Getting Data In

Community Activity

IIS FTP LOG TIMEZONE PROBLEM Using IIS FTP Server, Server 2008 RC2. FTP log format is W3C (UTC Timestamps). Splunk pulls the logs (entries) in j... by jscnet Engager in Getting Data In 04-28-2022 0 5	0	5
What is causing Constant time diff of 12 hrs (_indextime - _time)? Hi, There is constant time diff (_indextime - _time) from few windows server as below, not sure what causing this a... by pavanbmishra Path Finder in Getting Data In 04-28-2022 0 3	0	3
How to search for new files put in to folders Hi guys searched through all topics and couldn`t find anything relevant to my issue. So hope some one would help me w... by roberto_baggio Explorer in Getting Data In 04-27-2022 0 2	0	2
Help Breaking JSON into multiple events using props.conf Hey everyone.Need some help breaking a json event that is ingested in the current nested json format:[ { "title":... by _splunkker Explorer in Getting Data In 04-27-2022 0 3	0	3
Ingesting data from Salesforce with HEC Hi Team,Is it possible to onboard the salesforce data using the HEC methodology?Thanks,Dibeena by dpearl Explorer in Getting Data In 04-27-2022 0 1	0	1
Where can I adjust the settings for universal forwarder data input speed? Get data from Universal Forwarder, but 100MB data takes an hour Do you have any settings to speed up? by noott211 Path Finder in Getting Data In 04-27-2022 0 3	0	3
How to configuring Splunk to not truncate scripted input running on the universal forwarder? I've got a scripted input running on a universal forwarder that generates json output to the tune of 18,000+ lines. ... by bsg273 Path Finder in Getting Data In 04-27-2022 0 1	0	1
Why is splunk udp 514 syslog going straight to indexer and bypassing a second set of heavy forwarders? hi all I am running on a windows heavy forwarder on Splunk Enterprise 8.1.7.2 and I listen to ports tcp 9514 and udp ... by leonaheidern2 Loves-to-Learn Everything in Getting Data In 04-27-2022 0 11	0	11
Splunk Could Not Get Description for Event I've seen this on some older posts, but I am currently battling this issue. For some hosts, restarting it makes the l... by andrew_burnett Path Finder in Getting Data In 04-27-2022 1 0	1	0
Can the Universal Forwarder process core-dumps? Sometimes our application dumps core (duh!), and we'd like the output of gdb -ex "bt full" -ex quit corefile to be fo... by unitedmarsupial Path Finder in Getting Data In 04-27-2022 0 10	0	10
Wrong JSON value extracted by query I am running following query where in the last I would like to fetch value of "Client" key from json and count all s... by user9025 Path Finder in Getting Data In 04-26-2022 0 12	0	12
Creating a sourcetype keeps failing I have a sourcetype that I have been trying to break my logs apart, but I keep getting: Failed to parse timestamp: ... by NanSplk01 Communicator in Getting Data In 04-26-2022 0 2	0	2
How to route to an Index based on SourceType AND Host combination in inputs.conf? I have a setup as Universal Forwarder (UF) - Heavy Forwarder (HF) - Indexer - Search Head (SH). Where multiple UF ar... by shan_santosh Explorer in Getting Data In 04-26-2022 0 5	0	5
How to restrict UF to not to collect logs older than X Days Hi SMEs, I need to configure UF to restrict not to collect logs older than X Days. Is it feasible than how?Also what ... by pavanbmishra Path Finder in Getting Data In 04-26-2022 0 1	0	1
Why is Input not working? Hey Guys.I have a input that is refusing to work.The input that doesnt work is this fortigate one: This one on the sa... by michaelnorup Communicator in Getting Data In 04-26-2022 0 6	0	6
How to set at the same time in transforms.conf a new index and set a new metadata based on the host name? Hi, I need to set at the same time in transforms.conf a new index and set a new metadata based on the host name. New... by FrankFZ Engager in Getting Data In 04-26-2022 0 3	0	3
Handling intermediary forwarders that are deployed as code Hi all, new to splunk, we are regularly burning down our heavy forwarders and as such the IPs change regularly. I nee... by OzUK Explorer in Getting Data In 04-26-2022 0 4	0	4
How to create a dashboard studio chain search with dropdown token? Background I would like to create a dashboard with dropdowns that allow underlying queries to create chart to filter ... by anewuser Loves-to-Learn in Getting Data In 04-25-2022 0 2	0	2
Indexing same file: crcSalt = not working as expected Hello everybody,I need to ingest into Splunk a CSV file containing an inventory of mobile devices. The HF that monito... by lpino Path Finder in Getting Data In 04-25-2022 0 2	0	2
Why is windows log going to the wrong sourcetype? Logs are going to source= WinEventLog:Application and sourcetype="WinEventLog" instead of source="WinEventLog:Securit... by So76 Explorer in Getting Data In 04-25-2022 0 8	0	8
How do I add a new role via REST API? Hi, How could I add a new role via REST API ? When I try to send the following HTTP POST via Postman: URL: https:... by davidtrujillo Explorer in Getting Data In 04-24-2022 0 3	0	3
Why are JSON Wrapped Windows Logs not being read as JSON by "Add Data"? Hey, I'm very experienced using Splunk as an analyst, but not at all experienced on the admin side of things, but am ... by keenerms Engager in Getting Data In 04-24-2022 0 3	0	3
How to get JSON response from Splunk web query? I need to get the JSON response for a Splunk API call for a data model. Is there a way to retrieve this information v... by matstap Communicator in Getting Data In 04-22-2022 0 2	0	2
Missing "Message" field We are moving away from using Windows Event Collection to installing the Universal Forwarder on as many Windows machi... by wnyricsplunk Explorer in Getting Data In 04-22-2022 0 0	0	0
How to write in props.conf so that the _time field takes time from the unixTime field? Hello colleagues, I would like to know I have events where there is a unixTime field. But the _time field does not sh... by gitingua Communicator in Getting Data In 04-22-2022 0 3	0	3