Getting Data In

Discussions

Thread Info

Automating troubleticket creation

How can I set up Splunk to automatically open troubletickets?

by Splunk Employee in

I've installed Splunk on windows, and I see splunk-wmi.exe and splunk-regmon.exe programs. What are these? Can I turn them off?

Installed Splunk on Windows machine and in the task manager I see these two processes running by default. How can I d...

by Splunk Employee in

How can I find out what events get sent to the nullQueue when I try to filter events on a forwarder?

Hi I am trying to filter events on a LightWeightForwarder, but they don't get dropped. Is there a way to debug thi...

by Motivator in

Can Splunk decode data at index time?

If I have a field value that is URL encoded then base-64 encoded, is it possible to have Splunk decode this field bef...

by Splunk Employee in

What is the difference between a lightforwarder and a regular forwarder?

Apart from the fact that a lightforwarder does not have a web UI, what are the main differences between the 2 apps?

by Splunk Employee in

Data from forwarder arrives at the indexer but does not get indexed

Hi I have set up a light weight forwarder that appears to be getting data to the indexer. But I can't search for ...

by Motivator in

Can I replicate a subset of the data to a non-Splunk destination?

I need to do the following on my forwarder: Forward all data received and gathered by the forwarder to Splunk inde...

by Path Finder in

retrying a scripted input after a failure

[I heard this question on an internal mailing list, but it seemed generally relevant so asking it here too] I have...

by Contributor in

Is it possible to tell LINE_BREAKER to stop eating my angle bracket?

The use of LINE_BREAKER is a bit cryptic to me... ok, a lot. But I think I've managed to figure out how to break my X...

by Splunk Employee in

How do I group lines into a single event at index-time?

What I'm trying to do: at index time, create a multiline event based on a unique ID. In the data sample below, I need...

by Splunk Employee in

What are the default sourcetypes and how are they determined?

Sometimes Splunk sets the sourcetype on an incoming file as breakable_text or too_small. What determines these source...

by Path Finder in

monitoring hundreds of metrics and/or configuration items: how to do efficiently?

I'm trying to use Splunk to monitor both runtime metrics and configuration state of a server application like JBoss o...

by Contributor in

Can I monitor Windows Registry with Splunk?

Are there ways in Splunk to monitor and index any activity on Windows Registry?

by Splunk Employee in

How can I monitor a directory full of mixed types of logfiles while explicitly applying sourcetypes?

I have a directory /logdir and it contains various types of files, such as apache logs, syslog files, local applicati...

by Splunk Employee in

How do I set a hostname?

What do I need to do to set the correct hostname for an event?

by Splunk Employee in

My coldtofrozen script seems to hang splunk, what can I do?

When my selected coldToFrozenScript runs, which can take 10 minutes, the splunk search interface stops working until ...

by Splunk Employee in

I can't see data I know is indexed

I have data indexed but the "all indexed data" dashboard module is empty. Searching for * over all time produces no r...

by Explorer in

Getting Data In

Discussions

Automating troubleticket creation

I've installed Splunk on windows, and I see splunk-wmi.exe and splunk-regmon.exe programs. What are these? Can I turn them off?

How can I find out what events get sent to the nullQueue when I try to filter events on a forwarder?

Can Splunk decode data at index time?

What is the difference between a lightforwarder and a regular forwarder?

Data from forwarder arrives at the indexer but does not get indexed

Can I replicate a subset of the data to a non-Splunk destination?

retrying a scripted input after a failure

Is it possible to tell LINE_BREAKER to stop eating my angle bracket?

How do I group lines into a single event at index-time?

What are the default sourcetypes and how are they determined?

monitoring hundreds of metrics and/or configuration items: how to do efficiently?

Can I monitor Windows Registry with Splunk?

How can I monitor a directory full of mixed types of logfiles while explicitly applying sourcetypes?

How do I set a hostname?

My coldtofrozen script seems to hang splunk, what can I do?

I can't see data I know is indexed

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

Where does token gets stored when created by splun...

How does one ingest Email Metadata into Spunk Ent....

WebTools Add-on with Splunk cloud

config files for loading attack datasets from Splu...

VMware 7 Upgrade causing more volume

Getting Data In

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >