Getting Data In

Community Activity

XML metadata field extraction Hi Splunkers, I am working on field extraction for XML events. I have added regex in transforms.conf for extraction.... by jsanjeb Explorer in Getting Data In 11-12-2020 0 1	0	1
Splunk timestamp offset GMT Good evening. I have a ASCII event message that looks like the following: The timestamp is in GMT time. When Splunk ... by SFOTC New Member in Getting Data In 11-12-2020 0 6	0	6
Events filter on heavy forwarder doesn't work Hi all,we are monitoring some log files in a Windows directory; we'd like to keep only events containing the word FAI... by nicofantinato Path Finder in Getting Data In 11-12-2020 0 0	0	0
wrong year in _time Hi,I have several data sources that have each their own timestamp(different times, one format) due to Geo differences... by boromir Path Finder in Getting Data In 11-12-2020 0 3	0	3
Splunk migration Hi We are working on migration to different environments and we are looking to forward same data to different indexer... by kowsikreddy Loves-to-Learn in Getting Data In 11-11-2020 0 2	0	2
Null Filtering Not Working Greetings all. I am having some trouble getting syslog data to filter with regards to nullQueue. Below are what my co... by iamDT03 Engager in Getting Data In 11-11-2020 0 1	0	1
Conditional Input.conf setting? All, I have about 200 machines with UF installed. I want to monitor bash_history and a few other Linux /home items. T... by daniel333 Builder in Getting Data In 11-11-2020 0 1	0	1
Make Splunk Look For Logs Inside Folders Hello all!  I'm currently implementing Splunk inside one of our company systems. It happens so that the logging stru... by luteixeira Explorer in Getting Data In 11-11-2020 0 2	0	2
Improve Batch stanza Ingestion for large files We have a script which is downloading file from the location every 5 min and we are monitoring using batch stanza. E... by nisu Explorer in Getting Data In 11-11-2020 0 1	0	1
splunk index HiWe are on migration on 2 different environments for windows OS.Can we get details, where we have define new indexes... by kowsikreddy Loves-to-Learn in Getting Data In 11-11-2020 0 2	0	2
Parsing XML - ignore new line @somesoni2 I am trying to parse a complex xml and asking about the regex for SEDCMD-abremoveheader which refers to li... by sbaror11 Explorer in Getting Data In 11-11-2020 0 0	0	0
Forwarder restarting every 10 minutes Hi,I have a dozen of UFs that are restarting every ten minutes. They are on Windows. Running 7.2 (latest supported ve... by jihape Path Finder in Getting Data In 11-10-2020 0 2	0	2
Source Type, Web Application and BREAK_ONLY_BEFORE I discovered our logs were split between events. I notice that Splunk split the event ANY date and time it found in o... by jsgossett Engager in Getting Data In 11-10-2020 0 2	0	2
Splunk logs to Kafka I have a data which is already indexed in Splunk through Universal Forwarder. So i want to send this data from Splunk... by ismail4u88 New Member in Getting Data In 11-10-2020 0 0	0	0
interval in input.conf not followed, Windows add-on Windows add-on 8.0.0, Splunk 8.0.4.No matter the interval settings in inputs.conf, they seem to run at random times. ... by mykol_j Communicator in Getting Data In 11-10-2020 0 4	0	4
Creating Index time fields for your HF's I'm trying to follow guides on how to create a new indexed field. Basically creating a field that gives us the name o... by Jarohnimo Builder in Getting Data In 11-10-2020 0 1	0	1
Splunk Stream TA stops streamfwd Hi Splunkers,Is there any way to get rid of this knonw issue on Stream app ? Currently, I'm collecting DNS logs via S... by skywalker Observer in Getting Data In 11-10-2020 0 0	0	0
certificate hardware for public procurement I'm Borys from LLC "Trading systems". Our company participates in public procurement The client describes in the req... by UcloudLLC Engager in Getting Data In 11-10-2020 0 2	0	2
extract a specific IP with positive lookahead I'm trying to extract multiple fields out of my log. my problem is that I do have multiplie ip adresses - one for the... by avoelk Communicator in Getting Data In 11-10-2020 0 1	0	1
Anyone think they can lend help me figure this out? I understand the error has to do with disk space but I have no idea how to actually fix theissue. I know how to locat... by drobles96 Engager in Getting Data In 11-10-2020 0 3	0	3
Timestamp recognition I am trying to monitor the log file and index to Splunk with the following log format.02/11/2020,16:09:02,test-xxxxx,... by kcchu01 Explorer in Getting Data In 11-09-2020 1 7	1	7
host writting to 2 diff indexes Just came across a scenario where a window server was writing to 2 diff indexes reported. What parameters needs to lo... by pavanbmishra Path Finder in Getting Data In 11-09-2020 0 3	0	3
How do I configure props for America/New_York in the date field? We have data such as - EVENT_TIMESTAMP="2020-11-09 11:12:30.617896 America/New_York", How can I handle the America/... by danielbb Motivator in Getting Data In 11-09-2020 0 1	0	1
Change the datetime UTC offset for a particular monitor file source Hello, I've setup a source for Splunk Cloud using the monitor file source like this: [monitor://C:\Logs\*.log] disabl... by kamm_1 Loves-to-Learn in Getting Data In 11-09-2020 0 0	0	0
Resilient add-on configuration error - Error while posting to url=/servicesNS/nobody/SA-Resilient/admin/sa_resilientconf I am getting following error when i am trying to configure Resilient app on Splunk.Error while posting to url=/servic... by ayushchoudhary Path Finder in Getting Data In 11-09-2020 0 0	0	0