Getting Data In

Community Activity

sourcetype=tcp-raw I'm using a forwarder (regular) to forward TCP input to indexer. The events are being forwarded correctly to the ind... by pmr Explorer in Getting Data In 07-29-2011 0 3	0	3
Preferred placement of files to be monitored (which inputs.conf) My indexer is on Linux, but all the forwarders are on Windows. I've been putting the file names being monitored into... by RVDowning Contributor in Getting Data In 07-28-2011 1 1	1	1
SSL on universal, heavy, and splunk server? Reading the questions that reference SSL certificates for splunk data I'm confused. If I simply use SSL to encrypt d... by byronschwab Engager in Getting Data In 07-28-2011 1 1	1	1
Don't store "success" log entries Is there a way to make it so Splunk will discard a log entry that comes in with a certain substring in the message su... by jmorello Engager in Getting Data In 07-28-2011 1 1	1	1
not indexing after cleaning eventdata So i created an app folder... and indexes.conf .. and an inputs.conf to monitor a directory. I then restarted splunk... by hiddenkirby Contributor in Getting Data In 07-28-2011 1 11	1	11
extracting from logs before indexing to server Hi Is there a way to extract a part of log event before it being indexed to splunk server for example Below is the ... by dhs_harry08 Path Finder in Getting Data In 07-28-2011 0 2	0	2
How do I "watch" a specific log file and only send updates based on specific strings? I need to watch log files for certain error strings only. Ideally this would be done on the machine that contains th... by sdickson New Member in Getting Data In 07-27-2011 0 1	0	1
Cannot figure Universal forwarder out I have done 3-4 days of research and have been striking out. Here is the process that I follow. I install the unive... by chrisscott1 New Member in Getting Data In 07-26-2011 0 1	0	1
Splunk API paging I'm running into an issue with using the Splunk API and it only returning 30 records. I've searched the Splunk API, ... by Zambonilli Explorer in Getting Data In 07-26-2011 0 2	0	2
How do I read just one file in a app? I want to be able to push down a single application which contains an inputs.conf to monitor files on a Oracle RAC sy... by approachct Path Finder in Getting Data In 07-25-2011 0 1	0	1
Missing data - Splunk is showing random gaps in the 'indexed data' timeline and safeService warning in Splunkd.log My Splunk instance is constantly indexing data 24*7, but I've noticed some gaps in the indexed data timeline recently... by mctester Communicator in Getting Data In 07-25-2011 3 3	3	3
Checking multiple Regex against once sourcetype I'm trying to define multiple REGEX for one sourcetype. Because the events can vary massively I need to have differen... by Drainy Champion in Getting Data In 07-22-2011 2 1	2	1
Massive unexpected Cold to Frozen execution ? Problem summary: After Splunk update from 4.2 to 4.2.1, one (and only one) of the indexes started a warm to cold a... by ruiaires Path Finder in Getting Data In 07-22-2011 0 4	0	4
SplunkUniversalForwarder & UDP transfer Hey! Is it possible to configure SplunkUniversalForwarder to receive data by udp and send this data to indexer? How?... by Vladimir Path Finder in Getting Data In 07-22-2011 0 2	0	2
Is there a way to get Splunk to do oneshot indexing sequentially? I have a large number of files (going by the thousands) that I only need to index once, and since I want to know when... by rf2010 New Member in Getting Data In 07-21-2011 0 2	0	2
Ignored unique path file with crcSalt = Having trouble with CRC, I set my inputs to use crcSalt = , which I understood would use the full path of the input,... by chca Path Finder in Getting Data In 07-21-2011 1 1	1	1
Removing CSV Header from Indexing Hello Splunk Community, I uploaded custom CSV files to Splunk for indexing. The CSV Header for each file is being in... by srsava New Member in Getting Data In 07-21-2011 0 4	0	4
Monitors not listed in inputs.conf in local I used the web interface to add some monitors, but I need to customize them. I opened the inputs.conf file in the loc... by chca Path Finder in Getting Data In 07-21-2011 0 2	0	2
Distribute data from one source to different indexes Hi guys. I am having some trouble routing data from one source to different indexes. Here is my setup inputs.conf ... by kenchisho Path Finder in Getting Data In 07-19-2011 0 3	0	3
Enforce indexing quota/limit by Host? Is there a way to configure Splunk to enforce indexing quoatas by Host? e.g. Do not index more than 250MB per day fo... by NK_1 Path Finder in Getting Data In 07-18-2011 3 3	3	3
Universal Forwarder not listening on port 8000 I have a strange problem. When I install the universal forwarder on my log server and perform a netstat -l I do not ... by sab057 Explorer in Getting Data In 07-15-2011 2 4	2	4
Full blow instances of apps on Universal Forwarders? I have been reading link:Splunk 4.2 Universal Forwarder nix Why does a universal forwarder need the entire nix app... by byronschwab Engager in Getting Data In 07-15-2011 0 1	0	1
how do I pull just the host field out of a search to use as input for a custom search module I am trying to write a custom search module in python that will check the host field of event data in a comprehensive... by msantoro1 Explorer in Getting Data In 07-14-2011 0 4	0	4
Manual Inputs, what location are they kept? Not new to Splunk, but new to 4.2.2. I had setup a forwarder and manually entered specific paths to monitor: /p01/fo... by _z_ Explorer in Getting Data In 07-14-2011 1 7	1	7
How do I Remove linebreak characters from nbe files Hello all, We have Nessus running on a Linux server which also has a Splunk Heavy Forwarder 4.1.8. We have the Nessu... by I-Man Communicator in Getting Data In 07-14-2011 1 2	1	2

Get Updates on the Splunk Community!

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games Think you have what it takes to beat the clock? ...

Getting Data In

sourcetype=tcp-raw

Preferred placement of files to be monitored (which inputs.conf)

SSL on universal, heavy, and splunk server?

Don't store "success" log entries

not indexing after cleaning eventdata

extracting from logs before indexing to server

How do I "watch" a specific log file and only send updates based on specific strings?

Cannot figure Universal forwarder out

Splunk API paging

How do I read just one file in a app?

Missing data - Splunk is showing random gaps in the 'indexed data' timeline and safeService warning in Splunkd.log

Checking multiple Regex against once sourcetype

Massive unexpected Cold to Frozen execution ?

SplunkUniversalForwarder & UDP transfer

Is there a way to get Splunk to do oneshot indexing sequentially?

Ignored unique path file with crcSalt =

Removing CSV Header from Indexing

Monitors not listed in inputs.conf in local

Distribute data from one source to different indexes

Enforce indexing quota/limit by Host?

Universal Forwarder not listening on port 8000

Full blow instances of apps on Universal Forwarders?

how do I pull just the host field out of a search to use as input for a custom search module

Manual Inputs, what location are they kept?

How do I Remove linebreak characters from nbe files

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

Announcing Modern Navigation: A New Era of Splunk User Experience

Casting Call: Compete in Cyber Games

CiscoSecurityCloud TA 3.6.7 -eStreamer ingestion f...

Can forwarder quickly reconnect after a network ou...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation