Getting Data In

Discussions

Thread Info

Indexing a syslog file - doesnt give expected output

Raw Logs: Fri Mar 14 11:16:16 2014$SERVICEALERT$HOST1$SERVICE1$OK$PROCS OK: 1 process OK Fri Mar 14 11:17:11 2014$...

by Motivator in

Delete custom sourcetype

We were indexing some test data in our development environment in order to manipulate it to correct an issue we are h...

by Communicator in

monitor records several lines in one _raw

Hello I have a file with 30 lines that want to register in Splunk. After you have configured the inputs.conf the sp...

by Contributor in

Props.Conf Field Extraction for a .CSV

I'm trying to create a props.conf for a .CSV, but I am unsuccessful and believe its because of the field extraction. ...

by Builder in

Removed the syslog-host transform - but hostname is still getting pulled from /var/log/messages

Sourcetype=syslog results are picking up the short hostname from the /var/log/messages file. I tried to correct this ...

by Path Finder in

Best way to get JunOS logs into Splunk

Hi, I am new to Splunk and I am trying to workout the best way to get logs from JunOS based firewalls into Splunk....

by Engager in

Splunk Universal Forwarder getting behind forwarding events

I have periodically seen issues where log entries sometimes take a while longer than expected to show up on our index...

by Communicator in

Need help for forwarding data to indexer: configuration monitor

I am trying to forward only CPU/Memory load log to the indexer. Here is what I've done so far: Installed indexer(j...

by Path Finder in

How to add field with random value at index time

Hello, I have a quick question : There is a way at index time to add a field witch could represent something l...

by Path Finder in

Remote administration of inputs.conf on a Windows forwarder.

Using 6.01. I understand that the inputs.conf in /etc/system/local can't be managed from the deployment server. Th...

by Contributor in

splunk forwarder local vs app

I understand when I install a windows forwarder I end up with MSI.., learned, univforw, serac, etc... My question ...

by Explorer in

loglevel detection incorrect - How do you re-align/transform it?

Hi, I'm a relative newbie at this stuff so please bear with me if I am asking a stupid question. I have an index t...

by Engager in

Summary indexeing in Distributed Search environment

Hello, I was planning for summary indexing. I did two custom indexes and ran the searches. After couple of days i rem...

by Champion in

Cisco switch not showing logs on Splunk Server

Hi Experts, I have configured my Splunk server to as a receiver on port 9997 and my unix/Linux UFs are forwarding ...

by Builder in

Issues with applying blacklists on a light fowarder

So I have a syslog-ng running and splunk running picking up everything under /var/log/syslog-ng/general/ My regex ...

by Path Finder in

Extracting value from XML tags

Hi, Can you help me out in extracting information between the XML tags and perform division operation on it. In...

by New Member in

Universal Forwarder and CSV (from Remote System)

Hi, I have a Universal Forwarder whose source file is reading all files in a specific directory , the dir has many...

by Path Finder in

parse snmp result

Hello Experts, I'm using snmp-modular--input app to get my device stats using multiple object ids (get next, not b...

by New Member in

No available server list on /opt/splunkforwarder/bin/splunk list forward-server

I installed indexer (an instance of spunk) to the server, enabled, and opened 9997 port. Also installed splunkforward...

by Path Finder in

Setting the time the event occured

Hi all, I am streaming TCP data into splunk which comes in the format of this. timestamp="09/15/2008 21:16:46" ...

by Path Finder in

DB Connect - EPOCH TimeStamp

Hi, I'm currently indexing my WHMCS logs using DB Connect. I need know how to change existing indexed time (EPOCH)...

by Communicator in

Ignore time stamp from the event

Adding below attribute in props.conf to ignore the time stamp from the event isn't working. DATETIME_CONFIG = NONE...

by Influencer in

Splunk for Amazon S3 Add-on not able to fetch all logs

I'm testing out Splunk for indexing Amazon CloudFront logs which get stored automatically into Amazon S3. I'm attempt...

by Explorer in

Cannot export the whole search result to csv

I am using Splunk 5.0.4 and accessing splunkweb with IE8. I am trying to export my search results to csv but every ti...

by Contributor in

File Monitor Not Assigning the right host name

Here is a portion of my inputs.conf [monitor:///mnt/log/192.168.100.200/messages] disabled = false follo...

by Motivator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Indexing a syslog file - doesnt give expected output

Delete custom sourcetype

monitor records several lines in one _raw

Props.Conf Field Extraction for a .CSV

Removed the syslog-host transform - but hostname is still getting pulled from /var/log/messages

Best way to get JunOS logs into Splunk

Splunk Universal Forwarder getting behind forwarding events

Need help for forwarding data to indexer: configuration monitor

How to add field with random value at index time

Remote administration of inputs.conf on a Windows forwarder.

splunk forwarder local vs app

loglevel detection incorrect - How do you re-align/transform it?

Summary indexeing in Distributed Search environment

Cisco switch not showing logs on Splunk Server

Issues with applying blacklists on a light fowarder

Extracting value from XML tags

Universal Forwarder and CSV (from Remote System)

parse snmp result

No available server list on /opt/splunkforwarder/bin/splunk list forward-server

Setting the time the event occured

DB Connect - EPOCH TimeStamp

Ignore time stamp from the event

Splunk for Amazon S3 Add-on not able to fetch all logs

Cannot export the whole search result to csv

File Monitor Not Assigning the right host name

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions