Getting Data In

Discussions

Thread Info

Why does splunk think it can't parse my timestamp

I am seeing some odd behavior. My setup is this: Splunk 6.3.1 Enterprise, 1 search head, 4 indexers, 1 forwarder Plus...

by Contributor in

How to search duration using two timestamps?

Hi, We need to find duration between timestamps and the format looks like below. max_time=1461593558.000 min _...

by Path Finder in

Why can't Splunk index my entire log file?

I am trying to index a somewhat long log file (about 38805 bytes according to the tailing processor). This log file c...

by Path Finder in

Monitoring directory loaded with LFTP Mirror causes reindexing. How should I solve this?

I'm using Splunk 6.3.2 with a simple monitor stanza in inputs.conf that watches all the *.txt files in a particular d...

by Explorer in

How to configure a heavy forwarder to filter out the ending string from Windows security event logs?

Hello guys I'm trying to drop the end of all Security events: This event is generated when a logon session is c...

by Path Finder in

Splunk Reindexes File that gets a new first line when closed

Hello, My problem is simple to explain: I have an app that generates logs that are written whenever a new action i...

by Path Finder in

Why are IIS logs not being indexed from Windows Share?

I have a universal forwarder (6.3.3 x64) installed on Windows Server 2012 R2 that is supposed to index IIS logs that ...

by New Member in

How to split a TCP input on STX/ETX (0x02/0x03), no line breaks, into separate events?

Hello, I'm trying to accept TCP input from a device which wraps each transmission into STX/ETX pair (ASCII 002/003), ...

by Builder in

get source files not updated in last 1 hour

I want to get source files not updated in last 1 hour in specific host. Like in host java123 there are 2 logs /logs/a...

by New Member in

Hourly CPU spike on indexers

Hey, Is there some internal scheduled event on an indexer than runs every hour? We're seeing our average CPU go fr...

by Path Finder in

Why is the Splunk Python SDK not returning formatted numbers in the JSON response?

Splunk Python SDK does not return formatted numbers in the JSON response. Example: |eval var1=tonumber(var2)| t...

by Motivator in

universal forwarder on windows: installation directory must be on a local hard drive

I've installed the universal forwarder on two of my domain controllers without issue. For some reason, on the rema...

by New Member in

Can I alias "host" and "source" fields from incoming logs so they don't interfere with Splunk's built-in fields?

Splunk inherently has host and source fields to log the host (forwarder) and source (log file) for each event. Howeve...

by Builder in

setup.xml: still magic for beginners - how can I realize an "I agree" confirmation?

we have two problems with setting up a setup.xml file: 1) actually we want to use the setup.xml file to just infor...

by Explorer in

Is there a parser that will convert Windows SDDL or ACE format strings into human readable content?

Hi, Is anyone aware of an existing parser that will convert windows SDDL format or ACE format strings into human r...

by SplunkTrust in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why does splunk think it can't parse my timestamp

How to search duration using two timestamps?

Why can't Splunk index my entire log file?

Monitoring directory loaded with LFTP Mirror causes reindexing. How should I solve this?

How to configure a heavy forwarder to filter out the ending string from Windows security event logs?

Splunk Reindexes File that gets a new first line when closed

Why are IIS logs not being indexed from Windows Share?

How to split a TCP input on STX/ETX (0x02/0x03), no line breaks, into separate events?

get source files not updated in last 1 hour

Hourly CPU spike on indexers

Why is the Splunk Python SDK not returning formatted numbers in the JSON response?

universal forwarder on windows: installation directory must be on a local hard drive

Can I alias "host" and "source" fields from incoming logs so they don't interfere with Splunk's built-in fields?

setup.xml: still magic for beginners - how can I realize an "I agree" confirmation?

Is there a parser that will convert Windows SDDL or ACE format strings into human readable content?

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

Ingest Cayosoft Administrator logs into Splunk

Lopping Off Dot Notation Field Names

Splunk on GCP: what's the benefit of running dataf...

scheduler.log broken korean

Suggestions Please: REST Api, csv,html