Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

linebreaker for json sourcetype

I am trying to break the below json data into each event {"audit_logs": [{"url": "https://Company.udesk.com/api/v2...

by Explorer in

Make extractions in props.conf from search query

| makeresults | eval _raw="Nov 14 03:23:42 hostname rsyslogd-pstats:{ \"name\": \"global\", \"origin\": \"dynstats\"...

by Ultra Champion in

How to extract multivalue identity fields into their own identities

The following is a section of an larger JSON data source digested into our Splunk instance: "identities": [{"issue...

by New Member in

Carriage return newline (\r\n) not working as delimiter for makemv

I am trying to break a field (httpRequest), into a multivalue field and then extract the value of one of the values. ...

by Engager in

Why is Splunk index evaluation of _time inconsistent with timestamp in log file?

The splunk index evaluation of _time is not consistent with what is in the log. See the two entries below. Both are f...

by Explorer in

log file parsing on IDX

Hello, I just want to parse a log file. I try every solution found on forum but never work. (Splunk 7.3.3) Log: ...

by Path Finder in

using rex mode="sed" to remove strings surrounded by # characters

Hi, I have a series of log entries that are in the form #4 MyApp\Framework\DB\Adapter\Pdo\Mysql->_query('SELECT...

by Engager in

Is it a valid configuration to have indexers on different IP subnets/vlans for a single site in a multisite cluster?

We have nine sites in a multi-site cluster with indexers at each site ranging from three to 15 servers. Each site's i...

by Path Finder in

Using Splunk Universal Forwarder to collect from ElasticSearch/Logstash

one of our end-user clients have massive information stored in ELK stack. Our company needs to collect those data int...

by Super Champion in

Send files from to Splunk server from Jenkins

Hello, I want to send report files which is in XML format from Jenkins to Splunk server. I am using Jenkins send f...

by New Member in

Event Timestamp mismatch with Index Timestamp

Last year 2019 we have deployed Splunk Cloud in our environment . Post which we have configured the logs into Splunk ...

by Communicator in

windows 2003 servers monitor using Splunk 8.0

I know both Microsoft and Splunk not supporting OS and UF(6.x) for windows 2003.And not compatible to send 6.x UF dat...

by Motivator in

How to send splunk data to Prometheus?

We have a requirement to send Splunk data to Prometheus. As and when we get events into Splunk they should be sent to...

by New Member in

Performing procedural search on daily indexed data, appending results as they appear.

Just looking for the best practice solution to the below problem. I'm pretty new to Splunk, so I feel the answer migh...

by Engager in

How do we limit the length of json events?

In Does TRUNCATE specify the ultimate size of an event? we looked at standard logging and we are good with TRUNCATE f...

by Motivator in

How to filter windows event logs in forwarder based on event codes.

Hi, I am trying to pull event logs from remote machines using universal forwarders. I have done the configuration ...

by Engager in

Forwarder - inputs.conf "merging"

Hi guys. Can you confirm Forwarder will never "merge" theese different inputs, holding same path? addon: etc/apps/...

by Contributor in

Does TRUNCATE specify the ultimate size of an event?

We are not clear whether setting TRUNCATE to a certain value guarantees that the event won't exceed this size in byte...

by Motivator in

Unbalanced search load on indexer cluster

I have six indexers, one search head and a cluster manager on different hardware. During quiet times in terms of u...

by Path Finder in

Issue on file monitoring using forwader

i have these 2 directories being monitored by a forwarder. One i indexing and another is not. They have the same root...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

linebreaker for json sourcetype

Make extractions in props.conf from search query

How to extract multivalue identity fields into their own identities

Carriage return newline (\r\n) not working as delimiter for makemv

Why is Splunk index evaluation of _time inconsistent with timestamp in log file?

log file parsing on IDX

using rex mode="sed" to remove strings surrounded by # characters

Is it a valid configuration to have indexers on different IP subnets/vlans for a single site in a multisite cluster?

Using Splunk Universal Forwarder to collect from ElasticSearch/Logstash

Send files from to Splunk server from Jenkins

Event Timestamp mismatch with Index Timestamp

windows 2003 servers monitor using Splunk 8.0

How to send splunk data to Prometheus?

Performing procedural search on daily indexed data, appending results as they appear.

How do we limit the length of json events?

How to filter windows event logs in forwarder based on event codes.

Forwarder - inputs.conf "merging"

Does TRUNCATE specify the ultimate size of an event?

Unbalanced search load on indexer cluster

Issue on file monitoring using forwader

Platform Newsletter Highlights | March 2023

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

How do I get Windows server cipher data into Splun...

Splunk Add on for Microsoft Azure Secure Score- Ho...

Receiving error that “could not load lookup xxx” w...

Documentation for AWS app for S3

Why are Splunk some logs missing from kiwi syslog?