Community:Getting data into Splunk

Getting data from remote machines

• Best practices for getting data into Splunk remotely
• How to Enable WMI Access for Non-Administrator Domain Users

Getting data in Windows

• Considerations for deciding how to get data from Windows hosts
• Considerations on using Snare, WMI polling or Splunk light weight forwarders
• Receive events whenever someone plugs/unplugs a USB device
• How to use Scripted Inputs in Splunk with AllSigned Execution Policy

Using Splunk forwarders

• Deploying lightweight forwarders
• How to design the right forwarder for your environment
• How to find "lost" forwarders
• How to set up fschange with fullEvent for UF and Indexer

Using syslog

• Create syslog-ng rules to send data to Splunk
• Best Practices for configuring Syslog Input
• How to configure Mac OS X syslogd to forward data to Splunk
• How to configure Mac OS X syslogd to forward data to splunk (Portuguese)
• Community:Test:How_Splunk_behaves_when_receiving_or_forwarding_udp_data

Other

• Working with UDP connections
• Dynamically Editing Lookup Tables
• How to mask password in json at indexing time when using INDEXED_EXTRACTION

Configuring data inputs

• Adding archived/historic data to Splunk
• Setting a blacklist to Index and Forward
• Monitoring a directory with various sourcetypes

Getting specific data types

• Getting data from the Cisco Security Agent (CSA) into Splunk
• How to get data from Novell Netware into Splunk
• How to index VMware ESX or ESXi data via syslog
• Indexing Tripwire logs
• Gathering HP-UX Audits
• Get Arcsight ESM data into Splunk
• Field extractions for Squid data

Troubleshoot Data Indexing

• Check and Repair Metadata

How to contribute

Want to add information to an existing topic or create a new topic? Click here for instructions.