Getting Data In

Community Activity

How do I "watch" a specific log file and only send updates based on specific strings? I need to watch log files for certain error strings only. Ideally this would be done on the machine that contains th... by sdickson New Member in Getting Data In 07-27-2011 0 1	0	1
Cannot figure Universal forwarder out I have done 3-4 days of research and have been striking out. Here is the process that I follow. I install the unive... by chrisscott1 New Member in Getting Data In 07-26-2011 0 1	0	1
Splunk API paging I'm running into an issue with using the Splunk API and it only returning 30 records. I've searched the Splunk API, ... by Zambonilli Explorer in Getting Data In 07-26-2011 0 2	0	2
How do I read just one file in a app? I want to be able to push down a single application which contains an inputs.conf to monitor files on a Oracle RAC sy... by approachct Path Finder in Getting Data In 07-25-2011 0 1	0	1
Missing data - Splunk is showing random gaps in the 'indexed data' timeline and safeService warning in Splunkd.log My Splunk instance is constantly indexing data 24*7, but I've noticed some gaps in the indexed data timeline recently... by mctester Communicator in Getting Data In 07-25-2011 3 3	3	3
Checking multiple Regex against once sourcetype I'm trying to define multiple REGEX for one sourcetype. Because the events can vary massively I need to have differen... by Drainy Champion in Getting Data In 07-22-2011 2 1	2	1
Massive unexpected Cold to Frozen execution ? Problem summary: After Splunk update from 4.2 to 4.2.1, one (and only one) of the indexes started a warm to cold a... by ruiaires Path Finder in Getting Data In 07-22-2011 0 4	0	4
SplunkUniversalForwarder & UDP transfer Hey! Is it possible to configure SplunkUniversalForwarder to receive data by udp and send this data to indexer? How?... by Vladimir Path Finder in Getting Data In 07-22-2011 0 2	0	2
Is there a way to get Splunk to do oneshot indexing sequentially? I have a large number of files (going by the thousands) that I only need to index once, and since I want to know when... by rf2010 New Member in Getting Data In 07-21-2011 0 2	0	2
Ignored unique path file with crcSalt = Having trouble with CRC, I set my inputs to use crcSalt = , which I understood would use the full path of the input,... by chca Path Finder in Getting Data In 07-21-2011 1 1	1	1
Removing CSV Header from Indexing Hello Splunk Community, I uploaded custom CSV files to Splunk for indexing. The CSV Header for each file is being in... by srsava New Member in Getting Data In 07-21-2011 0 4	0	4
Monitors not listed in inputs.conf in local I used the web interface to add some monitors, but I need to customize them. I opened the inputs.conf file in the loc... by chca Path Finder in Getting Data In 07-21-2011 0 2	0	2
Distribute data from one source to different indexes Hi guys. I am having some trouble routing data from one source to different indexes. Here is my setup inputs.conf ... by kenchisho Path Finder in Getting Data In 07-19-2011 0 3	0	3
Enforce indexing quota/limit by Host? Is there a way to configure Splunk to enforce indexing quoatas by Host? e.g. Do not index more than 250MB per day fo... by NK_1 Path Finder in Getting Data In 07-18-2011 3 3	3	3
Universal Forwarder not listening on port 8000 I have a strange problem. When I install the universal forwarder on my log server and perform a netstat -l I do not ... by sab057 Explorer in Getting Data In 07-15-2011 2 4	2	4
Full blow instances of apps on Universal Forwarders? I have been reading link:Splunk 4.2 Universal Forwarder nix Why does a universal forwarder need the entire nix app... by byronschwab Engager in Getting Data In 07-15-2011 0 1	0	1
how do I pull just the host field out of a search to use as input for a custom search module I am trying to write a custom search module in python that will check the host field of event data in a comprehensive... by msantoro1 Explorer in Getting Data In 07-14-2011 0 4	0	4
Manual Inputs, what location are they kept? Not new to Splunk, but new to 4.2.2. I had setup a forwarder and manually entered specific paths to monitor: /p01/fo... by _z_ Explorer in Getting Data In 07-14-2011 1 7	1	7
How do I Remove linebreak characters from nbe files Hello all, We have Nessus running on a Linux server which also has a Splunk Heavy Forwarder 4.1.8. We have the Nessu... by I-Man Communicator in Getting Data In 07-14-2011 1 2	1	2
rsyslog connection to splunk stalling Most of our systems use rsyslog for logging, and log their events over UDP to a central splunk server. This works fi... by tcutts New Member in Getting Data In 07-13-2011 0 2	0	2
Splunk forwarder text masking hello I need help. for masking text in .log file with splunk forwarder i have 16 numbers like 1111-2222-3333-4444 I ... by gchkhikvadzecar Engager in Getting Data In 07-13-2011 1 1	1	1
Syslog data is lost Hi, I saw several posts about this problem, but none with a valid answer. My problem is that I have a running Splunk... by imbuto New Member in Getting Data In 07-13-2011 0 1	0	1
Can single Forwarder send fileA to indexerA and fileB to indexerB? I have a 'dev/tst' db host.. but have dev app indexer and tst app indexer. Is there a way to configure a single forwa... by _z_ Explorer in Getting Data In 07-12-2011 1 2	1	2
indexer not properly segmenting groupwise data from forwarder I have several groupwise servers running forwarders to a single index server. For the most part the data is arriving... by Cagey Engager in Getting Data In 07-12-2011 1 1	1	1
Log Retention Hi all, I've studied that Splunk is capable of retenting the original logs feed in to it, also audit the changes if ... by infosec_skrc Explorer in Getting Data In 07-12-2011 0 2	0	2

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Getting Data In

How do I "watch" a specific log file and only send updates based on specific strings?

Cannot figure Universal forwarder out

Splunk API paging

How do I read just one file in a app?

Missing data - Splunk is showing random gaps in the 'indexed data' timeline and safeService warning in Splunkd.log

Checking multiple Regex against once sourcetype

Massive unexpected Cold to Frozen execution ?

SplunkUniversalForwarder & UDP transfer

Is there a way to get Splunk to do oneshot indexing sequentially?

Ignored unique path file with crcSalt =

Removing CSV Header from Indexing

Monitors not listed in inputs.conf in local

Distribute data from one source to different indexes

Enforce indexing quota/limit by Host?

Universal Forwarder not listening on port 8000

Full blow instances of apps on Universal Forwarders?

how do I pull just the host field out of a search to use as input for a custom search module

Manual Inputs, what location are they kept?

How do I Remove linebreak characters from nbe files

rsyslog connection to splunk stalling

Splunk forwarder text masking

Syslog data is lost

Can single Forwarder send fileA to indexerA and fileB to indexerB?

indexer not properly segmenting groupwise data from forwarder

Log Retention

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation