Getting Data In

Community Activity

My data stops logging at the beginning of the month Hi all, Hopefully someone can assist me here. We are using Splunk Light Version 6.2.3 but have discovered recently ... by JonzOo Explorer in Getting Data In 10-01-2020 0 7	0	7
Does it matter if an index path is the same on an HF as it is in the indexer? HelloI have an API integration with my HF that gest data and then the HF forwards that data to the indexers. I need t... by tkw03 Communicator in Getting Data In 09-30-2020 0 4	0	4
Can I use the collect command to write metrics data to a metrics index? Hello,I am using Splunk Enterprise 7.3.2. and I have structured event data within an events index that I am trying to... by andrewtrobec Motivator in Getting Data In 09-30-2020 0 2	0	2
JSON parsing error in the universal forwarder Hi, I'm getting errors with parsing of json files in the universal forwarder. I'm generating json outputs - a new fi... by vegerlandecs Explorer in Getting Data In 09-30-2020 1 3	1	3
How to move unwanted logs into nullQueue 2020-05-12 14:34:52,060 2020-05-12 14:34:52,060 2020-05-12 14:34:52,060 I want to remove ####< from my events, so i ... by uagraw01 Motivator in Getting Data In 09-29-2020 0 14	0	14
Does anybody know how to set log retention in syslog-ng for 2 weeks Hi Alli have configured syslog-ng in our company to collect the logs form network devices,I am little bit confuse fo... by rjrijo Engager in Getting Data In 09-29-2020 1 2	1	2
Get count of top level keys from JSON? my Splunk logs looks like below. Total keys could change based on use case. I need to get exact number of keys from b... by Pramodkuber Engager in Getting Data In 09-29-2020 0 1	0	1
Help with custom field extraction during indexing Hello,I monitor several VMs and the corresponding database logs with the following stanza:[monitor:///usr/sap/.../HDB... by damucka Builder in Getting Data In 09-29-2020 0 3	0	3
Extract part of string Hello I have this source path for example : AAN831AA_ELS_Log_20200102064858+0000-[PS-MELSPP2]/fsmLog_010220-064856_4C... by sarit_s Communicator in Getting Data In 09-29-2020 0 1	0	1
Splunk License Violations Best practises? Hi Everyone,What are the best practices to follow in the event of 90% license usage? Can we take any precautionary me... by SS1 Path Finder in Getting Data In 09-28-2020 0 1	0	1
Why an _internal index search on per_index_thruput shows hosts are forwarding less data than is being indexed? I have this search index=_internal source="metrics" group="per_index_thruput" series="customindex" host="*MyIndexe... by hartfoml Motivator in Getting Data In 09-28-2020 1 6	1	6
If I have multiple Cisco devices sending syslog directly to Splunk with the same source and sourcetype, how do I view them separately? Although we have multiple threads related to this topic, none are useful and confusing for newbies like me. I have m... by mi5cyberninja New Member in Getting Data In 09-28-2020 0 5	0	5
Splunk DB connect - Cannot get schemas Hello splunk community,There might be some configuration issues in our environment, but I could not find anything sta... by xlin Engager in Getting Data In 09-28-2020 0 1	0	1
How to create a script for DBConnect that adds an action to an existing alert? We use DBConnect to retrieve SQL data. We have a critical feed that is fairly stable. I added a retrieval for just th... by dorgra Path Finder in Getting Data In 09-28-2020 0 0	0	0
Splunk Monitoring Hi Team i'm new in splunk, I need to Monitor programs that executing on task manager whether is successfully or Not.... by mlindokuhle Loves-to-Learn Lots in Getting Data In 09-28-2020 0 3	0	3
Will Splunk index old data present in a folder after integration date? I have a Prod Linux server where I have deployed Universal forwarder and monitoring few directories. Say like below. ... by santhoshi Explorer in Getting Data In 09-28-2020 1 3	1	3
Archsight to Splunk via UF /Syslog We are planning to migrate archsight to Splunk via Collection of UF , syslog to HF.How many UF we need to install , ... by sahiltcs Path Finder in Getting Data In 09-27-2020 0 4	0	4
Why did our Windows Universal Forwarder stop forwarding? I have the universal forwarder installed on one of our Windows servers and it has been forwarding logs with no issue ... by kpers Path Finder in Getting Data In 09-27-2020 0 8	0	8
Can I get the iframe embed URL for a report via the REST API? I'm hoping to build a product that allows users to easily select a report from their Splunk instance and embed it in ... by sjodle Path Finder in Getting Data In 09-27-2020 0 2	0	2
Unable to authenticate to search heads: "Global key files are invalid. This server cannot distribute searches..." After a long-overdue upgrade from 6.x to 7.1.3 -- this release it the latest one supported by my vendor, who interope... by myudkowsky Communicator in Getting Data In 09-27-2020 0 10	0	10
UFs new pointer after restart If I gracefully shutdown the UF, it will send all logs from output queue and from internal parsing queue.Suppose I re... by hectorvp Communicator in Getting Data In 09-26-2020 1 3	1	3
Send a hostname tag via universalforwarder using Docker-Compose Hi.I'm configuring a docker-compose responsible to start a cluster of an application and then Splunk and the univers... by juliofalbo Engager in Getting Data In 09-26-2020 1 2	1	2
Logs sending being cutoff Hello,I have had an issue where specifically the firewall logs were cutoff for about 5 hours and then reconnected and... by STU3 Engager in Getting Data In 09-26-2020 0 1	0	1
How do I schedule a CSV Report? Hello!I have a scheduled report that I have running monthly that exports my results into a PDF format that is emailed... by ctaylor3819 Engager in Getting Data In 09-25-2020 0 1	0	1
mv extraction in props.conf I need to extract (at search time) a multivalue field in some JSON data in a manner that will allow me to perform add... by Dworsnop Path Finder in Getting Data In 09-25-2020 0 6	0	6