Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About erick4x4
erick4x4
Explorer
Member since:
10-18-2016
02-08-2025
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 10-18-2016 |
Activity Feed
- Posted Re: Splunk Forwarder Not Sending Updates in Text File on Getting Data In. 02-08-2025 05:15 AM
- Posted Splunk Forwarder Not Sending Updates in Text File on Getting Data In. 02-03-2025 02:50 PM
- Posted Re: All hosts without specific event on Splunk Search. 08-31-2023 02:08 PM
- Posted Re: All hosts without specific event on Splunk Search. 08-30-2023 03:26 PM
- Posted Re: All hosts without specific event on Splunk Search. 08-30-2023 12:53 PM
- Posted All hosts without specific event on Splunk Search. 08-29-2023 04:09 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
02-08-2025
05:15 AM
Gcusello, This is exactly what's going on. That log file is updated frequently but its by a script which 99% of the time writes the identical output (when it doesn't detect any problems). That means Windows shows the file has a new update timestamp, but the file hash doesn't actually change. I'll edit my script to put a dynamic timestamp in the file or something to make the content change so the Splunk Forwarder sends the changes. Thank you so much!
... View more
02-03-2025
02:50 PM
I use Splunk to monitor a basic text file on multiple Windows Servers with the following stanza in inputs.conf: [monitor://C:\Windows\System32\logfiles\Ansible.log] disabled = 0 sourcetype = Ansible index = sw interval = 10 This always works at first and I can find all the events inside Splunk. But that Ansible.log file is regularly updated by Powershell or ScheduledTask or something similar and over time several servers will have 0 events for that Ansible.log file. In the file system, the file has been updated recently, but the Splunk Universal Forwarder just doesn't sent the updates but those servers have events from other SourceTypes. Restarting the SplunkForwarder service, the server, upgrading the Splunk Universal Forwarder does not fix the issue. The file is a simple raw text file in (typically UTF8 but I've tried multiple formats). I've make sure permissions are correct and the service which runs the SplunkForwarder has read rights. What else can I do to have the SplunkForwarder send updates to that file?
... View more
Labels
- Labels:
-
universal forwarder
08-30-2023
03:26 PM
Essentially, I'm trying to create a checklist of hosts I manage and which ones haven't had this event occur yet. This is the first half of what I want: index="index" source="C:\\Windows\\System32\\LogFiles\\Log.log" "Detection!" earliest=-45m latest=now | chart count by host This query shows me 2 columns: host and # of times "Detection!" happened. I just need a 3rd column or a continuation of the 2nd column that shows hosts with count 0 so I know which ones I still need to work on.
... View more
08-30-2023
12:53 PM
Thank you for the reply. I wasn't clear enough about the hosts already being in the index. If I run this query: index="index" source="C:\\Windows\\System32\\LogFiles\\Log.log" earliest=-45m latest=now I have 34 hosts listed. That Log.log is used for many things. It is constantly being updated. I want to know which hosts have had that Log.log updated but don't have the string "Detection!"
... View more
08-29-2023
04:09 PM
Hello Splunk Community, I'm trying to write a query to show me a chart (or table) for all hosts in my index in the last 45 min that haven't written a specific string to a log. The below query shows me that it has happened on a single host, but I want two columns in a table: column 1 showing the host name and column 2 showing how many times that string appeared in that log (including all the hosts with 0 times). Query so far: index="index" source="C:\\Windows\\System32\\LogFiles\\Log.log" "Detection!" earliest=-45m latest=now | stats count by host
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-08-2025
05:16 AM
|
