Community:Getting data into Splunk
From Splunk Wiki
Getting data from remote machines
- Best practices for getting data into Splunk remotely
- How to Enable WMI Access for Non-Administrator Domain Users
Getting data in Windows
- Considerations for deciding how to get data from Windows hosts
- Considerations on using Snare, WMI polling or Splunk light weight forwarders
- Receive events whenever someone plugs/unplugs a USB device
- How to use Scripted Inputs in Splunk with AllSigned Execution Policy
Using Splunk forwarders
- Deploying lightweight forwarders
- How to design the right forwarder for your environment
- How to find "lost" forwarders
- How to set up fschange with fullEvent for UF and Indexer
Using syslog
- Create syslog-ng rules to send data to Splunk
- Best Practices for configuring Syslog Input
- How to configure Mac OS X syslogd to forward data to Splunk
- How to configure Mac OS X syslogd to forward data to splunk (Portuguese)
- Community:Test:How_Splunk_behaves_when_receiving_or_forwarding_udp_data
Other
- Working with UDP connections
- Dynamically Editing Lookup Tables
- How to mask password in json at indexing time when using INDEXED_EXTRACTION
Configuring data inputs
- Adding archived/historic data to Splunk
- Setting a blacklist to Index and Forward
- Monitoring a directory with various sourcetypes
Getting specific data types
- Getting data from the Cisco Security Agent (CSA) into Splunk
- How to get data from Novell Netware into Splunk
- How to index VMware ESX or ESXi data via syslog
- Indexing Tripwire logs
- Gathering HP-UX Audits
- Get Arcsight ESM data into Splunk
- Field extractions for Squid data
Troubleshoot Data Indexing
How to contribute
Want to add information to an existing topic or create a new topic? Click here for instructions.