g...

by New Member in

Can Splunk write the data it receives to raw syslog files?

Hi, I know, this sounds backwards. However, this is a requirement for a migration process from a syslog-ng/custom ...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Universal forwarder adds -root to servername?

Forwarding one instance to another

multiple fschange on the same files

Perform: only give host name instead of FQDN

CPU usage using the lightforwarder

Multiple Intermediate Forwarders (internal/external) for mobile clients

How can I merge _meta from several inputs.conf files

Forwarder configuration to forward os data

What does "blockSignatureDatabase tag required in config" mean?

Unique users, above threshhold, within timespan

Tranformations to set different sourcetypes based on fields in an event

Can we Tag logs to determine which forwarder sent the logs?

Does Splunk support indexing of timestamps in tai64nlocal format?

perfmon no longer working?

Monitoring indexers through health checks / heartbeats?

Can I chain fields together between two different lookups (.csv files)?

dc01 and DC01 different host accoring to splunk

Convert original log timestamp

Unviersal Forwarder without an app

how can I setup splunk to monitor syslog-ng and other other logs via the UF?

Split multi-line events

esxi timezone

Universal Forwarder

Why is "Number of files" 1 ?

Can Splunk write the data it receives to raw syslog files?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Splunk Answers Content Calendar May 2025

Getting Data In

Are you a member of the Splunk Community?

Discussions