Hi All, Our Search heads are with Splunk Cloud version 8.2.2203.2 and there is a requirement from our application team to use StreamProcessor Service that is part of Splunk offering (Ref: h...
The purpose of this topic is to create a home for legacy diagrams on how indexing works in Splunk, created by the legendary Splunk Support Engineer, Masa! Keep in mind the information and diagrams i...
...vents in XML format to Splunk.
I tried to make two different stanzas in inputs.conf trying to ingest the same log in two different ways but it does not seem to work.
It looks like Splunk merge the...
...aving issues – it appears to connect with the indexer but then the indexer forcibly closes the connection for some reason.
I can see error message: “TcpOutputProc - The TCP output processor h...
...ocumentation I read this should come via processors (which is the agent), please correct me if I am wrong here. I have tried two processors but both doesn't work. What I am missing here? &n...
The inputs.conf documentation describes a requireHeader setting for TCP inputs:
requireHeader = bool
Require a header be present at the beginning of every stream.
This header may be u...
We have a Universal Forwarder that is sending a huge amount of data. We need to only index events that contain any of these words-- "EnvisionResponse" or "EnvisionRequest" or "T...