Getting Data In

Ask a Question

Discussions

Thread Info

Lots of WinEventLogChannel -subscribeToEvtChannel

There are a lot of these error messages logged in splunkd.log 09-23-2010 09:31:28.062 ERROR WinEventLogChannel - s...

by Splunk Employee in

Why is Windows App producing Event Log Errors?

I'm receiving many errors (to the tune of 20GB/day from one server) in my _internal from a light forwarder. Target...

by Path Finder in

Splunk stopped following files.

Splunk stopped following data input files for changes. This happend after I was accessing https://splunk-server:8089/...

by Engager in

How do i forward to multiple indexers w/SSL

I have two indexers and a (various#) number of forwarders, how can i use SSL for all traffic between these boxes?

by Splunk Employee in

Forwarders fail to make connection to server

Frequently, our lightweight forwarders cannot connect to the Splunk server to send log tail output and we end up miss...

by Engager in

How can you regulate resource consumption when monitoring a large number of files?

If a LWF has a large number of files to monitor, what settings can be used to help ensure that consuming/monitoring t...

by Splunk Employee in

How to invoke Splunk daemon to parse newly added file right away

Since I usually turned of splunkd service on my local machine and only turn it back on when I need to do some log sea...

by New Member in

Limit CPU Access for splunk

I just downloaded and installed splunk 4.1.4 and installed on WIN7 laptop. Upon reboot of my system, the CPU pegged a...

by Explorer in

FSChange: fullEvent=true but no full event?

I have a fschange stanza configured as such [fschange:/path/to/file] disabled = false pollPeriod = 300 fullEvent =...

by SplunkTrust in

Migrating data from one index to another

I've been using the default "main" index for all my indexing. I'm at the point where I think it would be best to bran...

by Builder in

Import OLD event logs from backup drive

Hi... I'm trying to import 'thousands' of old event logs into Splunk to setup a searchable database.... I can e...

by Engager in

Forwarding select data in my environment.

I'm trying to take data from specific systems and, after indexing it, forward it to a third party for other analysis....

by Path Finder in

Total Space For SplunkDB

Hi, Now I know you can set the following in indexes.conf maxTotalDataSizeMB = 500000 which sets the max size of th...

by Path Finder in

Multiple indexes/Custom app

I am writing an app for my team to use. Let's call the app xyz. The app will make use of various inputs, saved search...

by Builder in

Appending to a whitelist

We're using the unix app to monitor our linux machines. One of the files we need to monitor is /var/log/secure. The u...

by Explorer in

Timestamp Problem

Hi, I'm using Splunk to index logs which timestamp is in the format Y2010M09D17H10N07S00. As Splunk couldn't understa...

by Explorer in

Practical limit for monitor inputs? 20000+ directories?

We have a configuration that's been idling for over two days, and instead of processing locations that the tailing pr...

by Path Finder in

Filter input data

Hello, We are looking at deploying splunk for our application servers log files, these log files are about 3GB per...

by New Member in

Problem with Event Duplication

I have splunk set up on a few redhat boxes, and I am getting duplicate events from them. One event will list the host...

by SplunkTrust in

Show Source and save as CSV truncate large events?

I have records that consist of fairly large (200+ lines, > 20 Kb per record) XML documents. When I export the resu...

by Path Finder in

Getting syslog data into splunk lightweight forwarder

Hi, I'm new to splunk, so my question might be lame. I am trying to setup a splunk lightweight forwarder, my problem ...

by Explorer in

Wrong fields on receiver instance

One Splunk instance is forwarding data to a receiver, however the receiver is indexing the data and getting the wrong...

by Path Finder in

setting maximum input/log entry size

So I have the following in inputs.conf: [udp://10005] connection_host = index = serverlogs sourcetype = syslog dis...

by Communicator in

finding out if my forwarded data is placed in the receiver

I'm forwarding data from a windows splunk instance to a freebsd. I checked the index that i'm forwarding data to, so ...

by Path Finder in

Alternative ways to assigning sourcetype?

I am checking out a sample application where an eventtype's search contains "sourcetype=..." . I having difficulty de...

by Splunk Employee in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Lots of WinEventLogChannel -subscribeToEvtChannel

Why is Windows App producing Event Log Errors?

Splunk stopped following files.

How do i forward to multiple indexers w/SSL

Forwarders fail to make connection to server

How can you regulate resource consumption when monitoring a large number of files?

How to invoke Splunk daemon to parse newly added file right away

Limit CPU Access for splunk

FSChange: fullEvent=true but no full event?

Migrating data from one index to another

Import OLD event logs from backup drive

Forwarding select data in my environment.

Total Space For SplunkDB

Multiple indexes/Custom app

Appending to a whitelist

Timestamp Problem

Practical limit for monitor inputs? 20000+ directories?

Filter input data

Problem with Event Duplication

Show Source and save as CSV truncate large events?

Getting syslog data into splunk lightweight forwarder

Wrong fields on receiver instance

setting maximum input/log entry size

finding out if my forwarded data is placed in the receiver

Alternative ways to assigning sourcetype?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

DB Connect SQL Procedures