Getting Data In

Discussions

Thread Info

How do you use a CLONE_SOURCETYPE to parse a sourcetype?

Hi all, I am trying to set up WindowsEventLog to send all events with EventCode=4648 to one index, wineventlog_464...

by Explorer in

how to monitor windows path

Below is the path I am trying to monitor C:\Program Files (x86)\Okta\Okta RADIUS Agent\current\logs\okta_radius and I...

by Builder in

How do you get a universal forwarder to send missing data?

We had a weird incident happen and we stopped receiving log files for a very specific time window. Is there a way ...

by Explorer in

ERROR JsonLineBreaker had parsing error:Unexpected character while parsing backslash escape: '|'

Hi, I am getting below JSOnParser exception in one of my data source [json sourcetype]. Don't think there is any ...

by New Member in

How do you pull out the latest entry "only" for the last numbers entered?

I have one file that is pulled in by a universal forwarder setup. This file is constantly changing on the system ...

by New Member in

Cannot view users with "can_delete" role

If I (as a user with admin role) assign the "can_delete" role to another admin role user, I can no longer see that us...

by Path Finder in

KiwiSyslog with Splunk

I have a syslog server and all the syslogs are currently going to KiwiSyslog. I have the Splunk Enterprise addition a...

by Explorer in

SEDCMD to strip HTTP headers from raw TCP input (JSON submitted from HTTP POST)

Trying to strip the header info out of the event below, leaving only the JSON. I've tried "|extract reload=true" but ...

by Communicator in

some curl help

Hello Splunkers, Can you please help me run this curl command in Unix when im getting error not seeing any data i...

by Explorer in

How come our regular expression is working in search but not configs?

I have a local administrator cataloging script running on local machines (just mine while testing). The message outpu...

by Explorer in

Workflow Action: How to add a header?

I need to add a header to the link I'm using. The header is used for authentication. How can I make that happen?

by New Member in

Run base search based on days ?

Am having a base search which is in-turn a saved report and does collect data from multiple sources , eval etc. But i...

by Engager in

How do I add a dynamic field to an inputs.conf file?

I have logs which are monitored by a Splunk forwarder, but what I want to do is add dynamic fields to an event, which...

by Explorer in

Missing File Headers in Python Script

Hi, I have been encountering this issue whenever I run my python script called snow.py. Any ideas for this issue? Tha...

by Loves-to-Learn Lots in

How do you send a Splunk report to a network drive?

Hello, I have a user wanting to send a Splunk report (.csv) to a network drive. I read your post on "Trigger a PDF...

by New Member in

How do you parse two string times and compare and get difference?

Hello friends, Say I have two index events that return string messages such as: SCHEDULE - SUCCESS - Time: 05:1...

by New Member in

An indexer cluster master doesn't need apps, correct?

I'm new to cluster indexing, and am getting ready to start testing installing apps. Just want to confirm: App...

by Path Finder in

What is the best way to get data from Sitecore Azure to a Splunk environment?

Hi, I would like to know what is the best way to get data from Sitecore Azure to a Splunk environment. I am new ...

by Builder in

How do you display multiple timezones corrected for daylight savings from a correct epoch time?

by Motivator in

Why is my subquery returning duplicate values?

Hello, I am trying to run a query, which will give me the results not returning by the inner query. Basically any ...

by New Member in

Getting Data In

Discussions

How do you use a CLONE_SOURCETYPE to parse a sourcetype?

how to monitor windows path

How do you get a universal forwarder to send missing data?

ERROR JsonLineBreaker had parsing error:Unexpected character while parsing backslash escape: '|'

How do you pull out the latest entry "only" for the last numbers entered?

Cannot view users with "can_delete" role

KiwiSyslog with Splunk

SEDCMD to strip HTTP headers from raw TCP input (JSON submitted from HTTP POST)

some curl help

How come our regular expression is working in search but not configs?

Workflow Action: How to add a header?

Run base search based on days ?

How do I add a dynamic field to an inputs.conf file?

Missing File Headers in Python Script

How do you send a Splunk report to a network drive?

How do you parse two string times and compare and get difference?

An indexer cluster master doesn't need apps, correct?

What is the best way to get data from Sitecore Azure to a Splunk environment?

How do you display multiple timezones corrected for daylight savings from a correct epoch time?

Why is my subquery returning duplicate values?

Load Balancing UF to 3rd third party receivers

Dublicated json fields on searchHead

Best way to use kinesis, lambda to ingest data in ...

Splunk as CSP Policy report collector

storing data from dbxquery fails with "unable to p...