Hi All, Our Search heads are with Splunk Cloud version 8.2.2203.2 and there is a requirement from our application team to use StreamProcessor Service that is part of Splunk offering (Ref: h...
The purpose of this topic is to create a home for legacy diagrams on how indexing works in Splunk, created by the legendary Splunk Support Engineer, Masa! Keep in mind the information and diagrams i...
...vents in XML format to Splunk.
I tried to make two different stanzas in inputs.conf trying to ingest the same log in two different ways but it does not seem to work.
It looks like Splunk merge the...
...orwarding any information into Splunk.
In theSplunk GUI, they are appearing in Forwarder Management (and if I delete their entries, they reappear again), which looks good. I have two d...
The inputs.conf documentation describes a requireHeader setting for TCP inputs:
requireHeader = bool
Require a header be present at the beginning of every stream.
This header may be u...
We have a Universal Forwarder that is sending a huge amount of data. We need to only index events that contain any of these words-- "EnvisionResponse" or "EnvisionRequest" or "T...
Hi, which is the best practice to ingest data from external (internet-based) data sources, when only syslog or native forwarding are available? A set of load-balanced heavy forwarders in DMZ, that w...