Getting Data In

Community Activity

How to compare events "without" common fields? Hello All,I'm trying since 3 days now to find a solution for my problem but without success.I look around for solutio... by mkouzou Explorer in Getting Data In 09-13-2022 0 12	0	12
Log Pipeline Management - how to convert comma decimal to dot? Hi, May i know how to convert raw data (cookedvalue) from comma to dot using regex? Raw Data in Log Observer "instan... by fongpen Path Finder in Getting Data In 09-13-2022 0 2	0	2
Why did splunk fail to install uf on windows2012 r2? my os is windows2012 R2, I try to install splunk uf 9.0.0.1.first, I uninstall old splunk UF 7.0.2 from "uninstall pr... by ssu New Member in Getting Data In 09-13-2022 0 0	0	0
Data is not being registered by Universal Forwarder- Which part should I check? Data cannot be registered by Universal Forwarder. There are a total of 12 Universal Forwarders. Only one of these uni... by hhhwang Explorer in Getting Data In 09-12-2022 0 3	0	3
Why is WILDCARD in lookup not working? I am using splunk cloud.I would like to use the lookup file to find out if there is an IP corresponding to the blackl... by Toki Explorer in Getting Data In 09-12-2022 0 2	0	2
Script for finding frozen data by date range and restore them This is a script for finding frozen bucket files in time range you gave It shows folders + size + start time and endt... by Mehran_Safari Explorer in Getting Data In 09-12-2022 0 0	0	0
Solution for: How to find and delete OLD Frozen data by older than X days this bash script will search frozen path you give + oldest needed time then will show older logs and asks you to remo... by Mehran_Safari Explorer in Getting Data In 09-12-2022 1 0	1	0
Opinion on frozen data deletion script that deletes older than 12 months data Hello guys, I've created a shell script, scheduled with cron-like software, which deletes 12+ months data except for ... by splunkreal Influencer in Getting Data In 09-12-2022 2 9	2	9
Can we delete frozen data in Splunk? Recently we encountered a problem. /opt file system on the indexer server has reached 100% due to which users were un... by pratapa Explorer in Getting Data In 09-12-2022 0 4	0	4
Is there any guidance on finding the proper frozen bucket I would need for a specific time frame? Is there any guidance on finding the proper frozen bucket I would need for a specific time frame? by seankoniarz Explorer in Getting Data In 09-12-2022 0 3	0	3
Cluster indexes.conf -> inputs.conf -> App -> serverClass confusion I am creating an index - configured the inputs.conf file. I have two prod servers with app logs that have the same Li... by jcorcoran508 Path Finder in Getting Data In 09-11-2022 0 1	0	1
Is it possible to get the data via HEC from a source to two different Splunk instances? Hi Everyone, I need to know if is it possible to get the data via HEC from a source to two different Splunk instances... by Splunk4 Explorer in Getting Data In 09-11-2022 0 0	0	0
Is there a way to track when an index stopped bring in data? Is there a way to track when an index stopped bring in data? I just noticed that one of our indexes is no longer brin... by kruane Explorer in Getting Data In 09-10-2022 0 1	0	1
How can I immediately verify my changes have put these host's new events in the correct TZ? I have a number of hosts sending logs "in the future". I've configured my indexer's props.conf to adjust the TZ for t... by woodams Explorer in Getting Data In 09-09-2022 0 1	0	1
How can I disable a few logs from source? Hi I want to disable a few logs from source. How can I do that. We have a server which forwards OS logs along with... by mrsingh Explorer in Getting Data In 09-09-2022 0 10	0	10
Deployment Server and Universal Forwarder- Which file is being monitored? I saw a question on the internet while searching for answers for a separate question and a few comments below regardi... by phularah Communicator in Getting Data In 09-09-2022 0 2	0	2
How important is specified JSON format? Hello, documentation shows JSON format as a: metadata fields, events field with additional data in it. Format events ... by ArnasK Observer in Getting Data In 09-08-2022 0 0	0	0
Wildcards in source name in inputs.conf We are monitoring log files that rotate multiple times daily. We have wildcards specified in the monitor command, bu... by jpashak Explorer in Getting Data In 09-08-2022 0 2	0	2
How to forward specific event data from HF to indexer? Hello ALL,My deployment is UF ---->HF(local copy)----->indexerI would like to send logs from HF to indexer except som... by medtemo Loves-to-Learn Lots in Getting Data In 09-08-2022 0 1	0	1
Sending Opentelemetry collector logs to Splunk Hello team, I want to forward Opentelemetry collector logs to Splunk. I'm not referring to sending application logs t... by stephen Observer in Getting Data In 09-07-2022 0 1	0	1
How to display single value status indicator with external icons? Hi Community! I am looking for a way to represent a status indicator with red, amber, green status indicator in Dashb... by quietferret Loves-to-Learn in Getting Data In 09-07-2022 0 0	0	0
Windows Scripted Input specify index I am probably overengineering this but this is the only way I could get a script to execute on UF, via a deployed app... by Viorel Explorer in Getting Data In 09-07-2022 0 5	0	5
How to achieve auto field extraction of nested JSON with non-JSON in front? Hello! We have some logs coming across which are in JSON and thus 'just work'. The problem is, inside the log field ... by johnansett Communicator in Getting Data In 09-06-2022 0 2	0	2
How to index certain logs only during a certain time range (6am - 6pm)? Hello, I have 4 log files on one Host that I want to index/ingest. Log #1, #2, #3 will be ingested 24 hours a da... by agoktas Communicator in Getting Data In 09-06-2022 0 22	0	22
NMON ADDON: permissions Hi there.As in subject, how to make NMON aggregated data available NOT ONLY TO ADMIN users?I can query alla data from... by verbal_666 Builder in Getting Data In 09-06-2022 0 7	0	7