Getting Data In

Discussions

Thread Info

How often does Splunk check to apply retention policy?

If a size- or time-based retention policy is set via maxTotalDataSizeMB or frozenTimePeriodInSecs in indexes.conf, ho...

by Splunk Employee in

Automating troubleticket creation

How can I set up Splunk to automatically open troubletickets?

by Splunk Employee in

I've installed Splunk on windows, and I see splunk-wmi.exe and splunk-regmon.exe programs. What are these? Can I turn them off?

Installed Splunk on Windows machine and in the task manager I see these two processes running by default. How can I d...

by Splunk Employee in

How can I find out what events get sent to the nullQueue when I try to filter events on a forwarder?

Hi I am trying to filter events on a LightWeightForwarder, but they don't get dropped. Is there a way to debug thi...

by Motivator in

Can Splunk decode data at index time?

If I have a field value that is URL encoded then base-64 encoded, is it possible to have Splunk decode this field bef...

by Splunk Employee in

What is the difference between a lightforwarder and a regular forwarder?

Apart from the fact that a lightforwarder does not have a web UI, what are the main differences between the 2 apps?

by Splunk Employee in

Data from forwarder arrives at the indexer but does not get indexed

Hi I have set up a light weight forwarder that appears to be getting data to the indexer. But I can't search for ...

by Motivator in

Can I replicate a subset of the data to a non-Splunk destination?

I need to do the following on my forwarder: Forward all data received and gathered by the forwarder to Splunk inde...

by Path Finder in

retrying a scripted input after a failure

[I heard this question on an internal mailing list, but it seemed generally relevant so asking it here too] I have...

by Contributor in

Is it possible to tell LINE_BREAKER to stop eating my angle bracket?

The use of LINE_BREAKER is a bit cryptic to me... ok, a lot. But I think I've managed to figure out how to break my X...

by Splunk Employee in

How do I group lines into a single event at index-time?

What I'm trying to do: at index time, create a multiline event based on a unique ID. In the data sample below, I need...

by Splunk Employee in

What are the default sourcetypes and how are they determined?

Sometimes Splunk sets the sourcetype on an incoming file as breakable_text or too_small. What determines these source...

by Path Finder in

monitoring hundreds of metrics and/or configuration items: how to do efficiently?

I'm trying to use Splunk to monitor both runtime metrics and configuration state of a server application like JBoss o...

by Contributor in

Can I monitor Windows Registry with Splunk?

Are there ways in Splunk to monitor and index any activity on Windows Registry?

by Splunk Employee in

How can I monitor a directory full of mixed types of logfiles while explicitly applying sourcetypes?

I have a directory /logdir and it contains various types of files, such as apache logs, syslog files, local applicati...

by Splunk Employee in

How do I set a hostname?

What do I need to do to set the correct hostname for an event?

by Splunk Employee in

My coldtofrozen script seems to hang splunk, what can I do?

When my selected coldToFrozenScript runs, which can take 10 minutes, the splunk search interface stops working until ...

by Splunk Employee in

I can't see data I know is indexed

I have data indexed but the "all indexed data" dashboard module is empty. Searching for * over all time produces no r...

by Explorer in

Getting Data In

Discussions

How often does Splunk check to apply retention policy?

Automating troubleticket creation

I've installed Splunk on windows, and I see splunk-wmi.exe and splunk-regmon.exe programs. What are these? Can I turn them off?

How can I find out what events get sent to the nullQueue when I try to filter events on a forwarder?

Can Splunk decode data at index time?

What is the difference between a lightforwarder and a regular forwarder?

Data from forwarder arrives at the indexer but does not get indexed

Can I replicate a subset of the data to a non-Splunk destination?

retrying a scripted input after a failure

Is it possible to tell LINE_BREAKER to stop eating my angle bracket?

How do I group lines into a single event at index-time?

What are the default sourcetypes and how are they determined?

monitoring hundreds of metrics and/or configuration items: how to do efficiently?

Can I monitor Windows Registry with Splunk?

How can I monitor a directory full of mixed types of logfiles while explicitly applying sourcetypes?

How do I set a hostname?

My coldtofrozen script seems to hang splunk, what can I do?

I can't see data I know is indexed

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

Where does token gets stored when created by splun...

How does one ingest Email Metadata into Spunk Ent....

WebTools Add-on with Splunk cloud

config files for loading attack datasets from Splu...

VMware 7 Upgrade causing more volume

Getting Data In

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >