Getting Data In

Community Activity

Logs retention policy Hi SPlunkers,We have multiple sources reporting to same index, what we observe is for few sources we can see the sear... by SS1 Path Finder in Getting Data In 10-14-2020 0 4	0	4
how to filter by "does not equal" I know how to filter for a specific event so, for example, I always run this: source=wineventlog:* earliest_time=-24h... by Techfrogger Explorer in Getting Data In 10-14-2020 3 8	3	8
How to remove double quotes from a token using the replace method? Hello!I have the token() whose content is this: $support_group_token$=support_group="Service Desk" Is there any way t... by diogenesloazeve Engager in Getting Data In 10-14-2020 0 6	0	6
Bypassing normal system/local/props.conf processing for .tar.gz files Hello, I develop my own Splunk App for specific file. These files are archive files with the ".tar.gz" extension and ... by adrienG Engager in Getting Data In 10-14-2020 0 0	0	0
Windows File Server integration with Splunk Hello,What is the best third party app to monitor Windows File Server event logs such as (file read, file creation, p... by Kaand Explorer in Getting Data In 10-14-2020 0 2	0	2
Splunk indexing retention policy hello Splunkers,We have a index whose retention pol;icy is varying for the applications that are reporting to that in... by SS1 Path Finder in Getting Data In 10-13-2020 0 4	0	4
Azure Add-on user data truncation I'm using the Azure Add-on for splunk to pull in our azure AD signin, audit and user data; all is work well for the m... by drobMT Explorer in Getting Data In 10-13-2020 0 3	0	3
Forwarding to a third party syslog server based on both host, sourcetype and regex We have to forward some data from a Splunk Heavy Forwarder to a third party syslog server.This is possible as indicat... by edoardo_vicendo Builder in Getting Data In 10-13-2020 0 2	0	2
Field extraction during indexing does not work Hello,I have following entry in my transforms.conf:[dtimes] REGEX = ^.+s4hana\.ondemand\.com (?P<DBSID>.{3}).+t0\(tim... by damucka Builder in Getting Data In 10-13-2020 0 5	0	5
Override the Splunk unarchiver when uplaod tar.gz file Hello,I've got an application that generates an archive file with nested archive files in it.here is a sample of my f... by adrienG Engager in Getting Data In 10-13-2020 0 2	0	2
Changing Sourcetype at Index Time on Heavy Forwarder? Hi, I would like to change the sourcetype of data being received from a UDP Syslog stream via a heavy forwarder. On t... by marrette Path Finder in Getting Data In 10-13-2020 0 2	0	2
Configure an app to target a specific splunk server I have two servers (all-in-one), one's production the other development. Sometimes, I'd like to have a forwarder send... by tmontney Builder in Getting Data In 10-12-2020 0 1	0	1
Splunk not picking up on timezone set within props Hi everyone. I have logs that are sent to me in Central Standard Time (-6 hours) but there isn't anything in the TA ... by DEAD_BEEF Builder in Getting Data In 10-12-2020 0 27	0	27
Log Monitor Stops from 30-09-2020 to 01-10-2020 I have two monitored logs for which no new events are being collected. The Splunk logs don't show any (new) issues o... by bgstein Path Finder in Getting Data In 10-12-2020 0 4	0	4
Export large volume of historical data from Splunk to Hadoop(HDFS) which can be implemented in production as well Hello Splunk Team,I have been exploring how to connect SPLUNK with Hadoop to export large volume of data(Historical)... by dipranjan New Member in Getting Data In 10-12-2020 0 3	0	3
Disk I/O error monitoring on Linux Servers I am looking to monitor Disk IO error, is there any way to monitor it..Currently we have filtered disk related hardwa... by shugup2923 Path Finder in Getting Data In 10-12-2020 0 6	0	6
Upgrade from 6.5 to last version Hello,We are using Splunk Enterprise 6.5 and we want to upgrade to the last version.What is the best way to do this ?... by supportsantnet Engager in Getting Data In 10-12-2020 0 4	0	4
job status polling via external API What are the best practices in collecting job statuses in Splunk via an external API?(I am not sure I am asking the r... by mitag Contributor in Getting Data In 10-12-2020 0 0	0	0
After Cloning a sourcetype using TRANSFORMS-CLONE i cant get timestamp to be read on the new sourctype Hi I am cloning a sourcetype twice. (Using TRANSFORMS-CLONE = CLONE_SOURCETYPE_JAVA,CLONE_SOURCETYPE_JAVA1) Then in ... by robertlynch2020 Influencer in Getting Data In 10-11-2020 0 3	0	3
Using Splunk HTTP Event Collector with log4j2 Hi,I'm trying to use SplunkHTTPAppender in production, the set up (log4j2.xml) works in development environment. But... by crippled-ankle Loves-to-Learn in Getting Data In 10-11-2020 0 2	0	2
splunk uf not reading logs hellowe’ve directory structure as follows/apps/ftp/user/logs/admin -- main directorysub-directories2018 2019 2020and ... by AzmathShaik Path Finder in Getting Data In 10-09-2020 0 1	0	1
Setting host value from DB Connect SQL statement results While creating a new DB Input in DB Connect 3.4.0, i need to set the host value per event as it is indexed. Its a SQL... by joesrepsolc Communicator in Getting Data In 10-09-2020 0 1	0	1
How do I stop getting duplicate entries of JSON data from an API feed? I installed the Duo Security App that uses the API to download events in the JSON format. The data is collected and ... by scottrunyon Contributor in Getting Data In 10-09-2020 1 11	1	11
Configure schedule job to export data from splunk to Hadoop I need some documentation in configuring schedule job for exporting data from splunk to Hadoop using Splunk Hadoop co... by msplunk33 Path Finder in Getting Data In 10-09-2020 0 8	0	8
Splunk rest api - get a list of UF agent status Hi,I would like to use the splunk rest api to get a list of UF agents installed and their status, host, ip etc.Is the... by xdblazes1 Loves-to-Learn in Getting Data In 10-09-2020 0 2	0	2