...F -> Splunk Cloud
Due customer policy, we avoided UF and used the WMI Collection, so on HF we configured, as Data Input, the Remote event logCollection.
Configuring Remote event logCollection...
Hi All,
I'm a newbie to the Splunk world and trying to figure out a couple things. I currently have Splunk Light installed and used the "Remote Event LogCollection" option to collectlogs from m...
...p400srv_5000
[splunktcp://5997]
connection_host = ip
I have added the indexers to the search head, i think they are ok, but not sure how to check?
I can see data on one of my indexers by logging i...
...or the different days have different data field.
But when I start forwarding the same logs from the remote server with Universal Forwarder the things happen I can’t explain: the events for three log f...
...howing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. T...
Hi guys,
I try to setup a prevention filter so that Spunk isn't collectiondata by accident on the Server side. I found there is a blacklist option under :
Manager » Data inputs » Files &a...
...ny errors in collection.
When enabling debug logging I can see that we are getting a http status code of 200, but a content length of 'None'
2020-03-20 19:44:33,920 DEBUG pid=62692 tid=M...
Lines in my sourcetype are not being picked up correctly at all. Each event is being split into dozens of lines. Also, when I go into the Settings in the UI for sourcetypes, I see all of ...