Getting Data In

Community Activity

Splunk indexing retention policy hello Splunkers,We have a index whose retention pol;icy is varying for the applications that are reporting to that in... by SS1 Path Finder in Getting Data In 10-13-2020 0 4	0	4
Azure Add-on user data truncation I'm using the Azure Add-on for splunk to pull in our azure AD signin, audit and user data; all is work well for the m... by drobMT Explorer in Getting Data In 10-13-2020 0 3	0	3
Forwarding to a third party syslog server based on both host, sourcetype and regex We have to forward some data from a Splunk Heavy Forwarder to a third party syslog server.This is possible as indicat... by edoardo_vicendo Builder in Getting Data In 10-13-2020 0 2	0	2
Field extraction during indexing does not work Hello,I have following entry in my transforms.conf:[dtimes] REGEX = ^.+s4hana\.ondemand\.com (?P<DBSID>.{3}).+t0\(tim... by damucka Builder in Getting Data In 10-13-2020 0 5	0	5
Override the Splunk unarchiver when uplaod tar.gz file Hello,I've got an application that generates an archive file with nested archive files in it.here is a sample of my f... by adrienG Engager in Getting Data In 10-13-2020 0 2	0	2
Changing Sourcetype at Index Time on Heavy Forwarder? Hi, I would like to change the sourcetype of data being received from a UDP Syslog stream via a heavy forwarder. On t... by marrette Path Finder in Getting Data In 10-13-2020 0 2	0	2
Configure an app to target a specific splunk server I have two servers (all-in-one), one's production the other development. Sometimes, I'd like to have a forwarder send... by tmontney Builder in Getting Data In 10-12-2020 0 1	0	1
Splunk not picking up on timezone set within props Hi everyone. I have logs that are sent to me in Central Standard Time (-6 hours) but there isn't anything in the TA ... by DEAD_BEEF Builder in Getting Data In 10-12-2020 0 27	0	27
Log Monitor Stops from 30-09-2020 to 01-10-2020 I have two monitored logs for which no new events are being collected. The Splunk logs don't show any (new) issues o... by bgstein Path Finder in Getting Data In 10-12-2020 0 4	0	4
Export large volume of historical data from Splunk to Hadoop(HDFS) which can be implemented in production as well Hello Splunk Team,I have been exploring how to connect SPLUNK with Hadoop to export large volume of data(Historical)... by dipranjan New Member in Getting Data In 10-12-2020 0 3	0	3
Disk I/O error monitoring on Linux Servers I am looking to monitor Disk IO error, is there any way to monitor it..Currently we have filtered disk related hardwa... by shugup2923 Path Finder in Getting Data In 10-12-2020 0 6	0	6
Upgrade from 6.5 to last version Hello,We are using Splunk Enterprise 6.5 and we want to upgrade to the last version.What is the best way to do this ?... by supportsantnet Engager in Getting Data In 10-12-2020 0 4	0	4
job status polling via external API What are the best practices in collecting job statuses in Splunk via an external API?(I am not sure I am asking the r... by mitag Contributor in Getting Data In 10-12-2020 0 0	0	0
After Cloning a sourcetype using TRANSFORMS-CLONE i cant get timestamp to be read on the new sourctype Hi I am cloning a sourcetype twice. (Using TRANSFORMS-CLONE = CLONE_SOURCETYPE_JAVA,CLONE_SOURCETYPE_JAVA1) Then in ... by robertlynch2020 Influencer in Getting Data In 10-11-2020 0 3	0	3
Using Splunk HTTP Event Collector with log4j2 Hi,I'm trying to use SplunkHTTPAppender in production, the set up (log4j2.xml) works in development environment. But... by crippled-ankle Loves-to-Learn in Getting Data In 10-11-2020 0 2	0	2
splunk uf not reading logs hellowe’ve directory structure as follows/apps/ftp/user/logs/admin -- main directorysub-directories2018 2019 2020and ... by AzmathShaik Path Finder in Getting Data In 10-09-2020 0 1	0	1
Setting host value from DB Connect SQL statement results While creating a new DB Input in DB Connect 3.4.0, i need to set the host value per event as it is indexed. Its a SQL... by joesrepsolc Communicator in Getting Data In 10-09-2020 0 1	0	1
How do I stop getting duplicate entries of JSON data from an API feed? I installed the Duo Security App that uses the API to download events in the JSON format. The data is collected and ... by scottrunyon Contributor in Getting Data In 10-09-2020 1 11	1	11
Configure schedule job to export data from splunk to Hadoop I need some documentation in configuring schedule job for exporting data from splunk to Hadoop using Splunk Hadoop co... by msplunk33 Path Finder in Getting Data In 10-09-2020 0 8	0	8
Splunk rest api - get a list of UF agent status Hi,I would like to use the splunk rest api to get a list of UF agents installed and their status, host, ip etc.Is the... by xdblazes1 Loves-to-Learn in Getting Data In 10-09-2020 0 2	0	2
How to extract nested key value pairs from a specific JSON string field using spath and kvdelim? I have JSON that looks like this. With the "message" field, there can be one or more key value pairs. How can I extra... by jkastning Engager in Getting Data In 10-09-2020 0 6	0	6
missing data from script input. Good afternoonCurrently we have a UF that is configured with 50 inputs, of which 49 work well and only 1 does not ind... by efaundez Path Finder in Getting Data In 10-09-2020 0 2	0	2
Clearpass App for splunk via syslog but doasn't work Hi everybody I installed the Clearpass TA application on my SH instance. it collects logs via syslogs. So here is the... by sdurao Engager in Getting Data In 10-09-2020 0 2	0	2
Calcuate time differences Hi, Looking out to calculate and find out the time differences between two time stamps (milliseconds and seconds). P... by splunklakshman Explorer in Getting Data In 10-08-2020 0 6	0	6
masking password with rex command hi i have a data where there are two fields with password which i need to mask via props.conf and also in the search.... by moin140586 New Member in Getting Data In 10-08-2020 0 1	0	1