Getting Data In

Community Activity

How to truncate a field or limit a field value I have a field called org_name in the data as below Org_name="davidcareerhome"Org_name ="Ethanfurniture"I want to li... by ethanthomas Path Finder in Getting Data In 07-08-2021 1 1	1	1
Timestamp extraction failed if no INDEXED_EXTRACTION=json on props.conf Hello,On a monoinstance Splunk, I'd like to ingest some simple JSON data : { GDH: 2021-07-08 16:54:00.617222 ... by emallinger Communicator in Getting Data In 07-08-2021 0 2	0	2
Adding custom logs from Event Viewer stanza Anybody has experience with adding custom logs from Event Viewer to inputs.conf?Is it enogh to put stanza:[WinEventLo... by marcoatto New Member in Getting Data In 07-08-2021 0 2	0	2
Filtering Windows Events using XML in inputs.conf Somobody has experience with filtering (supressing) Windows event using XML in Splunk inputs.conf?So I have XML to fi... by marcoatto New Member in Getting Data In 07-07-2021 0 1	0	1
Cisco Secure eStreamer Client Autolookup estreamer_fw_action commented out After updating our TA we realized the action field autolookup wasn't working anymore. Digging through the TA I see in... by elee_splunk Loves-to-Learn Everything in Getting Data In 07-07-2021 0 2	0	2
Splunk App for infrastructure entities by role Hey! I am trying to install Splunk App for infrastructure on our distributed Splunk platform and I was wondering we w... by tommerraz New Member in Getting Data In 07-07-2021 0 1	0	1
Adding new threat list feed into splunk Hello all, I am having issues with adding AlienVault OTX as a intelligence feed into splunk. At first, when i didn'... by astatrial Contributor in Getting Data In 07-07-2021 1 5	1	5
How to view pdf as splunk dashboard I generated reports for a certain dataset from splunk and saved it as a pdf, now in future I wish to import that same... by rai4shambhavi Explorer in Getting Data In 07-07-2021 0 1	0	1
Unable to forward syslog from NetScaler Service VMs (SVMs) We have asked our customers to forward syslog from Netscaler Service VMS (SVMs) to our Splunk syslog servers. We have... by splunkrocks2014 Communicator in Getting Data In 07-06-2021 0 1	0	1
Microsoft Teams Ingestion Hello people, I am trying to install the Microsoft Teams TA, but i have some problems with the Webhook url , where ca... by tinrush1991 Loves-to-Learn Lots in Getting Data In 07-06-2021 0 1	0	1
Combining different sourcetypes with no common field ( except _time) Hi, I have one sourcetypeA which has following fieldsCluster1UsageAA10B15and so onthen I have one sourcetypeB which h... by ISP8055 Path Finder in Getting Data In 07-06-2021 0 1	0	1
Substract two dates Hi all,I am really struggling with subtracting two dates from each other. It sounds that easy but drives me literall... by boo_com Explorer in Getting Data In 07-06-2021 0 5	0	5
Is it possible to create another sourcetype under the same index from another sourcetype Hello Guys, newbie here. I've got data that's being sent to a generic sourcetype and I want to carve out another sou... by oylkm Explorer in Getting Data In 07-06-2021 0 8	0	8
Powershell scripted input I have a Powershell script that runs continuously and prints some data to the console. I'd like to configure Splunk t... by Leo Splunk Employee in Getting Data In 07-05-2021 9 9	9	9
json SED problem Hi ,I am having json logs which I on-boarded to Splunk {"body":{"records": {"time": "2020-12-20T13:28:50.2164144Z","M... by General_Talos Path Finder in Getting Data In 07-05-2021 0 2	0	2
The curious case of missing events At the beginning of February this year we started ingesting events from Autosys prod and non-prd servers. All was go... by timrich66 Communicator in Getting Data In 07-05-2021 0 1	0	1
Getting Read Error. An existing connection was forcibly closed by the remote host Splunk Windows UF 8.2.0 Below is the error I am receiving on my splunkd.log on the Windows Splunk UF. The deployment server functionality is ... by dyizah Engager in Getting Data In 07-04-2021 0 0	0	0
Created column will use as DBconnect Rising Column setup is advisable? I am using DBconnect to pull data in database then the setup would be RISING. Using SQL to select data from database... by vin_ven27 Explorer in Getting Data In 07-04-2021 0 2	0	2
inputs.conf gets overwritten on HF/DS hi all,I have a file that i want to monitor on the Heavy Forwarder HF which is the Deployment Server DS at the same t... by ojay Path Finder in Getting Data In 07-03-2021 0 2	0	2
Older data Hi ,Query:index=main sourcetype="activedirectory"I performed a search which showed only last 14 days of data. Is ther... by rahul2gupta Path Finder in Getting Data In 07-03-2021 0 3	0	3
Admon duplicating logs Hey everyone, I'm having some small issues with my new Splunk setup in regards to AD logging. I have a few domain con... by TheCityRich New Member in Getting Data In 07-02-2021 0 1	0	1
How to collect Windows event code 403 from all my windows servers in Splunk Enterprise? Thank u How to collect Windows event code 403 from all my windows servers in Splunk Enterprise via web interface? Thank u by SamHTexas Builder in Getting Data In 07-02-2021 0 0	0	0
How to prevent new data ingestion not pushed from Deployment server? Hello,In order to protect our server performance and data quality. I found some customers trying to on board their d... by goldone Engager in Getting Data In 07-02-2021 0 4	0	4
web ssl for 2 splunk domains Hi allI am trying to generate web certificate for the below mentioned splunk domains. I would have done it for the si... by btshivanand Path Finder in Getting Data In 07-02-2021 0 1	0	1
Blacklisting windows event logs based on EventCode and Application name I am trying to filter the windows event based on the Application Name and EventCode.Application_name I am trying to b... by dkolekar Engager in Getting Data In 07-02-2021 0 3	0	3