Getting Data In

Community Activity

	What PCRE regex can we use in our transforms.conf? Hi We need to ingest only those events which starts with any of the below strings ; (please note its starts with n... by roopeshetty Path Finder in Getting Data In 03-24-2023 0 1	0	1
	Ingesting logs from SFTP Server via HF Hello,Can someone guide me on how can I ingest logs from a SFTP server? I have available Heavy Forwarders that sit ou... by tokio13 Path Finder in Getting Data In 03-24-2023 0 3	0	3
	How to resolve SSL error with tcp-ssl input? I have a Splunk server which is receiving data on a tcp-ssl port successfully for a particular application (SecureCir... by roberteves Explorer in Getting Data In 03-23-2023 0 2	0	2
	Do we have a Splunk script that will tell us the total number of disabled accounts or/and the rate of disablement? Would like to know if there is any query available that will tell us the total number of disabled accounts in Active ... by msusai02 New Member in Getting Data In 03-23-2023 0 1	0	1
	Why is there log file data from some linux boxes and some are not sending data? I am getting log file data from some linux boxes and some are not sending data. Unable to find the reason why?Please ... by AK_Splunk Explorer in Getting Data In 03-22-2023 0 4	0	4
	How to blacklist a forwarder? I have a 250 forwarders in my environment. I have one server that no one can reach a solution on due to low priority.... by mad4wknds Path Finder in Getting Data In 03-22-2023 0 11	0	11
	How to configure the indexer for Linux Logs? I am attempting to audit the usage of commands such as chown or chomod on my linux environment. Through the below qu... by kymenope Explorer in Getting Data In 03-22-2023 0 5	0	5
	Why doesn't my Transform sourcetype work? Hi, I'm tring to change the sourcetype of all data of a specific source in props.conf [source::/var/log/messages]TRAN... by manuelmosca New Member in Getting Data In 03-22-2023 0 4	0	4
	How to join match on closest time? Hi, After some advice please. I am using a left join with Max=0 as need to find some events over a 24 hour period, h... by finchy Explorer in Getting Data In 03-22-2023 0 1	0	1
	Why is wildcard not working in log file name for input.conf? Hello, I have the input.conf for several log files as [monitor:///u01/mnt/log-1/data/trafficmanager/access/*] index... by phamxuantung Communicator in Getting Data In 03-22-2023 0 5	0	5
	Receiving error that “could not load lookup xxx” when using Splunk API to call report, but no such lookup files hi i got a weird problem when i call Splunk API'https://localhost:8089/servicesNS/-/search/search/jobs?output_mode=js... by Zane Explorer in Getting Data In 03-21-2023 0 0	0	0
	How to clean up dnslogs and replacing and trimming characters? We have some MS dns logs we want to ingest and we want to clean up some of the text before processing. Essentially ... by secphilomath1 Explorer in Getting Data In 03-21-2023 0 1	0	1
	Why is Splunk showing a time difference? HiWe are trying to write the props from couple of days Issue: splunk showing time difference 4 to 5 hours logs are co... by Jackinout9 Loves-to-Learn in Getting Data In 03-21-2023 0 4	0	4
	Windows Eventlogs from windows splunk universal forwarder lacking timezone Timezone on my splunk indexer is GMT and windows machine is PST. I found that the metadata from Windows Eventlogs los... by Alex00001 Loves-to-Learn in Getting Data In 03-21-2023 0 6	0	6
	How to send event from UF to multiple Heavy Forwarders and different indexers I have the following situation:I have an universal forwarder that were sent logs to (HF1 and index=idx1)Could you pro... by randqm Loves-to-Learn Everything in Getting Data In 03-21-2023 0 5	0	5
	Why am I receiving warning about apps and default apps? does this affect anything typically? I ask this because I have apps that I downloaded from splunkbase and put into /... by domino30 Path Finder in Getting Data In 03-20-2023 0 1	0	1
	Documentation for AWS app for S3 Hi We have a requirement to pull data from third-party aws account. Third party provider will push the data to a S3 ... by Luckyani Explorer in Getting Data In 03-20-2023 0 0	0	0
	For inputs.conf, can the time_before_close setting be used with [batch]? Follow on question to https://community.splunk.com/t5/Getting-Data-In/Can-batch-read-a-partial-file-such-that-the-of-... by actionabledata Path Finder in Getting Data In 03-20-2023 0 1	0	1
	How do I individual count each of them in this path? So, I wanted to Split the path into multiple events so that i can count whatever i want to count like active or dev o... by thiruyadav17 Engager in Getting Data In 03-20-2023 0 2	0	2
	DB Connect - Problemas con JDBC (petaSQL)? I am new to Splunk technology and I would like to learn Splunk.I have tried to connect a petaSQL server from Splunk, ... by jaegyunk New Member in Getting Data In 03-20-2023 0 2	0	2
	How to uninstall Splunk Enterprise on Windows 11? Hello, I would like to uninstall Splunk on my windows machine, do i need to stop the service first and then uninstall... by Roy_9 Motivator in Getting Data In 03-20-2023 0 1	0	1
	Why does btool quit with "SPLUNK_HOME must be set. Stopping."? My GoogleFu is failing me. There's a lot of btool tutorials, but I can't find this solution... I'm on a Windows 10 sy... by mykol_j Communicator in Getting Data In 03-20-2023 0 4	0	4
	Multiple file monitors on Windows machine- Some work only when others are disabled? I'm having difficulty ingesting log data from flat files into Splunk. I'm monitoring six different directories, each ... by mburgess97 Path Finder in Getting Data In 03-20-2023 0 10	0	10
	How to search for events with domains on DNS Blocklist? I have lookup table with a DNS blocklist. What query can I use to search for events with any of the blocklisted domai... by waJesu Path Finder in Getting Data In 03-20-2023 0 2	0	2
	Getting mainframe logs into Splunk? hi, How can i get logs from mainframe into splunk is there any forwarder avaialble? if not whatelse can be done to ge... by ChhayaV Communicator in Getting Data In 03-20-2023 0 8	0	8