Getting Data In

Community Activity

How to find out the last configuration changes in the universal forwarder from the log files. My UF stop sending log. How to find out the last configuration change date, time and what configuration applied in the universal forwarder f... by msplunk33 Path Finder in Getting Data In 10-06-2020 0 0	0	0
Splunk Indexer Crashes in Cluster Environment Hi, Splunk Folks, I would like to why INDEXER crashes very often in the Cluster Environment. What are the steps I nee... by Splunk_Beginner New Member in Getting Data In 10-06-2020 0 1	0	1
outputs.conf multiple destination, equals, multiple ports? Hi all,Because we have Splunk running in multiple security environments, we have two separate indexer clusters. For s... by Jonson Engager in Getting Data In 10-06-2020 1 1	1	1
DateParserVerbose warnings HI,I see lot of DateParserverbose warnings in splunkd.log on my indexers.The errors goes as follows:WARN DateParserVe... by Anu Path Finder in Getting Data In 10-06-2020 0 5	0	5
Converting into EPOCH time Hi All, I want to convert the following into Epoch time ,but it is not getting resolved. 2020-10-05 23:06:... by Rukmani_Splunk Path Finder in Getting Data In 10-06-2020 0 2	0	2
unconfigured/disabled/deleted index=pan_logs I am running Splunk on Windows Server 2016. I attempted to send Palo Alto logs to Splunk but received the following e... by Ric0 New Member in Getting Data In 10-05-2020 0 2	0	2
How to troubleshoot juniper syslog could not find on the splunk I have a problem to find some juniper devices syslog on the splunk, I did packet capture on the server and could conf... by aya Engager in Getting Data In 10-05-2020 0 4	0	4
CSV lookup and count the value Hello,I have a CSV file with two fields (ID and description) and I want to know if any of the IDs are found in a sear... by Stephan Engager in Getting Data In 10-05-2020 0 2	0	2
Splunk Cloud vs On Premises Hi everyone,Just want to get some opinions on Splunk cloud vs on prem.Originally when we first started using splunk w... by zeusjuggler22 Loves-to-Learn Lots in Getting Data In 10-05-2020 0 1	0	1
Do not use last event timestamp for events without timestamp I have data which sometimes has timestamps and sometimes doesn't. I want those events without timestamp to use file m... by jeffland SplunkTrust in Getting Data In 10-05-2020 1 6	1	6
Exception in thread "main" com.splunk.HttpException: HTTP 404 Java Code;package com.ibm.splunk;import java.util.HashMap;import java.util.Map;import com.splunk.Service;import com.s... by charanrajd1328 Observer in Getting Data In 10-04-2020 0 0	0	0
Are internal events compressed ?? Are internal events compressed to 50% as it does for any normal events?For avg raw size of events in metrics.log is 1... by hectorvp Communicator in Getting Data In 10-04-2020 1 1	1	1
Internal Index volume Just for a sake of knowledge, how much amount of _internal data is generated.Incase my daily indexing is of 6TB???Wil... by hectorvp Communicator in Getting Data In 10-04-2020 0 3	0	3
Line Breaking for netstat only breaks on the first line have a scripted input that runs:netstat -tupn and the output shows: tcp x.x.x.x:38314 x.x.x.x:7075 ESTABLISHED 4144... by ekenne06 Path Finder in Getting Data In 10-03-2020 0 2	0	2
Getting error sending metrics to hec Hi, I'm getting {"text":"Invalid data format","code":6,"invalid-event-number":1} when sending json metrics to a hec. ... by osvaldo_pina Loves-to-Learn Lots in Getting Data In 10-03-2020 0 1	0	1
/rootfs/var/log/journal/ utilizing more license. can we stop that from indexing? Team, Below search query is using maximum license in our environment. can we stop that from indexing?index=_internal ... by SS1 Path Finder in Getting Data In 10-02-2020 0 2	0	2
AWS Landing Zone - Centralize logging - how are others ingesting? Hello, hoping others may have run into this and figured out best-practice (or best-way...) We are implementing an AW... by t9445 Path Finder in Getting Data In 10-02-2020 1 3	1	3
Is Splunk Windows TA needed to forward Windows Event Logs? Hi,Is the entire "Splunk Add-on for Microsoft Windows" needed to be pushed to forwarders in order to enable forwardin... by morethanyell Builder in Getting Data In 10-02-2020 0 3	0	3
lookup csv file contains multiple occurrences of items. Need to query these items in an index for each unique time stamp range in csv lookup csv format where EVENT_ID can have multiple SiteID fields and SiteID can have multiple EVENT_IDs. Only SiteID ... by ebele New Member in Getting Data In 10-02-2020 0 3	0	3
How to exclude staging servers logs counting in daily license usage. Hi, I have existing set of prod servers sending logs to splunk which has 10GB license capacity, is this possible to e... by abhic25 Explorer in Getting Data In 10-01-2020 1 1	1	1
long delay /missing data from sourcetypes? Hello all, I have 4 SH, 2 indexer's, 1 Deployment Server in one of my environments (windows). I'm now noticing tha... by Jarohnimo Builder in Getting Data In 10-01-2020 0 6	0	6
delayed logs I have a problem with the logs, they are arriving with a delay of 12 hours or moreThe information first reaches a sys... by splunkcol Builder in Getting Data In 10-01-2020 0 5	0	5
How to index file with same name and similar content? I am trying to read a file that gets replaced once in every 24 hours and has the same exact name and has almost simil... by goonie Explorer in Getting Data In 10-01-2020 0 2	0	2
Timestamp in 1/1/1900 format Hi,I'm trying to get data in from a file where data is in the following format (anonymized):{"seq":55619,"ntp_time":[... by craigkleen Communicator in Getting Data In 10-01-2020 0 1	0	1
Why 500 Error in EMC Isilon App setup HelloGot this while, unsuccessfully, setting up the connection to isilon via the app: 2020-09-30 16:18:26,812 ERROR ... by tkw03 Communicator in Getting Data In 10-01-2020 0 0	0	0