Getting Data In

Community Activity

	How to convert bulk evtx files in a folder to CSV files for ingestion? Hi all. I have a folder with about 200 evtx files. The following command works for 1 file. How can I process/convert ... by sbgoldberg13 Explorer in Getting Data In 01-05-2023 0 3	0	3
	How to avoid default LINE_BREAKING from splitting up the following log into multiple lines? We see that the following log lines are always split into multiple events. I've tried multiple variations of LINE_BRE... by dnavara Explorer in Getting Data In 01-05-2023 0 4	0	4
	Why is regex working fine in standalone Splunk but not in clustered environment? Regex working fine in standalone splunk but not in clustered environment.1) Indexer conponent of app-->test_log_idx h... by AK_Splunk Explorer in Getting Data In 01-05-2023 0 6	0	6
	How to change all date fields with the correct time zone? I have data with multiple date fields in GMT time. when I import the data with setting the TZ=Europe/Berlin, I see th... by vanheer Explorer in Getting Data In 01-05-2023 0 4	0	4
	How to use rsync to move frozen data to another location? I was looking at rsync to move some frozen buckets to another location. One concern, if rsync picks up new frozen d... by mdtoro Explorer in Getting Data In 01-04-2023 0 3	0	3
	Why do events duplicate when I use table command? by karu0711 Communicator in Getting Data In 01-04-2023 0 1	0	1
	Indexes/Source Types Best Practice - Data Onboarding New customer seeking guidance for creating indexes/sourcetypes and determining granularity. Primarily we're looking ... by tretrigh Path Finder in Getting Data In 01-04-2023 0 3	0	3
	When I search splunk, I'm missing all data from about 100 of the files that list monitor shows that I'm watching? I'm having an issue with one of my monitored paths. Here's the monitor stanza, the blacklist line should only blackl... by cmwhitmanjr Loves-to-Learn in Getting Data In 01-03-2023 0 9	0	9
	How to remove all duplicates? Hi, i got this query \| tstats summariesonly=t allow_old_summaries=t dc(All_Traffic.dest_port) as num_dest_port dc(All... by joango New Member in Getting Data In 01-02-2023 0 1	0	1
	OSX - Unsigned library raises error for python3 modular input? Hi, I developed a modular input making use of Python Cryptodome library (https://pycryptodome.readthedocs.io). When e... by paolo_prigione1 New Member in Getting Data In 01-02-2023 0 4	0	4
	Getting wrong time for event? I have an add on for unix and linux downloaded on my monitored servers and the data is sent to my indexers. In the Un... by olivera Explorer in Getting Data In 01-02-2023 0 19	0	19
	Where can I get the updated sample data for practicing searches using SPL? please where can i get the updated sample data for practicing searches using SPL? thanks in advance by Lorenzo1 Path Finder in Getting Data In 12-31-2022 0 12	0	12
	custom fields overriding Hi at all,a question before starting a new configuration.I configured custom fields on some Universal Forwarders usin... by gcusello SplunkTrust in Getting Data In 12-30-2022 0 0	0	0
	"Failed to find newline while reading transport header" when querying API Hello,I have a problem with a custom app in Splunk. I've written a simple app that uses the Python requests-library t... by dedupper Explorer in Getting Data In 12-29-2022 0 1	0	1
	High memory usage due to splunk universal forwarder hai all,how to resolve high memore usage on splunk universal forwarder how to check due to which files causing the is... by sekhar463 Path Finder in Getting Data In 12-29-2022 0 0	0	0
	exchange Hello. how to collects microsoft exchange 2019 audit logs to splunk by ates77 Explorer in Getting Data In 12-29-2022 0 1	0	1
	federated search in splunk What is the difference between standard and transparent federated search type in splunk with examples or usecase? by vk1109 New Member in Getting Data In 12-28-2022 0 1	0	1
	UF inputs.conf stanza I'm working on an input.conf from a universal forwarder when I noticed the first stanza is missing a ]ex:[WinEventLog... by ITSplunk117 Path Finder in Getting Data In 12-28-2022 0 1	0	1
	How to increase indexer speed or size to write disk? Recently I upgraded splunk enterprise to 9.0.2 version.After few days, Index queue fill ratio is 100% and indexing ra... by HS Loves-to-Learn in Getting Data In 12-28-2022 0 1	0	1
	Trying to extract field and trim log after? Hello everyone! I am trying to extract hostname from syslog-heading, and after trim it? Is it technically possible? M... by bosseres Contributor in Getting Data In 12-27-2022 0 4	0	4
	How can I black list event code and user type? I'm trying to blacklist the event code 4634 when user_type = computer. I'm using the below blacklist in my inputs.co... by billf New Member in Getting Data In 12-27-2022 0 0	0	0
	How to get linux logs to blacklist in input.conf? Hi Team, getting huges audit logs and wanted to blacklist in input.conf . index=linux source="/var/log/audit/audit... by shashilendra Explorer in Getting Data In 12-27-2022 0 5	0	5
	How to write a Splunk search to get to a field value that belongs to particular field? Good day, i am using search query to correlate one field belongs and related jobs for that field i am using below que... by sekhar463 Path Finder in Getting Data In 12-26-2022 0 1	0	1
	What are the best practices for defining source types? I've heard that using Splunk's default source type detection is flexible, but can be hard on performance. What is the... by sloshburch Ultra Champion in Getting Data In 12-25-2022 0 17	0	17
	Getting in the commands from cisco devices Hi, I collected the cisco deviceslog with "Cisco Networks Add-on for Splunk Enterprise". And install "Cisco Networks... by m_zandinia Path Finder in Getting Data In 12-24-2022 0 0	0	0