Hi All, Our Search heads are with Splunk Cloud version 8.2.2203.2 and there is a requirement from our application team to use StreamProcessor Service that is part of Splunk offering (Ref: h...
...orwarding any information into Splunk.
IntheSplunk GUI, they are appearing in Forwarder Management (and if I delete their entries, they reappear again), which looks good. I have two d...
The purpose of this topic is to create a home for legacy diagrams on how indexing works inSplunk, created by the legendary Splunk Support Engineer, Masa! Keep in mind theinformation and diagrams in...
...vents in XML format to Splunk.
I tried to make two different stanzas ininputs.conf trying to ingest the same log in two different ways but it does not seem to work.
It looks like Splunk merge the...
...etween (sourcetype=cs, sourcetype=ma) , only the field ParentOrderID is common between cs, ma sourcetype.
Note: daily close to ~10Million events are loaded into splunk and unique e...
Theinputs.conf documentation describes a requireHeader setting for TCP inputs:
requireHeader = bool
Require a header be present at the beginning of every stream.
This header may be u...
...essages “Timelines could not be loaded”. Splunk ES was on 4.5.2 which was working fine on Splunk 7.2.7. Since it looked incompatible, we planned to upgrade it to 6.2.0. Below is the process followed. I...
...ersion="1"
referenceNbr 869dc644e461b01
messageType P
Our SplunkIndexer is version 6.1
Can this be done inthe props.conf and transforms.conf on theIndexer without adding to the daily license volume?