Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Working with CSV

I have CSV like this- PPAGE_ID1 PPAGE_ID2 PPAGE_ID3 PPAGE_ID4 PPAGE_ID5 PPAGE_ID6 1-Jan 123 123...

by Contributor in

Regex for Line Break props.conf

Hello Splunkers, Any Regex geniuses that can help line break the below logs. Ideally remove the text in th...

by Communicator in

help with the dashboard time calculation needed

Hello, I have relatively easy issue I am struggling with. I would like to calculate the time difference in seconds...

by Contributor in

How to write dynamic rest api script in Shell??

Hi All, I was writing one script in shell for getting data though rest api . Below is the connect of the scrip...

by Path Finder in

How do I group unstructured events based on errorcode that they contain in body?

I have some base splunk query which gives me list of events which has body mentioned below - event 1. {"Errors":{"...

by Engager in

Inconsistent indexing time on CSV monitor

We have been using daily CSV exports from our "X" monitoring servers that we then display on our performance board ea...

by Explorer in

Sourcetype renaming not taking

Following the documentation for sourcetype renaming, I still fail to get it working. I have added an entry in Sourcet...

by Explorer in

how to delete duplicate events

I messed up my production server - deleted by mistake some of the internal splunk indexes instead of deleting them on...

by Communicator in

API json preview field

As seen in https://docs.splunk.com/Documentation/Splunk/7.2.3/RESTUM/RESTusing#Example_B:_JSON_response_format_exampl...

by Contributor in

One record, two values per field?

We've been acquiring data for some time now via manual imports with CSV files. We're finishing up the process of auto...

by Path Finder in

error after stopping and connecting to instance in aws

Hi Everyone, I spinned up a new windows instance in aws, then i installed splunk application in that server. Then ...

by New Member in

Universal Forwarder 8.0 upgrade path from 6.x

We have a bunch of older 6.x universal forwarders that will be incompatible with an 8.0 Enterprise Splunk instance. I...

by New Member in

How to edit my inputs.conf to blacklist a directory?

Apologies, but I'm not groking this. I've read dozens of "answers", I've read several docs on the topic. But, I can't...

by Contributor in

How to filter our dashboard by each host or including all hosts?

Hi, I'm trying to filter our dashboard by each host or including all hosts. We have many field(chart) in a dashbo...

by Explorer in

How do you filter data from a log and send them to 2 splunk instances while discarding the rest?

I'm trying to filter data from a log and send them to 2 splunk instances while discarding the rest. I've tried a lit...

by New Member in

TCP requirement for syslog transfer

Syslogs are sent on UDP port 514 towards Syslog-ng But we have experienced if tcp for port 514 is not working/not ...

by Path Finder in

HTTP Event Collector returns Bad Request - what is wrong with my event?

While posting a request to Splunk via HEC, I get the response as {"text":"No data","code":5} and when I enable versio...

by Contributor in

Monitor logs on Indexers and forward to another indexer cluster

In my environment, we send everything to our indexer cluster and use data cloning using _TCP_ROUTING on the universal...

by Path Finder in

Original Timestamp Value/Format

Hello, I'm looking for a way to capture the original timestamp value/format from various logs. Here are some of the f...

by Builder in

splunk-kubernetes-logging in Kubernetes cluster getting error_class=Net::OpenTimeout error="execution expired"

I am trying to setup splunk-kubernetes-logging. I have my daemonset running on my worker nodes, but fluentd is failin...

by New Member in

Getting Data In

Discussions

Working with CSV

Regex for Line Break props.conf

help with the dashboard time calculation needed

How to write dynamic rest api script in Shell??

How do I group unstructured events based on errorcode that they contain in body?

Inconsistent indexing time on CSV monitor

Sourcetype renaming not taking

how to delete duplicate events

API json preview field

One record, two values per field?

error after stopping and connecting to instance in aws

Universal Forwarder 8.0 upgrade path from 6.x

How to edit my inputs.conf to blacklist a directory?

How to filter our dashboard by each host or including all hosts?

How do you filter data from a log and send them to 2 splunk instances while discarding the rest?

TCP requirement for syslog transfer

HTTP Event Collector returns Bad Request - what is wrong with my event?

Monitor logs on Indexers and forward to another indexer cluster

Original Timestamp Value/Format

splunk-kubernetes-logging in Kubernetes cluster getting error_class=Net::OpenTimeout error="execution expired"

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

How to connect Oracle Access Manager to Splunk?

Windows server 2012 registry error display in Dash...

Props.conf wild card help

Ingestion of CSV files via monitoring stanza

Splunk Log4J2 Appender in Spring Boot with Maven

Getting Data In

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >