Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About tbarn005
tbarn005
Engager
Member since:
12-02-2024
Thursday
Community Statistics
| Posts | 5 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 12-02-2024 |
Activity Feed
- Posted Splunk Ingest Actions on Getting Data In. Thursday
- Posted Re: Splunk Deployment App Filtering SharePoint Logs on Getting Data In. Thursday
- Posted Re: Splunk Deployment App Filtering SharePoint Logs on Getting Data In. 2 weeks ago
- Posted Splunk Deployment App Filtering SharePoint Logs on Getting Data In. 2 weeks ago
- Posted splunk admin password not resetting on Splunk Enterprise. 04-16-2025 01:08 PM
Thursday
Trying to filter out all perfmon data using ingest actions. so, i try and see the samples and i get this error I checked to see if my forwarders have the same pass4SymmKey and they did. I am not sure what to do im checking now to ensure the FW isnt blocking communication but i think that is unlikely. I can see the servers in forwarder management picking up the deployment apps from the indexer. anyone have any ideas??
... View more
Labels
- Labels:
-
data
-
indexer
-
other
-
universal forwarder
Thursday
Sorry about the week late reply but that does not seem to work. I am still getting logs that i dont need i just disabled ingestion from that folder location. Does splunk have any app that would filter data easier than creating the transforms and props.conf files?
... View more
2 weeks ago
I may have misspoken i want to reduce the storage usage on my indexer. I have a SharePoint server that has Splunk UF on it and its ingesting unnecessary data that is eating a lot of storage on my indexer. The screen shots come from my indexer. Im doing a bit of research now and it looks as if i can use the ingest actions to possibly filter out some of that unnecessary data from that sharepoint UF?
... View more
2 weeks ago
Hi Splunk Community, I’m trying to reduce disk space usage on my Splunk Universal Forwarder by filtering out unnecessary SharePoint logs and only forwarding those with a severity of High, error, or warning in the message I created a deployment app named SharePoint. here is what's in that folder: I attempted to create a props and transforms.conf files to filter out the data that was unnecessary. i only need to see the log files in the dir that have certain key words not all of those logs here is what i wrote in the files. I didn't write the regex myself i found something similar to it online somewhere and tried to make it work for my environment After deploying this i now do not see any of my SharePoint logs indexed at all for this specific server even the ones with high. As you can see from the logs i even pointed them at a test index that i made so i should be seeing them I'm not sure what's going on.
... View more
Labels
- Labels:
-
index
-
indexer
-
source
-
sourcetype
-
universal forwarder
04-16-2025
01:08 PM
Hello, all i am fairly new to the Splunk community and I'm attempting to reset my Splunk admin password and for whatever reason it does not work i go and delete the "etc/passwd" and restart my Splunk instance and attempt to login to the web interface, but it never prompts me for a reset. I have even tried commands to do it manually, but nothing works. Has anyone else had a problem like this?
... View more
Labels
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Thursday
|
