Getting Data In

Discussions

Thread Info

UF using CLI

Greetings! Just wanted to know the steps for adding an input to an UF using the CLI. Thank you in advance.

by Engager in

WARN FileClassifierManager: The file is invalid. Reason: cannot_open

I have a watched file on a Universal Forwarder (Windows) and the file is send to the Heavy Forwarder (linux), but som...

by New Member in

Change _time before indexing

Hello all, I need to sum 1 day(86400 seconds) to my _time, if the event(_raw) includes the string "SB". This needs...

by Path Finder in

Collect events query cloudera/hadoop

What is the best practice for collecting events in which the user performs a query against the cloudera / hadoop ecos...

by New Member in

What is the role of HEADER_MODE in props.conf?

Hi, What is the role of HEADER_MODE in props.conf? I am seeing the documents, but I don't understant. https://doc...

by Path Finder in

File ingested generates another file with the same data which results in data duplication

Hi Splunk Experts I have this kind of problem which confuses me. The file being ingested generates another file which...

by Path Finder in

How to over ride the index for event from certain hosts?

Its been awhile since I setup an props/transforms override, but I never had so much trouble. I have 20 Foo-applianc...

by Communicator in

Pulling Oracle Fine-Grained Audit logs from Oracle Database via DBConnect

We are planning to ingest Oracle standard auditing and FGA logs (both stored in Oracle DB tables) via DBConnect into ...

by Communicator in

Convert BST to America/NY (Timezone)

I tried this but seems this is not working. I want to convert BST to America /NY time please. | eval BST=strftime...

by Engager in

csv input file column name contains percent sign

The .csv file that I am using as input has a column name that begins with a percent sign ("% Complete"). I just noti...

by Engager in

Not all monitored files being indexed

we have monitors on 2 Windows file paths: [monitor://C:\Data\Data\Disk\SplunkLoad\IsilonCaptures\i*.txt]index = st...

by Communicator in

Issue with default outputs when _TCP_ROUTING

Hello,I have many forwarders sending logs to a cluster of indexers, and for some logs I need to send it not cooked. ...

by Explorer in

sourcetype based upon host

Hi, I have a logfile that contains lots of hosts (coming in from syslog). I want to dynamically change the sourcet...

by Champion in

How to increase logs retention period?

Hi, we are asked to increase our retention period of splunk logs to 1 year. we need to put our data to be searc...

by Engager in

Collect cisco netflow

Hi, I am trying to collect NetFlow data from Cisco router via Splunk_TA_Stream. I config streamfwd.conf according to ...

by Engager in

How to avoid indexing of some fields or parts of events?

Hello, we want to filter some fields of receiving events before indexing for the license saving, for example, in a fi...

by Explorer in

Catchpoint Splunk addons

I used splunk catchpoint add-ons to fetch the data from catchpoint. But after i mapped into splunk i can see only 12 ...

by Path Finder in

How to forward data when forwarder cannot contact indexer through firewall?

Hi all, I have a situation where there are servers from which we wish to get logs into Splunk. However, we cann...

by Path Finder in

Splunk Index Best Practices

Hi- We are indexing JSON data into Splunk. We push the data once every 24 hours. The Rest API will not give "Delta:...

by Loves-to-Learn Lots in

Splunk is getting duplicate events from Azure billing API,

Splunk is getting duplicate events from Azure billing API, We are using inbuild azure connector to onboard the data....

by New Member in

Getting Data In

Discussions

UF using CLI

WARN FileClassifierManager: The file is invalid. Reason: cannot_open

Change _time before indexing

Collect events query cloudera/hadoop

What is the role of HEADER_MODE in props.conf?

File ingested generates another file with the same data which results in data duplication

How to over ride the index for event from certain hosts?

Pulling Oracle Fine-Grained Audit logs from Oracle Database via DBConnect

Convert BST to America/NY (Timezone)

csv input file column name contains percent sign

Not all monitored files being indexed

Issue with default outputs when _TCP_ROUTING

sourcetype based upon host

How to increase logs retention period?

Collect cisco netflow

How to avoid indexing of some fields or parts of events?

Catchpoint Splunk addons

How to forward data when forwarder cannot contact indexer through firewall?

Splunk Index Best Practices

Splunk is getting duplicate events from Azure billing API,

Splunk upgrade on Heavy Forwarder from v6.4.0 to v...

Data/configuration report

DBConnect scripted SQL retrieval

Failed to reap viewstate

Extract-Display the Details Tab from windows event...