Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is Syndication input repeating events?

jovelfer
Engager
‎02-24-2022 01:46 AM

Hi all,

I'm using the syndication component (latest version), to fetch data from multiple feeds:

https://www.cloudflarestatus.com/history.atom
https://cloud.ibm.com/status/api/notifications/feed.rss
https://status.aws.amazon.com/rss/all.rss
https://status.cloud.google.com/feed.atom
https://ocistatus.oraclecloud.com/history.rss

By adding the entries, the events have started to repeat every time each feed is processed, which is 5 minutes, that is, it is re-indexing the entire set of events every 5 minutes for each feed. The check is activated so that it only takes into account new events.

When I set one feed, for example google feed with 3 events:

jovelfer_0-1645695438462.png

After 5 min:

jovelfer_1-1645695510537.png

If I make:

index=gcc_extension_1 source = syndication://google_gcc_ext | stats count values(host) values(source) values(sourcetype) values(index) by _raw | WHERE count>0

There are 6 results, note that it is not the entire _raw that is repeated, since the _indextime is different each time the array is processed.


I've been researching and doing all kinds of tests for a long time, but I don't know what the problem could be. If anyone could help me out a bit with this I'd really appreciate it.

Here, the detail of feed conf:

jovelfer_2-1645695596944.png

Aside from screenshots, I can provide configuration as needed.

Thank you very much in advance.

Labels (2)
Labels
0 Karma
Reply

jovelfer
Engager
‎03-01-2022 08:16 AM

Any update on this?

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...