Getting Data In

Ask a Question

Discussions

Thread Info

fschange output

I have set up the following fschange for a test, in a test-box [filter:blacklist:sys-folder-blacklist] regex1=/sys...

by Path Finder in

syntax for scripted input in inputs.conf

Am I correct in thinking that [script://./bin/runmycmd.sh cmd] will not work? I'd like to be able to hand t...

by Communicator in

New Install - TailingProcessor - Could not send data to output queue (parsingQueue), retrying…

After installing Splunk on a new node as a LightWeightForwarder and configuring for the local logs I wanted to monito...

by Motivator in

Authorization Failed: [HTTP 403] Client is not authorized to perform requested action

New to Splunk.... Was in the role section and deleted the User role and now I am getting the error "Authorization Fai...

by Path Finder in

Multiple error_log files

Maybe you can help me out with something. I have multiple files of the same type, error_log files, that are named dif...

by New Member in

multiple fschange issues

I have a few issues when trying to use fschange. even though fullEvent = true & sendEventMaxSize = -1, I am still ...

by Path Finder in

How to enable Windows 2003 to audit MSSQL changes for PCI compliance

For the purposes of PCI compliance, has anyone figured out how to monitor changes/queries (containing user CC info) m...

by Splunk Employee in

Delay in seeing forwarded data

There seems to be a 10 to 15 minute delay in the data that is being sent from a light weight forwarder to my central ...

by Engager in

fschange and indexing gzip files

I am using fschange to monitor some gziped files. When the full event is loaded it is index as binary gzip and no...

by Path Finder in

Are there any good examples or recommendations on how to index data from an Access database?

Im curious if anyone has any advice, cautionary tales, or good examples about how to go about indexing data from a da...

by SplunkTrust in

Splunk does not collect WMI events

Splunk was collecting event before but suddenly it stopped collecting events. I have restarted Splunk several times. ...

by Splunk Employee in

syslog with linebreak

I am having difficulty getting linebreaking working for a particular type of syslog messages. I have looked at http:/...

by Communicator in

Merging multiline events

Greetings! I am trying to merge 2 lines into 1 event but having problems. Appreciate advice on my steps taken S...

by Explorer in

Adding new data to index with a new sourcetype

I want add some files from a directory to be monitored by splunk, but I also want to give it a new sourcetype called ...

by Explorer in

Can Splunk monitor a subversion url for changes?

I would like to monitor a subversion repository for changes. Is this something I can do with Splunk?

by Engager in

LWF send source name when raw

Is there a way to make Light Forwarder include the name of the file it is sending events from (i.e. source) when send...

by Splunk Employee in

Multiple timestap formats and subsecond with two digits only

Hi everybody, is it possible to teach a custom datetime.xml that my subsecond field is only two digit long? I hav...

by Builder in

Backed Up Indexers

According to my Deployment monitor app one of my indexer shows backed up. I need help find out if it is some thing du...

by Path Finder in

Changing sourcetype of incoming TCP syslogs

Hi everyone. Quite new to the product, I am struggling a bit. All my logs are coming through syslog on TCP 514 and...

by Explorer in

WinEvent Filtering on Heavy Forwarder

Hi, Trying to send all eventIDs from WinEventLog:Security to NullQueue with the exception of 592 and 593. Still getti...

by Engager in

HOWTO: throw away portions of an event

I have a very talkative data source that I only want a few fields - not entire events - from. How do I keep the parts...

by Motivator in

Can I route based on wildcard source

Can I say this? [source::/usr/local/blackboard/*] TRANSFORMS-routing=otherRouting In my inputs, I have pretty ...

by Path Finder in

How to get rid of a sourcetype?

Somehow I've managed to get three different sourcetypes for syslog appearing in my search results: "syslog" 2,049,...

by Explorer in

Actions Menu Export Results TitleBar module

Hey, I have a Titlebar module in my form with the following code: <module name="TitleBar" layoutPanel="vie...

by Motivator in

Checking machines' status from outside a firewall

I have a Win7 PC on which I would like to run splunk, but the majority of machines (mostly UNIX) I would like to moni...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

fschange output

syntax for scripted input in inputs.conf

New Install - TailingProcessor - Could not send data to output queue (parsingQueue), retrying…

Authorization Failed: [HTTP 403] Client is not authorized to perform requested action

Multiple error_log files

multiple fschange issues

How to enable Windows 2003 to audit MSSQL changes for PCI compliance

Delay in seeing forwarded data

fschange and indexing gzip files

Are there any good examples or recommendations on how to index data from an Access database?

Splunk does not collect WMI events

syslog with linebreak

Merging multiline events

Adding new data to index with a new sourcetype

Can Splunk monitor a subversion url for changes?

LWF send source name when raw

Multiple timestap formats and subsecond with two digits only

Backed Up Indexers

Changing sourcetype of incoming TCP syslogs

WinEvent Filtering on Heavy Forwarder

HOWTO: throw away portions of an event

Can I route based on wildcard source

How to get rid of a sourcetype?

Actions Menu Export Results TitleBar module

Checking machines' status from outside a firewall

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures