Getting Data In

Discussions

Thread Info

All files are not indexing

Dear All, I have basic 4 types of files. under C:\Program Files\Splunk\etc\apps\my logs\home_logs\KLZ\host1...

by Explorer in

Monitor Windows DHCP log file

I have setup input to index DHCP log files from remote server but unable to see any data being collected or collector...

by New Member in

Assigning host value based on data in event

I'm wondering if it's possible to set the host value for an event based on data within that event. Essentially I'm ca...

by Builder in

Setting date on event based on filename

I'm trying to load one of my logs from my phone server into Splunk. Splunk will read the log file and break the event...

by Communicator in

splunkd Process at 100%, parsingQueue at 1000, how do I determine where the issue lies?

As per another topic on "answers" I executed the following search: index=_internal source=metrics.log group=queue ...

by Path Finder in

How do i get splunk to handle the year in timestamps dated before ~2006

No matter what format I attempt to force upon historical timestamps: either Feb 11, 2004 01:23:45 or 2004...

by Engager in

Check for config file changes

Hi, I would like to check for changes to some config files on the /etc directory on a bunch of servers. I have thi...

by Path Finder in

How to configure nfdump to convert Netflow data from binary to text or csv?

I need to convert netflow data from binary to text or csv so that it can be splunked. I have downloaded nfdump and wa...

by Splunk Employee in

Timestamp locale recognition

Hi, I have noticed that one of our Splunk indexers whilst indexing data from a host is seems to be using different...

by Path Finder in

winsock error 10054

I'm getting thousands of instances of the following error on my indexers. 02-16-2011 02:20:02.921 ERROR TcpInputP...

by Path Finder in

splunk syslog configuration

How can I configure my splunk syslog server and client so that I can see logs for client application like apache,mysq...

by Explorer in

splunk syslog configuration

How to monitor apache access log with splunk

by Explorer in

too many sources

Hi, I just noticed something today and have an idea of maybe how to fix it but figured i would toss it by here too...

by Builder in

Agentless event gathering on Win2008

I've worked with the WMI agentless event gathering for Splunk in older versions of Windows, but it looks like Win2008...

by New Member in

what filesystem is supported ?

In the documentation, only some filesystems are supported : http://www.splunk.com/base/Documentation/latest/Installat...

by Communicator in

Host based on filename

How can you create a "host" by the file name being indexed? Im looking to index my firewall configuration files, and ...

by New Member in

splunkd windows service marked for deletion after upgrade

I upgraded from Splunk 3.4.9 to 4.0.1 and then to 4.1.5 using localsystem as the account. After I upgraded the sec...

by Explorer in

Internet Information Services 7.0/7.5

Hello. I downloaded and installed Splunk on my server thinking that I was going to be able to garner reports and i...

by New Member in

Host name can not be change

Hi all, I am new to splunk, I want a directory name as Host name my directory structure is as follows: C:/Progr...

by Explorer in

Disable index when it exceeds 2G in one day

We have created a bunch of different indexes for all of our different systems. At some point, these systems will frea...

by Path Finder in

Monitoring Windows Hyper-V Event Logs

What is the inputs.conf syntax for monitoring Windows Hyper-V Event Logs? Hyper-V event logs are stored in the Event ...

by Splunk Employee in

Event Timestamp is combination of 2 fields: StartTime + DeltaTime

We need to use as the event timestamp the EndTime of the event but the EndTime is a calculated field from 2 other act...

by Esteemed Legend in

adding a new log format: detect all the fields

Hello, I am trying to add a new custom log format, so splunk can recognize all the fields in this log: #pro...

by New Member in

Filters on Forwarders to stay under license threshold?

Our servers generate many GBs of log data in one particular Windows log. Is it possible to use forwarders on each ser...

by Path Finder in

line breaking - regex and capturing group

Hello, Need some help on regex here, am sure i maybe making mistake here but.. trying to break these into seperate...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

All files are not indexing

Monitor Windows DHCP log file

Assigning host value based on data in event

Setting date on event based on filename

splunkd Process at 100%, parsingQueue at 1000, how do I determine where the issue lies?

How do i get splunk to handle the year in timestamps dated before ~2006

Check for config file changes

How to configure nfdump to convert Netflow data from binary to text or csv?

Timestamp locale recognition

winsock error 10054

splunk syslog configuration

splunk syslog configuration

too many sources

Agentless event gathering on Win2008

what filesystem is supported ?

Host based on filename

splunkd windows service marked for deletion after upgrade

Internet Information Services 7.0/7.5

Host name can not be change

Disable index when it exceeds 2G in one day

Monitoring Windows Hyper-V Event Logs

Event Timestamp is combination of 2 fields: StartTime + DeltaTime

adding a new log format: detect all the fields

Filters on Forwarders to stay under license threshold?

line breaking - regex and capturing group

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Almost Too Eventful Assurance: Part 1

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions