Getting Data In

Discussions

Thread Info

Splunk integration with statuspage

Hi All, I have requirement to show some of the dashboard metrics like service availability in status page. Want...

by Path Finder in

How can I get/aggregate the current/latest values for all unique combination of metrics name + dims ?

In Prometheus, I can get "all time series at current time" in Console, how can we achieve the same in Splunk Metrics ...

by Explorer in

Is there a way to control on which indexers an index resides in an indexer clustering environment?

Hi I'm wondering if there is a way to control on which indexers an index resides E.g. there are 5 Indexers (+al...

by Communicator in

REST API Reference Manual is partially incomplete

If possible could all the necessary parameters be provided? I have discovered upon using the API myself that some of ...

by New Member in

Why am I getting error "Couldn't determine $SPLUNK_HOME" trying to install universal forwarder credentials on Sandbox?

I am trying to install the forwarder credentials on my sandbox and when I follow step 4 and put in my credentials ie:...

by Path Finder in

Log merging

Hello, I am trying to merge two lines logs, but no luck with it Splunk Enterprise 7.1.2 here is sample {"log":"Apr...

by New Member in

How to resolve error message after indexer went down: "too many tsidx files in bucket"?

One indexer just went down. As it came up we see the following message for a couple of the indexers - throttled: i...

by Ultra Champion in

NEED HELP: splunk not able to received audit logs and/ or causing to stop logs flow from AD and Blaming enabled GPO audit policy in AD gpmc as a caused?

NEED HELP: Is it true?, that the security blaming me of accidentally enabling the audit policy on user login in the A...

by New Member in

ERROR JsonLineBreaker

Hi all, I don’t know exactly how long this has been going on but I noticed today that the following error is being...

by Engager in

Setting SSL password in inputs.conf but does not get encrypted after restart

Hi fellow splunkers, I recently noticed a configuration error. I wrongly distributed the "[SSL] password= "via cl...

by SplunkTrust in

How to find duplicate logs that contain uuids?

Hi, I want to know if there are more than one logs with the same message and the same uuid. Eg: This an er...

by New Member in

How to fix my universal forwarder configurations so that Splunk only forwards the data I want to monitor to a third-party system?

I am trying to forward to a third-party system from a Universal forwarder. I have tried two approaches. In both cases...

by Path Finder in

Trying to make Splunk Rest API search request and got 400 bad request

I'm trying to send the following Request body (Using Splunk Rest API, C#): search = |inputlookup mylookup | eval week...

by New Member in

How to extract custom dimensions from plugin_instance when we are using collectd?

According to Getting logs and metrics into metricstore presentation slide 23 - GDI: collectd write_http plugin: ...

by Explorer in

Why is perfmon data not getting forwarded to indexer when all the other source/sourcetype data gets forwarded with indexed?

What was done as part of troubleshooting? Checked the indexer and found no IO issues. Restart splunk on myPRODS...

by Splunk Employee in

Getting Data In

Discussions

Splunk integration with statuspage

How can I get/aggregate the current/latest values for all unique combination of metrics name + dims ?

Is there a way to control on which indexers an index resides in an indexer clustering environment?

REST API Reference Manual is partially incomplete

Why am I getting error "Couldn't determine $SPLUNK_HOME" trying to install universal forwarder credentials on Sandbox?

Log merging

How to resolve error message after indexer went down: "too many tsidx files in bucket"?

NEED HELP: splunk not able to received audit logs and/ or causing to stop logs flow from AD and Blaming enabled GPO audit policy in AD gpmc as a caused?

ERROR JsonLineBreaker

Setting SSL password in inputs.conf but does not get encrypted after restart

How to find duplicate logs that contain uuids?

How to fix my universal forwarder configurations so that Splunk only forwards the data I want to monitor to a third-party system?

Trying to make Splunk Rest API search request and got 400 bad request

How to extract custom dimensions from plugin_instance when we are using collectd?

Why is perfmon data not getting forwarded to indexer when all the other source/sourcetype data gets forwarded with indexed?

How to configure inputs without duplicate data with an add on installed on HF/indexer, and SH?

Inline field extracted vs Transformation?

Getting IP address of Splunk server instead of particular PC in logs.

Why is field ingestion not working when ingesting custom CSV data?

Which port can I use to send Syslog traffict to splunk for a Cisco Nexus device?

Cisco CNAE problems with script data input

Best Practice for Adding a Transforms on Indexers

Change host props and transforms not working

(Caused by ProxyError('Cannot connect to proxy.', ...

Getting metrics timestamp in future