Getting Data In

Discussions

Thread Info

Complex Conditional search based on time

I am a newbie in splunk and practising to learn it slowly. I have a setup where I am forwarding logs of Windows Ma...

by Communicator in

How to resolve error "ERROR IndexConfig - stanza=perfmon Required parameter=tstatsHomePath not configured" when starting the indexer?

When using Windows 2016 Universal Forwarder 6.6.1, I'm running into issues with starting indexer. splunkd log indicat...

by New Member in

How to drop log file headers before indexing?

I've had a read of dropping useless headers in Splunk 6 and tried using the FIELD_HEADER_REGEX, in fact I also tried ...

by SplunkTrust in

Using Splunk as a enterprise data platform

Splunk has to fit into a structured and unstructured world without duplicating effort. Splunk currently serves as a s...

by Path Finder in

Pulling data from Fluentd Plugin to Splunk, how do we transform the data to split into numerous sourcetypes?

We are pulling data like Red Hat logs, Apigee, Ansible etc. from AWS through fluentd plugin which is forwarding data ...

by New Member in

Can single forwarder forward data to two different indexer's ??

Hi I am using a UF say in Machine A , its has logs at two different paths say Log Path1 and Log Path2 . Now i want...

by Motivator in

unable to send windows events from splunk server to third party syslog server

tried below configurations to forward the data from SPLUNK server to syslog server(third party) , but no data in sysl...

by Loves-to-Learn in

Is it possible to set a conditional timestamp from indexed events?

I have an XML file with "items" that are being indexed. The issue is that these "items" can possibly have two differe...

by New Member in

Datanow props/transforms not working properly

I have some Datanow syslog data coming into my environment and i have setup a transforms.conf file to extract some sp...

by Path Finder in

How can I send the data from splunk to python arguments?

Hello everyone, i would like to ask if you guys have an idea on how can i send the data i got from splunk to python a...

by Explorer in

Powershell script to extract events from a log file - many dupe events indexed in Splunk

Question - is there a CRC equivalent for data indexed from a Powershell function? On a server, I have a log file g...

by Path Finder in

Whats the best practice to break the windows events?

Hi All, We have 2 Domains, all the windows events are going to wineventlog and windows and perfmon indexes. If I b...

by Builder in

Splunk forwarders on clustered nodes monitoring the same files

Is there a high-availability or multi-node configuration for Splunk forwarders? I have a small RHEL cluster writin...

by Motivator in

Best way to Filter Windows Events before Indexing?

Hi We're seeing may Events with EventCode 4624 and 4634 with Account_Name ending with $ sign. Is there any value f...

by Builder in

line-break issues in events

I'm having issues with line break for some reason. I'm looking to break into individual line events. I've included th...

by Contributor in

How to configure Splunk to not put CSV columns in alphabetical order before indexing?

When I import the csv file (before indexing), Splunk puts the columns in alphabetical order. I would keep the sort as...

by Path Finder in

Do I need frozen storage?

My retention policy has drastically changed and we are utilizing syslog as a main retention source. On the Splunk sid...

by Contributor in

Where to make configuration changes in inputs.conf and outputs.conf on Linux?

Hi Team, I have installed Splunk setup on one of my VM. On another VM I installed the Splunk universal forwarder t...

by New Member in

The Universal Forwarder tries to collect data from the connected device through the network driver.

Forwarder is installed in Windows 7 32bit. The Universal Forwarder tries to collect data from the connected device th...

by New Member in

How to ingest netflow/sflow logs

We intend to collected netflow/sflow logs in our Splunk Enterprise solution. I read that there is an app required to ...

by New Member in

Props.conf file changes

Hi, my sample data like this 101,Mango,0.40% 102,Orange,0.70% It is coming as a single event, as i want to split int...

by Explorer in

How to uncompress and index the compressed log data coming from the forwarder

I have few application which sends application logs in both compressed and uncompressed format. There is a log attrib...

by Communicator in

Does Splunk have a good place to see Truncated Data from an input?

I have an input that is being JSON. There are some files that get truncated and others that don't. My config in pr...

by Contributor in

Date Format

Anyone have any recommendations on how to convert this time date format to a friendly date? I have tried strftime and...

by Engager in

バージョン 6.6.1 の Universal Forwarder を Windows OSにインストールできない

Windows OSに、Universal Forwarder をインストールしようとしたところ、インストールが途中で停止してしまい、インストーラーを手動で強制終了しました。 splunkd.log を確認したところ、下記のメッセージ...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Complex Conditional search based on time

How to resolve error "ERROR IndexConfig - stanza=perfmon Required parameter=tstatsHomePath not configured" when starting the indexer?

How to drop log file headers before indexing?

Using Splunk as a enterprise data platform

Pulling data from Fluentd Plugin to Splunk, how do we transform the data to split into numerous sourcetypes?

Can single forwarder forward data to two different indexer's ??

unable to send windows events from splunk server to third party syslog server

Is it possible to set a conditional timestamp from indexed events?

Datanow props/transforms not working properly

How can I send the data from splunk to python arguments?

Powershell script to extract events from a log file - many dupe events indexed in Splunk

Whats the best practice to break the windows events?

Splunk forwarders on clustered nodes monitoring the same files

Best way to Filter Windows Events before Indexing?

line-break issues in events

How to configure Splunk to not put CSV columns in alphabetical order before indexing?

Do I need frozen storage?

Where to make configuration changes in inputs.conf and outputs.conf on Linux?

The Universal Forwarder tries to collect data from the connected device through the network driver.

How to ingest netflow/sflow logs

Props.conf file changes

How to uncompress and index the compressed log data coming from the forwarder

Does Splunk have a good place to see Truncated Data from an input?

Date Format

バージョン 6.6.1 の Universal Forwarder を Windows OSにインストールできない

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

DB Connect SQL Procedures