Getting Data In

Discussions

Thread Info

What is the role of HEADER_MODE in props.conf?

Hi, What is the role of HEADER_MODE in props.conf? I am seeing the documents, but I don't understant. https://doc...

by Path Finder in

File ingested generates another file with the same data which results in data duplication

Hi Splunk Experts I have this kind of problem which confuses me. The file being ingested generates another file which...

by Path Finder in

How to over ride the index for event from certain hosts?

Its been awhile since I setup an props/transforms override, but I never had so much trouble. I have 20 Foo-applianc...

by Builder in

Convert BST to America/NY (Timezone)

I tried this but seems this is not working. I want to convert BST to America /NY time please. | eval BST=strftime...

by Engager in

csv input file column name contains percent sign

The .csv file that I am using as input has a column name that begins with a percent sign ("% Complete"). I just noti...

by Explorer in

Not all monitored files being indexed

we have monitors on 2 Windows file paths: [monitor://C:\Data\Data\Disk\SplunkLoad\IsilonCaptures\i*.txt]index = st...

by Communicator in

Issue with default outputs when _TCP_ROUTING

Hello,I have many forwarders sending logs to a cluster of indexers, and for some logs I need to send it not cooked. ...

by Explorer in

How to increase logs retention period?

Hi, we are asked to increase our retention period of splunk logs to 1 year. we need to put our data to be searc...

by Explorer in

Collect cisco netflow

Hi, I am trying to collect NetFlow data from Cisco router via Splunk_TA_Stream. I config streamfwd.conf according to ...

by Engager in

How to avoid indexing of some fields or parts of events?

Hello, we want to filter some fields of receiving events before indexing for the license saving, for example, in a fi...

by Path Finder in

How to forward data when forwarder cannot contact indexer through firewall?

Hi all, I have a situation where there are servers from which we wish to get logs into Splunk. However, we cann...

by Path Finder in

Splunk Index Best Practices

Hi- We are indexing JSON data into Splunk. We push the data once every 24 hours. The Rest API will not give "Delta:...

by Loves-to-Learn Lots in

Splunk is getting duplicate events from Azure billing API,

Splunk is getting duplicate events from Azure billing API, We are using inbuild azure connector to onboard the data....

by New Member in

Timezone

My logs are that kind : <July 13, 2020 10:55:02,572 PM CDT> So i used TIME_FORMAT=%b %d, %Y %H:%M:%S, %3N%p%z B...

by Builder in

How to see all source and sourcetype list

Hi, In splunk UI, I am seeing only top 10 source and sourcetype list. But I want to see all of them. Please sug...

by Communicator in

Line breaking not working for JSON logs (API at heavy forwarder).

We are using ingest pattern as API at Heavy forwarder. props.conf:- [kenna:applications] INDEXED_EXTRACTION...

by Explorer in

Ingest data from mongo db into Splunk

Hi Splunk Community I was using MySQL databases and DB connect to ingest data into Splunk. Working great! If I us...

by Path Finder in

Need assistance getting large data into Splunk

This is a note my client sent: I can’t really use the logs from Splunk, because they are spotty.. Think I figured o...

by Path Finder in

Splunk App For Infrastructure VMware vSphere

I'm trying to add VMware vSphere data using the Splunk app for infrastructure. When I try to, all I get is an alert "...

by New Member in

Running multiply Powershell scripts at the same time

I have been working the past 2 weeks with getting powershell scripts and cron jobs stable. but find that when i run 6...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What is the role of HEADER_MODE in props.conf?

File ingested generates another file with the same data which results in data duplication

How to over ride the index for event from certain hosts?

Convert BST to America/NY (Timezone)

csv input file column name contains percent sign

Not all monitored files being indexed

Issue with default outputs when _TCP_ROUTING

How to increase logs retention period?

Collect cisco netflow

How to avoid indexing of some fields or parts of events?

How to forward data when forwarder cannot contact indexer through firewall?

Splunk Index Best Practices

Splunk is getting duplicate events from Azure billing API,

Timezone

How to see all source and sourcetype list

Line breaking not working for JSON logs (API at heavy forwarder).

Ingest data from mongo db into Splunk

Need assistance getting large data into Splunk

Splunk App For Infrastructure VMware vSphere

Running multiply Powershell scripts at the same time

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

HTTP Event Collector Connection Actively Refused a...

Behaviour of app.conf with deployment server

Ingest Actions error

Splunk OTEL Collector throwing Timeout and Authent...

HEC stopped working