Getting Data In

Discussions

Thread Info

Create an alert based on CPU being at X% for a span of X minutes

Hi Everyone! I have researched this issue and found a few solutions, though not completely. I followed this link: htt...

by Explorer in

Use VSS Shadow Copy to Back Up Warm Buckets

I have a cluster of Windows indexers. I need to backup my new warm buckets every day and cannot afford to wait until ...

by Explorer in

AWS logs push to on-premise splunk with universal forwarder

Hi Everyone, I am new to splunk configuration. So looking for guidance and step by step configuration. I need t...

by New Member in

Line Breaking without removing field

In my props.conf, I have LINE_BREAKER=field1 this breaks the events how I want but it removes field1 from every event...

by Explorer in

Issues with Parsing JSON

Hello everyone, I having issues using Splunk to read and extract fields from this JSON file. I would appreciate an...

by New Member in

Windows 2016 updates Powershell input not working?

All, I enabled in powershell input in Splunk_TA_nix for windows update logs on Win2016 and all I get it this. ...

by Builder in

Direction on how to troubleshoot this perfmon issue?

All, I have the stock Splunk_TA_Windows 6.0.0 installed 6.0.0 with default inputs.conf enabled. Since pushing it ...

by Builder in

JSON Data Query

We are ingesting JSON data similar to the following: { "Id":"987654321", "data":[ { "answer":...

by Explorer in

Send .log using logback.xml to splunk

Hello. I'm trying to integrate splunk with my local project developed in Java. I have a main project called send-...

by New Member in

incomplete log for overwriting log file

Our system is generating log files named stdout.{pid}.log, the 'pid' here is the process id of current login session,...

by New Member in

Unable to access /configs/conf-server endpoint when validating modular input configuration

I would like to pull the proxy configuration from server.conf when validating my modular input so I can validate the ...

by Explorer in

Understanding props.conf and when it gets used.

Hello All, as far as i know splunk merges all probs.conf (All TAs, Apps, Add-ons) in one single probs.conf. Like t...

by Path Finder in

size and timestamp of lookup files

The lookup table files view only shows some basic info about the file. I often like to know the size and the age of t...

by Explorer in

How to output a file in CSV format with maxresultrows in it, using curl?

I'm trying to output a file in CSV format with maxresultrows in it, using curl. It works the way I want: $(curl...

by New Member in

Swagger definition for HEC Endpoint REST API

Hi, I need a definition of the HEC Endpoint REST Api in Swagger so that a gateway that will nbe used to pass on data ...

by Contributor in

windows citrix

Hello, At the moment, don't have access to the Citrix logs; only Windows Logs (Sec/App/Sys). Does anyone know how I c...

by Builder in

New SourceType and pushing out

I have a requirement to duplicate a default SPLUNK sourcetype. The duplicate sourcetype is based on the JSON sourcety...

by Contributor in

my python output with Json format is enclosed with Unicode character and so splunk is not parsing properly the fields

I have python script configured in the HF , the script output are enclosed with unicode character U' in the output so...

by Builder in

How to send some syslog messages to nullQueue - naive config not working

Running Enterprise 8.0.2.1. Data is coming in from a universal forwarder with index=syslog sourcetype=syslog and I'm ...

by New Member in

Not able to add monitor a directory. I'm getting Parameters must be in the form '-parameter value' error.

I tried two ways1). C:\Program Files\SplunkUniversalForwarder\bin>splunk add monitor -source C:\Program Files\Atlassi...

by Path Finder in

Getting Data In

Discussions

Create an alert based on CPU being at X% for a span of X minutes

Use VSS Shadow Copy to Back Up Warm Buckets

AWS logs push to on-premise splunk with universal forwarder

Line Breaking without removing field

Issues with Parsing JSON

Windows 2016 updates Powershell input not working?

Direction on how to troubleshoot this perfmon issue?

JSON Data Query

Send .log using logback.xml to splunk

incomplete log for overwriting log file

Unable to access /configs/conf-server endpoint when validating modular input configuration

Understanding props.conf and when it gets used.

size and timestamp of lookup files

How to output a file in CSV format with maxresultrows in it, using curl?

Swagger definition for HEC Endpoint REST API

windows citrix

New SourceType and pushing out

my python output with Json format is enclosed with Unicode character and so splunk is not parsing properly the fields

How to send some syslog messages to nullQueue - naive config not working

Not able to add monitor a directory. I'm getting Parameters must be in the form '-parameter value' error.

Invalid key in stanza - kv_mode (value: xml)

TCP/SSL destination: Forwarder to third party app...

How to get the unicode/chinese character into kvst...

Update sysmon config

Data flow/input question - see data being received...