Getting Data In

Discussions

Thread Info

WARN FileClassifierManager: The file is invalid. Reason: cannot_open

I have a watched file on a Universal Forwarder (Windows) and the file is send to the Heavy Forwarder (linux), but som...

by New Member in

Change _time before indexing

Hello all, I need to sum 1 day(86400 seconds) to my _time, if the event(_raw) includes the string "SB". This needs...

by Path Finder in

Collect events query cloudera/hadoop

What is the best practice for collecting events in which the user performs a query against the cloudera / hadoop ecos...

by New Member in

What is the role of HEADER_MODE in props.conf?

Hi, What is the role of HEADER_MODE in props.conf? I am seeing the documents, but I don't understant. https://doc...

by Path Finder in

File ingested generates another file with the same data which results in data duplication

Hi Splunk Experts I have this kind of problem which confuses me. The file being ingested generates another file which...

by Path Finder in

How to over ride the index for event from certain hosts?

Its been awhile since I setup an props/transforms override, but I never had so much trouble. I have 20 Foo-applianc...

by Builder in

Convert BST to America/NY (Timezone)

I tried this but seems this is not working. I want to convert BST to America /NY time please. | eval BST=strftime...

by Engager in

csv input file column name contains percent sign

The .csv file that I am using as input has a column name that begins with a percent sign ("% Complete"). I just noti...

by Explorer in

Not all monitored files being indexed

we have monitors on 2 Windows file paths: [monitor://C:\Data\Data\Disk\SplunkLoad\IsilonCaptures\i*.txt]index = st...

by Communicator in

Issue with default outputs when _TCP_ROUTING

Hello,I have many forwarders sending logs to a cluster of indexers, and for some logs I need to send it not cooked. ...

by Explorer in

How to increase logs retention period?

Hi, we are asked to increase our retention period of splunk logs to 1 year. we need to put our data to be searc...

by Explorer in

Collect cisco netflow

Hi, I am trying to collect NetFlow data from Cisco router via Splunk_TA_Stream. I config streamfwd.conf according to ...

by Engager in

How to avoid indexing of some fields or parts of events?

Hello, we want to filter some fields of receiving events before indexing for the license saving, for example, in a fi...

by Path Finder in

How to forward data when forwarder cannot contact indexer through firewall?

Hi all, I have a situation where there are servers from which we wish to get logs into Splunk. However, we cann...

by Path Finder in

Splunk Index Best Practices

Hi- We are indexing JSON data into Splunk. We push the data once every 24 hours. The Rest API will not give "Delta:...

by Loves-to-Learn Lots in

Splunk is getting duplicate events from Azure billing API,

Splunk is getting duplicate events from Azure billing API, We are using inbuild azure connector to onboard the data....

by New Member in

Timezone

My logs are that kind : <July 13, 2020 10:55:02,572 PM CDT> So i used TIME_FORMAT=%b %d, %Y %H:%M:%S, %3N%p%z B...

by Motivator in

How to see all source and sourcetype list

Hi, In splunk UI, I am seeing only top 10 source and sourcetype list. But I want to see all of them. Please sug...

by Communicator in

Line breaking not working for JSON logs (API at heavy forwarder).

We are using ingest pattern as API at Heavy forwarder. props.conf:- [kenna:applications] INDEXED_EXTRACTION...

by Explorer in

Ingest data from mongo db into Splunk

Hi Splunk Community I was using MySQL databases and DB connect to ingest data into Splunk. Working great! If I us...

by Path Finder in

Need assistance getting large data into Splunk

This is a note my client sent: I can’t really use the logs from Splunk, because they are spotty.. Think I figured o...

by Path Finder in

Splunk App For Infrastructure VMware vSphere

I'm trying to add VMware vSphere data using the Splunk app for infrastructure. When I try to, all I get is an alert "...

by New Member in

Running multiply Powershell scripts at the same time

I have been working the past 2 weeks with getting powershell scripts and cron jobs stable. but find that when i run 6...

by Explorer in

Windows Path monitor

When installing the "universal forwarder" I put a "path to monitor". But I would like to add another path. How do I...

by Explorer in

Getting syslogs from Avamar

Hi at all, I'm trying to get Avamar logs by syslog (UDP). The problem is that every time Avamar sends an event log, I...

by SplunkTrust in

Get Updates on the Splunk Community!

Getting Data In

Discussions

WARN FileClassifierManager: The file is invalid. Reason: cannot_open

Change _time before indexing

Collect events query cloudera/hadoop

What is the role of HEADER_MODE in props.conf?

File ingested generates another file with the same data which results in data duplication

How to over ride the index for event from certain hosts?

Convert BST to America/NY (Timezone)

csv input file column name contains percent sign

Not all monitored files being indexed

Issue with default outputs when _TCP_ROUTING

How to increase logs retention period?

Collect cisco netflow

How to avoid indexing of some fields or parts of events?

How to forward data when forwarder cannot contact indexer through firewall?

Splunk Index Best Practices

Splunk is getting duplicate events from Azure billing API,

Timezone

How to see all source and sourcetype list

Line breaking not working for JSON logs (API at heavy forwarder).

Ingest data from mongo db into Splunk

Need assistance getting large data into Splunk

Splunk App For Infrastructure VMware vSphere

Running multiply Powershell scripts at the same time

Windows Path monitor

Getting syslogs from Avamar

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Ingest old security.evtx files

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions