Getting Data In

Community Activity

Regex help to mask data I have to ingest some data so i've created a field called customer data and the regex works fine - ^[0-9]{16}.{249}(?... by vishalduttauk Communicator in Getting Data In 09-28-2022 0 11	0	11
How to onboard AIX wtmp logs to splunk? We would like to know how to onboard an AIX wtmp logs to splunk ?Can it be done via Universal Forwarder ? If so can y... by pshelke Observer in Getting Data In 09-28-2022 0 1	0	1
Why is event time different from server time? Hi all, we have migrated HF where DB connect app was installed and now events from DB app on new HF have different ti... by Sept11 Loves-to-Learn Lots in Getting Data In 09-28-2022 0 0	0	0
How can I keep Syslog from reading and storing data? In syslog ng I didn’t want to read the data and store the data , how do you do that? by Rah Loves-to-Learn in Getting Data In 09-27-2022 0 1	0	1
How to Parse and Tag custom application logs before forwarding to Splunk server? Dear Splunkers, really sorry for my question , I do feel that reply would be on another thread(couldn't find it), but... by filosv Engager in Getting Data In 09-27-2022 0 4	0	4
Trouble extracting multivalue fields- How do I separate these fields into their own events? Hi all - I am having trouble pulling out mv fields into separate events. My data looks like this: I'd like to pull ea... by mistydennis Communicator in Getting Data In 09-27-2022 0 1	0	1
How to merge 2 json objects? Hello, I have an existing json object and I'd like to merge another json object into it. I don't want to combine them... by youngstrommj Explorer in Getting Data In 09-27-2022 0 1	0	1
How to extract xml value having multiple same child tag? I have following sample XML event where I want to extract specific value for a child tag . Ex when <Order fact> val... by Vkeshar Loves-to-Learn in Getting Data In 09-26-2022 0 1	0	1
Why is our new cloned server reflecting an old hostname? We have a server that was cloned to that have a different hostname. The old server was shutdown and the team is now u... by teddyidc1101 Communicator in Getting Data In 09-26-2022 0 8	0	8
What search can list the Empty indexes which are not sending data to splunk enterprise? Hi team, I am from admin team i wanted to how many of indexes are empty and are not having data anymore in it so that... by deepthi5 Path Finder in Getting Data In 09-26-2022 0 3	0	3
How to use collectd on a remote host with Universal Forwarder? Hello, My goals is to send rrd file data to a splunk indexer. I have a remote host that currently forwards linux_secu... by eholz1 Builder in Getting Data In 09-26-2022 0 3	0	3
Is it possible to have scheduled saved search using summary indexing and dynamic token depending on user query? Hello,one user wants to convert dashboard with token to summary indexing dashboard.We are using \| sistats or similar,... by splunkreal Influencer in Getting Data In 09-26-2022 0 0	0	0
How to change date format multiple time Hello,I'm trying to change my date format two times because i want to sort to order my month from January to December... by fatanyk Explorer in Getting Data In 09-26-2022 0 2	0	2
Possible to rewrite the sourcetype twice? Hi,I am trying to get the Splunk_TA_esxilogs app to work in our Splunk Enviroment, but cant get it working together w... by Fonzie2k Path Finder in Getting Data In 09-26-2022 0 4	0	4
Why have Indexes stopped logging query/alert? Hi - I am trying to run the below query to help create an alert that will show when we haven't had an alert for a par... by Sion2233 Observer in Getting Data In 09-26-2022 0 1	0	1
IIS logs ingestion- Why is it showing 'invalid directory'? Hello All, It is with reference to the Logs ingestion of IIS server. I have universal forwarder installed on the IIS... by sonishar Explorer in Getting Data In 09-26-2022 0 3	0	3
IIS Logs-Do i need to copy the Splunk_TA_microsoft-iis folder to the server with the iis logs? Hi, I am trying to setup iis logs forwarded to splunk enterprise. I am a bit confused as new to splunk but i have ins... by JohnC67 Engager in Getting Data In 09-26-2022 0 8	0	8
if no events when i was learning splunk i encountered following question:analyze following SPL query* \| outputlookup my dummy.cv... by kimmyb Loves-to-Learn in Getting Data In 09-25-2022 0 6	0	6
Many small files - high memory usage Splunk Forwarder- Is there a way to reduce? Is there a way to reduce memory usage for splunk Forwarder? I have two directories with 57k files each (120Mb each) a... by nessaner Explorer in Getting Data In 09-25-2022 0 2	0	2
How to apply EVENT_BREAKER on UF for better data distribution instead of using outputs.conf forceTimebasedAutoLB=true? How to apply props.conf EVENT_BREAKER on UF for better data distribution instead of using outputs.conf forceTimebased... by hrawat Splunk Employee in Getting Data In 09-24-2022 0 1	0	1
Why is inputs.conf not indexing /var/log/messages? Hello, I have a odd issue which seems to have been resolved but I would like to know the root cause of this issue.I i... by alfredoh14 Explorer in Getting Data In 09-23-2022 0 1	0	1
Why am I unable to see Logs first week of every month? Hello All I got a requirement to Upload Logs to Splunk Out of 5 Hosts 3 are Linux and other 2 are windows The Logs ge... by blbr123 Path Finder in Getting Data In 09-23-2022 0 6	0	6
Is there a way to investigate why the data ingest has changed dramatically? The pan logs ingested decreased significantly and nothing should have changed from the syslog point of view. Is there... by So76 Explorer in Getting Data In 09-23-2022 0 2	0	2
Why doesn't the indexed time change? Hi, can anybody help, please? I'm using classical forwarder to index regular CSV file. The time/date of the CSV logFi... by spisiakmi Contributor in Getting Data In 09-22-2022 0 5	0	5
Why are Linux Forwarders not talking to Deployment Server? I have a lab setup in VMWare Workstation that has both Linux and Windows servers setup to talk to a Linux deployment ... by jordanperks Path Finder in Getting Data In 09-22-2022 1 6	1	6

Get Updates on the Splunk Community!

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Getting Data In

Regex help to mask data

How to onboard AIX wtmp logs to splunk?

Why is event time different from server time?

How can I keep Syslog from reading and storing data?

How to Parse and Tag custom application logs before forwarding to Splunk server?

Trouble extracting multivalue fields- How do I separate these fields into their own events?

How to merge 2 json objects?

How to extract xml value having multiple same child tag?

Why is our new cloned server reflecting an old hostname?

What search can list the Empty indexes which are not sending data to splunk enterprise?

How to use collectd on a remote host with Universal Forwarder?

Is it possible to have scheduled saved search using summary indexing and dynamic token depending on user query?

How to change date format multiple time

Possible to rewrite the sourcetype twice?

Why have Indexes stopped logging query/alert?

IIS logs ingestion- Why is it showing 'invalid directory'?

IIS Logs-Do i need to copy the Splunk_TA_microsoft-iis folder to the server with the iis logs?

if no events

Many small files - high memory usage Splunk Forwarder- Is there a way to reduce?

How to apply EVENT_BREAKER on UF for better data distribution instead of using outputs.conf forceTimebasedAutoLB=true?

Why is inputs.conf not indexing /var/log/messages?

Why am I unable to see Logs first week of every month?

Is there a way to investigate why the data ingest has changed dramatically?

Why doesn't the indexed time change?

Why are Linux Forwarders not talking to Deployment Server?

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation