Getting Data In

Community Activity

How do I exclude certain emails from being indexed? We have recently turned on journaling within MS Exchange which basically sends a copy of every item to a journaling m... by capilarity Path Finder in Getting Data In 05-15-2020 0 3	0	3
Where does config file goes for Automatic lookups Hi , I want to delete few Automatic lookups from server as it doesnt give me option of deleting it from GUI. Even tho... by rashi83 Path Finder in Getting Data In 05-15-2020 0 9	0	9
Data disappearing and getting error when selecting sourcetype: "No results found...". I have sourcetype X in Splunk prod and dev. When trying to copy data from prod and ingesting it manually in dev, and ... by dwibedi03 Explorer in Getting Data In 05-15-2020 0 1	0	1
Configuration file precedence on universal forwarder and indexer Hi all, We set sourcetype in inputs.conf on universal forwarder, e.g. [monitor:///Firewall//_pa_firewall.log] ig... by stwong Communicator in Getting Data In 05-14-2020 0 2	0	2
Multiple timestamp fields with same field name I have some json data events that has multiple "date" fields. The date field I am looking to use as my timestamp come... by wwhite12 Path Finder in Getting Data In 05-14-2020 0 2	0	2
Splunk not ingesting some log files I have set splunk to ingest the /var/log directory. On this particular host, I go to filter by "source", and only se... by user789 New Member in Getting Data In 05-14-2020 0 6	0	6
Can I use the same Splunk Cloud heavy forwarder to send data to on-premises Splunk? I have a heavy forwarder currently sending data to Splunk Cloud. Can I use the same heavy forwarder to stop data sen... by ppanchal Path Finder in Getting Data In 05-14-2020 0 1	0	1
Blacklist Windows security event log with system account I am trying to filter out noise before it is sent to the indexer. We were using Windows Event Forwarding previously,... by s0mar Explorer in Getting Data In 05-14-2020 0 1	0	1
Strip lines from Logs before Indexing in Splunk Cloud Hi, I have an Apache instance with Splunk Forwarder installed that sends logs to Splunk Cloud directly (no heavy for... by schua New Member in Getting Data In 05-14-2020 0 1	0	1
Events from same file getting separate timestamps I have json files that have multiple events per file. However when I ingest the data, Splunk parses some of the times... by wwhite12 Path Finder in Getting Data In 05-14-2020 0 5	0	5
Enable Summary Index Search from REST API Hi! We are on Splunk 7.2.0, and I am trying to automate setting up a Saved Search using an Ansible Playbook that wou... by skirven Communicator in Getting Data In 05-14-2020 0 4	0	4
Parsing and Displaying a JSON String I have a JSON string as an event in Splunk below: {"Item1":{"Max":100,"Remaining":80},"Item2":{"Max":409,"Remaining"... by xinlux01rhi Explorer in Getting Data In 05-13-2020 0 4	0	4
Grouping hosts for serverclass.conf Hi all, I have a general question on saving some space and grouping hosts in serverclass.conf. I have reviewed This ... by putnamblake Path Finder in Getting Data In 05-13-2020 0 4	0	4
How to skip reading CVS heard from server where Splunk Universal Forwarder is installed Hi, On server with Splunk Universal Forwarder installed we are monitoring cvs log with a header and lines in the fo... by mlevsh Builder in Getting Data In 05-13-2020 0 0	0	0
Splunk Cloud timestamp When running a search for syslogs within 7 days, Splunk is retuning some logs that are months old. Timestamp is corre... by kevincorder New Member in Getting Data In 05-13-2020 0 4	0	4
spath for the JSON How can we use spath for below JSON to evaluate if for ConcurrentAsyncGetReportInstances , Remaining/Max*100 is >= 70... by sanjax90 New Member in Getting Data In 05-13-2020 0 5	0	5
HTTP Event collector - call not properly authenticated Have tried to setup HTTPEventCollector via cli using splunk documentation link: https://docs.splunk.com/Documentation... by sdkp03 Communicator in Getting Data In 05-12-2020 0 8	0	8
Distinct delimiters for same input I have a dashboard that takes 3 inputs. (TimePicker, Associate, and Activity). All items (inputs and dash panels) up... by seomaniv Explorer in Getting Data In 05-12-2020 0 2	0	2
New field add to existing capture -- time check needed? I have an application feeding to Splunk for the better part of a couple years now. Last December we change formats... by mb1226 Explorer in Getting Data In 05-12-2020 0 2	0	2
How to handle simple JSON array with spath The field value is ["","apples","oranges"] \| spath input=foo creates a multi-value field named '{}'. which is a litt... by ruman Splunk Employee in Getting Data In 05-12-2020 3 9	3	9
How to split values that appear in one row? I have search querrie created from json file. Problem is values that i have appear in one row, instead of 3 rows(in j... by ikoniasavina Explorer in Getting Data In 05-12-2020 0 11	0	11
Extract nested json Looking for some assistance extracting all of the nested json values like the "results", "tags" and "iocs" in the scr... by ch1221 Path Finder in Getting Data In 05-12-2020 0 11	0	11
Sort results by time events Hi everyone, Can someone please help with a search I'm trying to create. My end goal is to capture which user accoun... by mysicksi Path Finder in Getting Data In 05-12-2020 0 2	0	2
Regex to extract field: data inside a a parenthesis Hello, I would like to extract data from inside a parenthesis to create a new field This command for a search works w... by jaimelopez Explorer in Getting Data In 05-12-2020 0 11	0	11
New Source type and Timestamp from Event Hi Experts, I have a even like below generated from my application. {<!-- --> "index": "exp_prod", "host": "myhost... by santhoshvelling New Member in Getting Data In 05-12-2020 0 4	0	4