Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to get comma separated list of values?

Hi, Here's my query: index=uplynk slice_played isLive=1 channelID=8f88881faa334ab59484e999c6c5c318 | stats dc(...

by Path Finder in

How to remove duplicate values based on condition

Hi, I am getting duplicate values I want to remove duplicate values where the condition will match. Example ...

by Communicator in

Hostname and IP address,Hostname and IP to be sent to Splunk

Hello, We are sending data to a 3rd party raw, they want the IP of the sending host not the hostname, does splunk...

by Path Finder in

Is there an app for Splunk that onboard data from mailboxes?

Hi, I know there is an Exchange app for Splunk, and it covers a few different use cases, such as performance, usag...

by Loves-to-Learn Lots in

Can you reload new inputs.conf stanzas on a UF without restarting the Daemon?

I noticed you can reload the inputs stanzas on a forwarder via this API endpoint: /services/data/inputs/monitor/_r...

by Builder in

How to use env variables usage in inputs.conf?

Hello, I would like to use the Unix/Windows env variables in my inputs.conf, e.g. like below: ... ### App serve...

by Contributor in

how to create a table to show port status of Cisco switch?

Cisco has been configured and sent syslog to Splunk as follows: I would like a table to show port status of C...

by Engager in

timeparsing issue for sourcetype

I have data like below:- Log file created at: 2019/03/24 17:56:14 Running on machine: F8976GMac Log line format: [...

by Explorer in

What Windows Event Codes track WMI activity

We are wondering if there is any Windows Event that captures execution of WMI from a remote host. Since you can remot...

by Communicator in

Can you give me some advice on expanding my Splunk systems?

Hi all, I want to check if anyone has any experience on expanding your Splunk system. The below is my situation. ...

by Path Finder in

How to print multiple JSON root elements?

Hi, I've data like this { "container_id":"0fce97fd907a806802eab9b27965dd35dd82bbe142d128294b34b8a8a2e42f23", "c...

by Engager in

How to install splunk app for linux without installing the universal forwarder?

Can I use splunk app for linux without installing universal forwarder on each linux host I need their logs?

by Path Finder in

Collecting Windows Events via A Forwarder but Groups are not being resolved

Hello I am collecting Windows Events using Windows Events Forwarding. On the Windows Event Collector I have a univ...

by Path Finder in

How to use date in filename as the timestamp for each event?

I need to index files that are summaries of data for a particular day. The data within the file is basically csv form...

by Contributor in

How to feed syslog of another Cisco device to Splunk?

There are two Cisco devices; I call them “1st IP” and “2nd IP” hereafter. I have managed to configured and send sy...

by Engager in

How to compare values in 2 fields and column that show Success/Failure?

I have 2 fields as below Field1 Field2 abc abc def jkl ghi wxy jkl pqr wxy I hav...

by Communicator in

How to setup a filter to drop specific events on the heavy forwarder?

Hello, I'm trying to setup a filter to drop specific events that contain an event name from AWS. I've read through th...

by Explorer in

Extract JSON device information from a long string

I have okta data. One of the fields - id - contains a whole string of data which includes the browser and the app and...

by New Member in

File monitoring in inputs.conf

I want to configure an file in a directory which will be rolling over to new file within 2mins. I tried basic inputs....

by New Member in

Why is inputs.conf meta not respected for Windows Event Logs on a 6.2.3 universal forwarder?

I sometimes use the _meta capability of inputs.conf to add a meta field to the data when it makes sense to do so. For...

by Contributor in

Getting Data In

Discussions

How to get comma separated list of values?

How to remove duplicate values based on condition

Hostname and IP address,Hostname and IP to be sent to Splunk

Is there an app for Splunk that onboard data from mailboxes?

Can you reload new inputs.conf stanzas on a UF without restarting the Daemon?

How to use env variables usage in inputs.conf?

how to create a table to show port status of Cisco switch?

timeparsing issue for sourcetype

What Windows Event Codes track WMI activity

Can you give me some advice on expanding my Splunk systems?

How to print multiple JSON root elements?

How to install splunk app for linux without installing the universal forwarder?

Collecting Windows Events via A Forwarder but Groups are not being resolved

How to use date in filename as the timestamp for each event?

How to feed syslog of another Cisco device to Splunk?

How to compare values in 2 fields and column that show Success/Failure?

How to setup a filter to drop specific events on the heavy forwarder?

Extract JSON device information from a long string

File monitoring in inputs.conf

Why is inputs.conf meta not respected for Windows Event Logs on a 6.2.3 universal forwarder?

How to get the unicode/chinese character into kvst...

Update sysmon config

Data flow/input question - see data being received...

Duplicate Siebel log events from Universal Forward...

Okta Rate Limit "skinny_users" warnings