Getting Data In

Ask a Question

Discussions

Thread Info

Filtering windows events not successful on splunk forwarder?

Hi, I've installed splunk forwarder(regular) on windows server and trying to filter off certain events when sendi...

by Contributor in

How to filter off winevent code to capture only failure audit status?

Hi, How can I filter out "type=Success Audit" logs off a windows event and log only the failure logs? Currently...

by Contributor in

Log file indexes correctly on initial run but considers 8K chunks a single record

Greetings I am pretty new to Splunk and am having issues when it comes to indexing some of our files. They are wri...

by Path Finder in

Event filtering not working

I'm trying to follow the instructions from the "Route and filter data" section of the documentation. The server in qu...

by Communicator in

Managing rotated syslog files

Hi there, simple question but I can't get my head around this. I've got a hosts that manages it's logging with sy...

by New Member in

Export Top X query to CSV with 200,000 lines

I am using splunk 4.1.X and am looking for some clarification for exporting the results of a query that uses | top de...

by Communicator in

Install Splunk on Windows cluster?

Can I install the Splunk service on a clustered service in Windows 2003 cluster? And if so, what is the best practice...

by New Member in

WMI infor in Forwarder

I have added about 40 winservers through WMI on a forwarder and found that there is only 30 servers on the list. Does...

by New Member in

All configurations not appearing in Event Log Collection list

I have splunk running on a Windows Server 2008. I have configured splunk to access our DC remotely for event logs. I ...

by New Member in

Problems with File & Directory Monitoring

I've installed Splunk (4.1.5(85165) on windows) and have uploaded some logs without any issues. I now want to moni...

by New Member in

Disappearing logs?

Hi, we have a client that is experiencing indexed log disappearing and reappearing on a daily basis. Log input is a f...

by Path Finder in

Indexing a file name of which changes daily

We need to index a file which has the day's date as part of its name. How to I configure Splunk to read this file? In...

by Explorer in

Can't see my Syslog Source

Real simple one this I'm sure. I want to monitor syslog of my router. I have gone to Manager->Data inputs->TCP Did...

by Engager in

Forwarding windows event log data across domains with free license

My company purchased an enterprise license and we got it working on one domain. We want to consolidate logs from anot...

by Explorer in

All Windows Event Logs but not others?

Problem: a hundred servers with the basic event logs (system, application, security) plus various other custom log co...

by Engager in

Identifying "idle" sources

How can I get a list of sources that haven't received any events for a given period of time (e.g. for last 24 hours)....

by Path Finder in

FSChange Hashing Question

Hello, I am setting up FSChange to monitor system32 and critical application .exe & .dll files. Do I need to utili...

by Communicator in

Pulling data from non-domain machines

I have Splunk set up and working for all servers on my domain but I'm not understanding exactly how to to get non-dom...

by New Member in

Reporting what user changes files

I am using fschange to monitor a Windows shared directory and it is working as expected. Is there a way to report/mon...

by Splunk Employee in

How do I find timestamp recognition discrepancies in my events?

I seem to have some events that were where not given the correct timestamp. I'm trying to track down how/why this is ...

by Super Champion in

List the files being monitored with listtails in 4.1.1

The command below used to work on previous versions (4.0.8), but now that I have upgraded, I get the error below. ...

by Path Finder in

csv lookup on aliased field

I am trying to setup a csv lookup for data enrichment on an Aliased field. original field name dstport aliased to des...

by Communicator in

new to splunk, wanting to monitor client's sbs boxes automatically

Hi, im posting from a small IT company who looks after x amount of clients. We want to be able to have splunk monitor...

by New Member in

Group events by unique ID then time from start to finish

Hi, I have a need to time certain events in my logs. We have the log format as below. What I need to be able to do...

by New Member in

Exception: The following XML navigation configuration for this app is invalid: xmlParseEntityRef: no name, line 6, column 34

What does this mean? My /nav/default.xml looks like: <nav> <view name="Introduction" default="true"/> <col...

by Splunk Employee in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Filtering windows events not successful on splunk forwarder?

How to filter off winevent code to capture only failure audit status?

Log file indexes correctly on initial run but considers 8K chunks a single record

Event filtering not working

Managing rotated syslog files

Export Top X query to CSV with 200,000 lines

Install Splunk on Windows cluster?

WMI infor in Forwarder

All configurations not appearing in Event Log Collection list

Problems with File & Directory Monitoring

Disappearing logs?

Indexing a file name of which changes daily

Can't see my Syslog Source

Forwarding windows event log data across domains with free license

All Windows Event Logs but not others?

Identifying "idle" sources

FSChange Hashing Question

Pulling data from non-domain machines

Reporting what user changes files

How do I find timestamp recognition discrepancies in my events?

List the files being monitored with listtails in 4.1.1

csv lookup on aliased field

new to splunk, wanting to monitor client's sbs boxes automatically

Group events by unique ID then time from start to finish

Exception: The following XML navigation configuration for this app is invalid: xmlParseEntityRef: no name, line 6, column 34

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures