Getting Data In

Discussions

Thread Info

Import configs into an app from another app

I tried importing the configs of one app1 (specifically for props.conf) to another app2 based on the accepted answer ...

by Engager in

What is an example of what the outputs.conf file would look like on a universal forwarder in an index clustered environment?

Can someone please provide an example of what the outputs.conf file would look like on a universal forwarder in an in...

by Builder in

Indexer in cluster not receiving logs from devices external to environment

I was looking into an issue where one indexer in a cluster was not receiving logs from devices external to my environ...

by New Member in

props.confとtransforms.confを使用したデータ取り込み時のフィルタの方法について

・背景データ取り込み時に特定のイベントのみ抽出したいとき、props.confとtransforms.confに以下のような設定で実現できるかと思います。例として、項目statusの値がerrorのイベントのみ抽出したい場合を想定...

by New Member in

Avoid overriding the host for a TCP input

Hi all, I've discovered that, by default, Splunk wants to override any tcp input's host to use the IP of the remot...

by Contributor in

indexes.conf in both /system/local and /slave_apps/_cluster/local in a cluster environment

Hello, We have few indexers which are in clustered environment but i see there is indexes.conf in both /system/loc...

by Communicator in

Help with data masking

Below is the sample mocked up data .I want to mask the the ones's highlighted .The sample data is part of an event wh...

by Builder in

REST API (rest_ta) SSL Error 20 Not a Directory

I am using the rest_ta app (https://splunkbase.splunk.com/app/1546/). However, I have realized this application, b...

by Path Finder in

Route Windows events in RFC3614 format to splunk and Syslog format to syslog reciever.

hi, we are trying to route windows security event logs from UF's to Splunk indexers and also to a syslog aggregato...

by Path Finder in

Issues sending filtered data to specific index

I have an index named myindex. I'm trying to filter out lines that contain CRON entries in the auth.log, and send ...

by New Member in

Translate my windows event viewer search query to splunk search query

Hi, I would like to translate my windows event log custom query to splunk search syntax. <QueryList> <Query I...

by New Member in

How can I keep my data unique with manually uploading two overlapping log files?

How can manual data uploads with overlapping log files include only unique data? The goal is to avoid uploading dupli...

by New Member in

How to extract an event timestamp where seconds and milliseconds are concatenated without padded zeros?

I came across a weird log format where the seconds and milliseconds are concatenated without padded zeros. Example...

by Motivator in

Indexer Menu 7.2.3

What is the significance of searchable copies and replicated copies flapping between green and gray on the indexer cl...

by Path Finder in

Can “Microsoft Office 365 App for Splunk” use log data from “Microsoft Azure Active Directory Add-on for Splunk” for the Azure AD logs?

One question about “Microsoft Office 365 App for Splunk”. Can it use log data from “Microsoft Azure Active Directo...

by Explorer in

Getting Data In

Discussions

Import configs into an app from another app

What is an example of what the outputs.conf file would look like on a universal forwarder in an index clustered environment?

Indexer in cluster not receiving logs from devices external to environment

props.confとtransforms.confを使用したデータ取り込み時のフィルタの方法について

Avoid overriding the host for a TCP input

indexes.conf in both /system/local and /slave_apps/_cluster/local in a cluster environment

Help with data masking

REST API (rest_ta) SSL Error 20 Not a Directory

Route Windows events in RFC3614 format to splunk and Syslog format to syslog reciever.

Issues sending filtered data to specific index

Translate my windows event viewer search query to splunk search query

How can I keep my data unique with manually uploading two overlapping log files?

How to extract an event timestamp where seconds and milliseconds are concatenated without padded zeros?

Indexer Menu 7.2.3

Can “Microsoft Office 365 App for Splunk” use log data from “Microsoft Azure Active Directory Add-on for Splunk” for the Azure AD logs?

How to ensure regex filters in transforms.conf and a stanza in props.conf only applies to a specific input?

Indexing live XML data from large files

How to use split in search?

How to edit outputs.conf for universal forwarder in linux

Script for install Splunk Forwarder on Windows?

VMware addon in unable to collect data from vcente...

rsyslog configuration and receiving results on dif...

Unable to index Windows registry monitoring (Certa...

WinRegMon - Inputs.conf works on localhost but not...

Onboard logs from McAfee EPO Cloud