Getting Data In

Community Activity

	Db connect time problem- how to make event time and spunk time equal Hello, everyone! I configured source from my database via splunk db connect app. Events contain field "time" and I wa... by bosseres Contributor in Getting Data In 05-12-2022 0 0	0	0
	How to index .ini file? I have a Windows .ini file that I am wanting to index on every update of the file. Right now when the file is updated... by fredclown Builder in Getting Data In 05-11-2022 0 3	0	3
	Why events are not breaking/extracted properly? Hello, I completed a few UF based data ingestions and SPLUNK is getting events from those ingestions but have some is... by SplunkDash Motivator in Getting Data In 05-11-2022 0 7	0	7
	Why is LINE_BREAKER not working? I'm having some issues getting my LINE_BREAKER configuration to work for a custom log file. I've tested the RegEx and... by fitzgej_entrust Engager in Getting Data In 05-11-2022 0 2	0	2
	How to route and filter data from HEC? Hi Community, I have the need to filter data based on a specific field value and route to a different group of indexe... by martaBenedetti Path Finder in Getting Data In 05-11-2022 0 4	0	4
	How to do time extraction for HTTP Event Collector JSON logs? I have an HTTP Event Collector input collecting JSON data via syslog forwarder. The syslog-ng message looks like: b... by scottsavareseat Path Finder in Getting Data In 05-11-2022 0 1	0	1
	How to get Windows data into Splunk Cloud? Good Morning, I'm trialing Splunk Cloud in anticipation of a purchase. I have installed Splunk Enterprise as the depl... by theitgui Path Finder in Getting Data In 05-11-2022 0 22	0	22
	Help with configuration: How to use Regex to Normalize data? Dear All, I have a requirement to parse the data correctly. I am getting merged events and wants separate events for ... by ramprakash Explorer in Getting Data In 05-11-2022 0 15	0	15
	How to write a query that will fetch logs that will identify files that were deleted? Hi All, Some files has been deleted by someone from one of the server, I need to investigate on that. We only know t... by Vipin_Pavithran Explorer in Getting Data In 05-11-2022 0 1	0	1
	Syslog TCP port 514 or 6514- Having trouble connecting Endpoint Cloud to Splunk HF Hi everyone, Thanks for taking time in reading this and providing your knowledge , since i've been struggling a bit ... by Verxc5Beu Engager in Getting Data In 05-11-2022 0 2	0	2
	How to manipulate JSON before index? (Single/standalone instance of splunk) I have been in a fight with these events for over a week now. I was hoping eve... by oliverja Path Finder in Getting Data In 05-11-2022 0 3	0	3
	How to write these Props & transforms configuration? We have to filter the data which has Result=pass, status=200 and send the other logs to Splunk. we have received the ... by mounikad Explorer in Getting Data In 05-11-2022 0 6	0	6
	Splunk DB Connect 3.6.0 and MySQL- having trouble with inputs Hi! Im running Splunk DB Connect 3.6.0 on my HF (ver 8.0.9) and having some issues with one of my inputs. Im trying t... by martinborjesson Explorer in Getting Data In 05-11-2022 0 0	0	0
	Why is Powershell input not receiving data? I had a windows admin create a powershell script for me (requires code-signing, plus app whitelisting complexity), an... by mikelanghorst Motivator in Getting Data In 05-10-2022 0 2	0	2
	Why are my credentials not working when I run Splunk forwarder commands? Whenever I run Splunk forwarder commands line splunk list monitor or splunk list forward-server I get prompted to ent... by mawomommoh Path Finder in Getting Data In 05-10-2022 0 8	0	8
	Why is Indexer ignoring TZ setting? I'm using an HTTP Event Collector to ingest Palo Alto logs from my syslog forwarders. Its using the raw endpoint: 'ht... by scottsavareseat Path Finder in Getting Data In 05-10-2022 0 1	0	1
	Why are there Delay/Missing logs from UF source? Hello all, I have a clustered indexer and SH environment. I'm now noticing that there's a long delay in some of my da... by BuzzLights10 Explorer in Getting Data In 05-10-2022 0 6	0	6
	Regex working on search but not props/transforms I am trying to extract a single section from within some JSON. (The original event is wrapped in even more json). I h... by oliverja Path Finder in Getting Data In 05-09-2022 0 17	0	17
	How can I break a multiline log by discarding the header and taking the rest? Hello, I have a multiline log file, but each file comes with a header that I want to discard and only use the part of... by zcx01067 Explorer in Getting Data In 05-09-2022 0 5	0	5
	How to index diag? I generated a Diag and now i need to creat an index for it. how do i create it ? by kenslionel Loves-to-Learn in Getting Data In 05-09-2022 0 1	0	1
	Does Splunk not get the date from each event in the gzip? I'm working with some syslog data that is being pulled in from a gzip file. The data looks like this Apr 28 23:5... by jwhughes58 Contributor in Getting Data In 05-09-2022 0 6	0	6
	How to configure input.conf file to monitor multiple files from the same folder for multiple sourcetype. folder1 we have multiple file f1,f2,f3,f4 need to configure all files for different sourcetypebelow is the query whic... by srujana96 Explorer in Getting Data In 05-09-2022 0 1	0	1
	Index Time Extractions Regex meeting character limit? (props.conf) I have been fighting with a regex in my props.conf (Regex-working-on-search-but-not-props-transforms ) and after a lo... by oliverja Path Finder in Getting Data In 05-09-2022 0 1	0	1
	How to set INGEST There is no time field in my log and I tried to get time from the source file nameI tried the settings belowmyfile /... by noott211 Path Finder in Getting Data In 05-09-2022 0 6	0	6
	Sophos Central Logs stopped coming to Splunk (logs ingested through sophos API) Hi All,We got our Splunk deployment done from a 3rd party, which has completed the deployment and left already. Sudde... by hamidi Loves-to-Learn in Getting Data In 05-08-2022 0 0	0	0