Getting Data In

Community Activity

How to upload wevtutil generated xml file of Security log into Splunk? I have a situation when I need to dump a remote Security log with wevtutil and subseqently upload it into Splunk to c... by ageld2020 New Member in Getting Data In 11-03-2020 0 0	0	0
Monitoring File Directories but not indexing file contents Hi all,Sorry for the really newb question (because I am one).I have Splunk Enterprise running on my standalone PC to ... by Highlander22 Engager in Getting Data In 11-03-2020 0 3	0	3
Issue with timestamps creating extra events Certain events in these logs have dates in certain tags below such as <BeginDateTime> and <EndDateTime> . They are cr... by bnichols024 New Member in Getting Data In 11-03-2020 0 2	0	2
Variable string processing in variable string in map command IF the _raw is the same as above, I want to search with the query below.Index=_internal sourcetype=splunkd I want to ... by litmuspaper Loves-to-Learn Lots in Getting Data In 11-03-2020 0 1	0	1
Index events with timestamp of previous day We have a report from a system that needs to be indexed into splunk on monthly basis. This report is generated on 1st... by rajeshjlnt Path Finder in Getting Data In 11-03-2020 0 5	0	5
Does indexer discovery also apply to heavy forwarder to Splunk enterprise? by phil_wong Explorer in Getting Data In 11-02-2020 0 1	0	1
SSL Forwarding: Why does a Splunk forwarder need its own certificate? outputs.conf on forwarder gets its own cert. E.g. something like [tcpout-server://192.168.1.100:9997] sslRootCAPath ... by mlorch Path Finder in Getting Data In 11-02-2020 1 7	1	7
How to index Json array into metric index? Hi All, My question is the same as the title. How am I able to index Json array into metric index? I would appreciate... by brandy81 Path Finder in Getting Data In 11-02-2020 0 0	0	0
How to remove a group of characters for each value from list/multivalue. String of variable alert_type:\|detail.action=blocked\|detail.devicename=hd03\|detail.virus=fec_virus_macro_sic_1\|detail... by dashield Explorer in Getting Data In 11-02-2020 0 6	0	6
field extraction working with rex but not props.conf I am trying to extract a portion of the source as a field. Here's what the source looks like: D:\Host Logs\info.serve... by jdmclemore Path Finder in Getting Data In 11-02-2020 0 7	0	7
Splunk Add-on for AWS ARN Format Mismatch HelloIn setting up the add on for AWS(4.6.1) in the IAM role setup it expects a role ARNin the format of :arn:aws-us-... by tkw03 Communicator in Getting Data In 11-02-2020 0 0	0	0
UK dates recognised as US until 10th of the month Hi AllI am trying to index some log files that have been converted to tab delimited text files. These are being picke... by Ognib Explorer in Getting Data In 11-02-2020 0 6	0	6
Splunk logging driver logs not parsed by indexer Hi Splunkers,I have start using Splunk Logging Driver to get my docker logs into Splunk. I am using Splunk Enterprice... by ps Explorer in Getting Data In 11-02-2020 0 2	0	2
index data retention Hello there.Within splunk cloud, I go to Settings < Indexes.I am looking at my main index. It has a current size of ... by trojan_81 Path Finder in Getting Data In 11-01-2020 1 2	1	2
data retention of sourcetype Two questions regarding Dynamic Data Storage: 1) Within an Index, can I archive a specific sourcetype only or can I o... by trojan_81 Path Finder in Getting Data In 10-31-2020 0 1	0	1
How can I import this CSV file into Splunk? I have: 1 Searchhead 1 Deployment Server 4 Indexers (Non clustered) This is the raw CSV file: date,name,capacity,fre... by dperry Communicator in Getting Data In 10-30-2020 0 16	0	16
SmartStore configuration Hello All. I’m testing a SmartStore index with the configuration below. I’m getting errors from S3Client “no address ... by oscar84x Contributor in Getting Data In 10-30-2020 0 0	0	0
LINE_BREAKER regex for I have XML files I'm trying to break-up into individual events based on the following XML format. I need to break the... by astackpole Path Finder in Getting Data In 10-30-2020 0 3	0	3
What is the best way to integrate Mulesoft with Splunk cloud? Need help with this integration.@richgalloway @woodcock by Roy_9 Motivator in Getting Data In 10-30-2020 0 4	0	4
Any way to monitor excessive write activity to a server? Greetings, Is there any way to query Splunk to see if host disk drives have excessive write activity vs. read activit... by SplunkLunk Path Finder in Getting Data In 10-30-2020 0 2	0	2
Placing props.conf in monitoring app Hi,We always place props.conf in parsing app.Today I saw a config where - props.conf is placed inside monitoring app.... by VijaySrrie Builder in Getting Data In 10-30-2020 0 1	0	1
Is there a way to increase the maxQueueSize for Syslog output? Hello Splunkers, I would like to know if there is any way to increase the queue of my syslog group. I mean, currentl... by ludoz13 Path Finder in Getting Data In 10-30-2020 1 5	1	5
How to write regex to event break a multi line file into single event? I have multi line file (_json), which I am trying to create a individual events, the multi line file contains array o... by Hemnaath Motivator in Getting Data In 10-29-2020 1 3	1	3
Monitor csv files directory Tail Reader Problem I am monitoring a directory with 101 csv file with the same format but I am having only 49 of them indexed. When I s... by marcos_eng1 Explorer in Getting Data In 10-29-2020 0 5	0	5
How to migrate warm and thawed data from non-clustered indexers to a s2 index cluster? HI,I am cutting over non-clustered indexers (v7.3.3) to a new smart store (s2) index cluster (v8.0.6).Currently I hav... by Glasses Builder in Getting Data In 10-29-2020 0 2	0	2