Getting Data In

Community Activity

Need to Add blacklist except "string" is possible ? Need to Add blacklist except "string" is possible ? by Kathir Loves-to-Learn Everything in Getting Data In 04-19-2021 0 3	0	3
Why I am seeing data duplication in my summary index? I am having a VERY strange problem with my summary indexing. I have the following search running every hour at 20 mi... by paimonsoror Builder in Getting Data In 04-18-2021 4 16	4	16
Archive Splunk buckets to AWS S3? How can I send splunk cold buckets to S3? We have our on-premises splunk and send Splunk data to S3 for longer storag... by sarnagar Contributor in Getting Data In 04-16-2021 2 21	2	21
Whitelist Query Hello,I am ingesting file auditing logs to monitor changes to certain files. I am monitoring events 4663 and 4656 whi... by ryanadamski Engager in Getting Data In 04-16-2021 0 1	0	1
Using Splunk Universal Forwarder and scripted input to scrape JSON and write to a metrics index I've got a HTTP API that produces a JSON payload of metrics. The payload is formatted in a way that also works for PO... by thehowler New Member in Getting Data In 04-16-2021 0 0	0	0
Filter data by props.conf and transform.conf Hi,I need to filter out some events from a syslog source. All the events that I need to exclude are like this:Apr 16 ... by marco_massari11 Communicator in Getting Data In 04-16-2021 0 7	0	7
why Splunk is not able to index all the data from a txt file? Hi All,Hope you all are doing good.I am trying to read two simple txt files containing just the numeric value . These... by niks987 Explorer in Getting Data In 04-16-2021 0 0	0	0
Splunk serving wrong certificate on tcp-ssl input I am facing a weird issue at the moment where I want to set up multiple tcp-ssl inputs and have each input using a di... by konstr Path Finder in Getting Data In 04-16-2021 1 6	1	6
Host value not being used as set during ingestion Hi All,I have set up a continuous monitor of the /var/log directory and set the host to "vps"Now when I am searching ... by termcap Path Finder in Getting Data In 04-15-2021 0 1	0	1
Restrict search time window for metric index I set the "Restrict search time range" in the role configuration to 3 days, now for the event index, Splunk only retu... by wangjianiu Explorer in Getting Data In 04-15-2021 0 1	0	1
Collect Perfmon counters data for ASP.NET & Paging File Hi,I have managed to get Process, Memory, LogicalDisk and a few other perfmon counters working. However I can't get t... by aknsun Path Finder in Getting Data In 04-15-2021 0 0	0	0
Splunk eStreamer for FMC version 4.011 setup page button doesn't exist Dears, Greetings. When I navigate to Apps > Manage Apps > Cisco eStreamer eNcore for Splunk, I can't find the "Set Up... by ahmedfoda New Member in Getting Data In 04-15-2021 0 0	0	0
Zeros are added to address and numbers are twisted I have the address of a data point that is being sent to Splunk. When I search for the data point in Splunk, I get th... by sky_143 New Member in Getting Data In 04-15-2021 0 1	0	1
Props for Splitting JSON data as a separate event Here is the JSON data and looking for Props settings for splitting the event based on "Level:4" as the correlation ID... by Kothandapanin Loves-to-Learn Lots in Getting Data In 04-15-2021 0 7	0	7
Invalid key in stanza - kv_mode (value: xml) There are no data being index from our setup below. Does "Invalid key in stanza ..... line 36: kv_mode (value: xml)" ... by mariannedave Explorer in Getting Data In 04-14-2021 0 0	0	0
TCP/SSL destination: Forwarder to third party application I am interested in configuring Heavy forwarder to send to additional destination third party like Syslog-NG using TCP... by hkasho New Member in Getting Data In 04-14-2021 0 0	0	0
Solved: Same log different indexers and index hi there,I have some machines that collect Security logs from Windows. The universal forwarder on machines have this ... by biagiodipalma Explorer in Getting Data In 04-14-2021 0 3	0	3
How to get the unicode/chinese character into kvstore lookup? Hey, splunkers!According to my use case, I need the unicode/chinese character in the kvstore lookup. but seems like i... by milanparmar541 Explorer in Getting Data In 04-13-2021 0 0	0	0
Update sysmon config Newbie question - rolled out sysmon along with UF but need to edit the sysmon config file to exclude Splunk processes... by splunkfrs Loves-to-Learn in Getting Data In 04-13-2021 0 0	0	0
Data flow/input question - see data being received but does not appear indexed So I see data coming in:04-13-2021 17:32:25.470 -0400 INFO StatusMgr - destPort=9997, eventType=connect_done, group=t... by mattshwink1 Loves-to-Learn in Getting Data In 04-13-2021 0 0	0	0
Duplicate Siebel log events from Universal Forwarders Hi we are getting duplicates on log eventsEvents are :- multiline- large (to very large)- also the files can grow to ... by wmuselle Path Finder in Getting Data In 04-13-2021 0 0	0	0
Error while adding more than 1 Cisco device Dear Experts, I am trying to add the data to monitor Cisco logs through Splunk, i am just able to add 1 device only, ... by jfk87 New Member in Getting Data In 04-13-2021 0 6	0	6
Okta Rate Limit "skinny_users" warnings Hello everyone,Could you please help me out with the following query?We have a TA-Okta_Identity_Cloud_for_Splunk inst... by justynap_ldz Path Finder in Getting Data In 04-13-2021 0 0	0	0
Timezone configuration with daylight savings time Hello,since daylight savings time is active we have a time offset for our events.For example, we use das splunk strea... by StefanW Path Finder in Getting Data In 04-12-2021 0 0	0	0
WMI does not collect data from servers that do not use Local System Account I'm using WMI to monitor when services are down, but noticed that the servers that don't use the Local System account... by ajromero Path Finder in Getting Data In 04-12-2021 0 0	0	0