Getting Data In

Discussions

Thread Info

Index a file according to the modify time only

I have files uploaded to the NT share The file is indexed and will be updated daily by QC system Most of the time t...

by Path Finder in

how to find splunkd.log at windows server 2008 until 2016

server after restart splunk services few days later still happen not phone home between server to splunk Enterprise. ...

by New Member in

How can I prevent reindexing events after a reinstall of universal forwarder

I am working on a docker for a universal forwarder. The docker worked well until I reconfigured it for automatic rest...

by Path Finder in

6.1.3 forwarder compatibility

I have a 6.1.3 forwarder installed on Windows XP with a 6.5.3 Indexer installed on Windows 10. I am unable to receive...

by New Member in

Automatic lookup to match hostnames with and without FQDN

Hello, I need to generate an automatic lookup to match certain hosts for a project i'm working on. the thing is, I...

by Communicator in

Compare The Actual Start Time to The Expect Start Time

I need a query that will compare run statistics from a list of jobs (msg.jobName = RLMMTP*) that run everyday. The st...

by Engager in

How to configure universal forwarder to ignore a directory

Hello, I currently have a Splunk universal forwarder on a few of my windows servers. The UF config is received by my ...

by Path Finder in

HEC not giving JSON output when using python

I am fairly new to python and I am trying to use a python script to get the health of my HEC in JSON format. When ...

by Explorer in

Need help with inputs.conf

Hello I have some directories that I need to monitor. Using updated inputs for the TA_nix app I am adding syslog/l...

by Communicator in

different results searching json data depending on app

I am ingesting JSON data via the HEC on a HeavyForwarder, but when I query the data in SplunkCloud, I have different ...

by Path Finder in

Universal Forwarder don't write events to persistent queue with graceful service shutdown

I'm using distributed Universal Forwarders in remote location in order to collect events from remote sites. To preven...

by Explorer in

Sourcetype changes when we moved from loginsight to syslog-ng

Hi, It would be great if some out there has a better understanding of source typing than I could give us some help. ...

by New Member in

Build table by char position in string

Hi, I´ve got this event -> 2020/02/14/16:12:28:872 MachineNumber="K003991_HT" Pass="FPPPPPPFPPPPPPPPPPPPP...

by New Member in

How to Schedule a job to delete 30 days older records from KV Store?

Hi All, I have created a KV store which receives 100,000 records daily. I need only 30 days of historical data to...

by Explorer in

Not able to see VMWare related fields in splunk

Hi, I am trying to build dashboard which will list performance stats for VMWare like CPU, Memory and Storage utliz...

by Loves-to-Learn in

when a setup a blacklist in input.conf, will it decrease the usage of license?

As I asked, if I setup a blacklist to deny some logs, does the dropped logs still occupy the license quota?

by New Member in

Windows Universal Forwarder Not Forwarding to Indexer

This is a new Splunk deployment using a single instance to serve as Indexer, Search Head, and Deployment Server. We u...

by Explorer in

Forward to third-party API via POST

The target API expects entries to come via a specific URL endpoint and works with json files. I managed to create an ...

by Explorer in

Future Request: Epoch Time Correction

| makeresults | eval time=-62167252739 | eval _time=time | eval time_text=strftime(_time,"%c %::z") -62167252739 ...

by SplunkTrust in

Field Parsing Address for Numbers

I'm fairly new to Splunk. I have a field (address). How can I parse just the all numbers from an address line to a ne...

by Engager in

Getting Data In

Discussions

Index a file according to the modify time only

how to find splunkd.log at windows server 2008 until 2016

How can I prevent reindexing events after a reinstall of universal forwarder

6.1.3 forwarder compatibility

Automatic lookup to match hostnames with and without FQDN

Compare The Actual Start Time to The Expect Start Time

How to configure universal forwarder to ignore a directory

HEC not giving JSON output when using python

Need help with inputs.conf

different results searching json data depending on app

Universal Forwarder don't write events to persistent queue with graceful service shutdown

Sourcetype changes when we moved from loginsight to syslog-ng

Build table by char position in string

How to Schedule a job to delete 30 days older records from KV Store?

Not able to see VMWare related fields in splunk

when a setup a blacklist in input.conf, will it decrease the usage of license?

Windows Universal Forwarder Not Forwarding to Indexer

Forward to third-party API via POST

Future Request: Epoch Time Correction

Field Parsing Address for Numbers

Using Splunk Universal Forwarder and scripted inpu...

why Splunk is not able to index all the data from ...

Collect Perfmon counters data for ASP.NET & Paging...

Splunk eStreamer for FMC version 4.011 setup page...

Invalid key in stanza - kv_mode (value: xml)