...he file is more than 50K bytes, the below transforms will not work. Any other alternative? The one alternative that i can think of is to write a batch script to remove the body and the content tag from t...
...efault/limits.conf
[http_input]
max_content_length = <integer>
* The maximum length, in bytes, of HTTP request content that is
accepted by the HTTP Event Collector server.
* D...
We are trying to ingest large (peta bytes) information into Splunk. The Events are in JSON file structure like - 'audit_events_ip-10-23-186-200_1.1512077259453.json' The pipeline is like -&n...
I'm having difficulty ingesting log data from flat files into Splunk. I'm monitoring six different directories, each containing 100-1000 log files, some of which are historical and will require less ...
I'm seeing the following two log messages on my UF. I'm also seeing big spikes in events every few minutes from this log file. What's going on?
06-06-2017 13:55:47.047 -0400 WARN TcpOutputProc - P...
...rashed almost constantly before I added the initCrcLength = 1000. I plan to try and increase this number to see if it helps but my headers only tend to be 400-500 bytes.
Inputs.conf
[batch:///logs/p...
Hello, In our unique environment, we face some limitations. We cannot directly install Splunk forwarders on the database servers, nor can we create a Splunk user account within the databases. Here’...
Good Morning,
I'm trialing Splunk Cloud in anticipation of a purchase. I have installed Splunk Enterprise as the deployment server and universal forwarders on three servers. My clients are showing ...