Getting Data In

Discussions

Thread Info

Getting a list of field extractions using the API

There are 2 endpoints that seem to return extractions which are data/transforms/extractions and data/props/extraction...

by Path Finder in

per_sourcetype_thruput logging stopped

For several UF's, I've noticed that the metrics.log 'persourcetypethruput' entries have stopped completely, for days ...

by Explorer in

Filter data by condition on a heavy forwarder

Hello , Please i need to filter data on the heavy forwrader to eliminate some logs , Exemple : i need to ingnore...

by Path Finder in

Multiple fields to filter against Single inputlookup file

Hi Experts Actually I am searching on one index, where Userid is with multiple fields like user,userids,useridvalu...

by Explorer in

JSON log extraction at index time

Hi, I am trying to extract a JSON log file at index time. The log structure has a nested key(key,value) pairs. Like f...

by New Member in

Heavy forwarder - Could not send data to output queue (parsingQueue)

Below is my use-case (Heavy Forwarders -> Indexers). Need expert assessment. 1) I have very huge log files. 2) So,...

by Builder in

How do I forward and delete logs?

I would like to be able to forward logs and then delete them using a UF. How can I do this? For the sake of the Sp...

by Motivator in

Why are JSON fields extracted and displayed twice?

JSON fields are extracted twice. On Universal forwarder (7.0.3) the settings props.conf are like this [my_sourc...

by Path Finder in

Feeds TOR network traffic

Hello all. I'm now working out how to detect tor traffic. How better me do this? Maybe some articles, guides, some tr...

by Builder in

csv files with variable structure - how to input ?

Hi, There is a task to index csv structured files where the structure depends on one or several fields. For example i...

by New Member in

How to export "Structured Logs" from Splunk to CSV file

Hello. I am new with Splunk, I have the following question/issue: My goal is to parse a raw log file with Splun...

by New Member in

How to forward Windows 2003 logs

New to Splunk, I am trying to get logs forwarded from a 2003 server that we have, but having no luck. I installed a ...

by New Member in

Why are logs forwarding from server to Splunk server but not in a readable format (-splunk-cooked-mode-v3)?

The logs are forwarding to from our server to the Splunk server. But the logs are not readable format. (Attached scr...

by New Member in

Anonymize Multiple Data Points in Splunk Search

I am trying to anonymize customer credit card data in splunk logs but when more than one card appears in the same eve...

by Path Finder in

how to pass a global variable as source?

I add a global variable like below ` globalvariable <query> | makeresults | eval var="D:\ALM-Splunk-Delivery\R...

by Engager in

How to parse combined JSON and Syslog event?

I have an event that has a syslog preamble with a JSON body. They take this shape: <190>0 2019-08-27T17:51:22.876...

by New Member in

How to set up a heavy forwarder to forward data to Splunk Cloud?

HI! I am setting-up a heavy forwarder to forward data to Splunk Cloud. Do I just follow the instructions for se...

by Explorer in

Sourcetype on SH overwriting config on HF

Hi, I am working in a shared environment with several Heavy Forwarders that sent data to Splunk Cloud Indexers and...

by Communicator in

Problem with json and duplicate events

Hi I have this data indexed, as you can see there is only one monitoredelementid. {"monitoredjobs":[{"monitoredele...

by New Member in

Dropping blank paths in a JSON search

Hi, I am doing some experimentation wirh regards JSON events. I have two events loaded: { "event": { "time": "2...

by Path Finder in

Getting Data In

Discussions

Getting a list of field extractions using the API

per_sourcetype_thruput logging stopped

Filter data by condition on a heavy forwarder

Multiple fields to filter against Single inputlookup file

JSON log extraction at index time

Heavy forwarder - Could not send data to output queue (parsingQueue)

How do I forward and delete logs?

Why are JSON fields extracted and displayed twice?

Feeds TOR network traffic

csv files with variable structure - how to input ?

How to export "Structured Logs" from Splunk to CSV file

How to forward Windows 2003 logs

Why are logs forwarding from server to Splunk server but not in a readable format (-splunk-cooked-mode-v3)?

Anonymize Multiple Data Points in Splunk Search

how to pass a global variable as source?

How to parse combined JSON and Syslog event?

How to set up a heavy forwarder to forward data to Splunk Cloud?

Sourcetype on SH overwriting config on HF

Problem with json and duplicate events

Dropping blank paths in a JSON search

Change the time stamp in the log data by adding 2+...

Splunk HF monitoring a file

Monitoring WEC .evtx files on another drive

Timestamp in 1/1/1900 format

unable to push waf logs through HEC- error says HE...