Getting Data In

Community Activity

Splunk not ingesting some log files I have set splunk to ingest the /var/log directory. On this particular host, I go to filter by "source", and only se... by user789 New Member in Getting Data In 05-14-2020 0 6	0	6
Can I use the same Splunk Cloud heavy forwarder to send data to on-premises Splunk? I have a heavy forwarder currently sending data to Splunk Cloud. Can I use the same heavy forwarder to stop data sen... by ppanchal Path Finder in Getting Data In 05-14-2020 0 1	0	1
Blacklist Windows security event log with system account I am trying to filter out noise before it is sent to the indexer. We were using Windows Event Forwarding previously,... by s0mar Explorer in Getting Data In 05-14-2020 0 1	0	1
Strip lines from Logs before Indexing in Splunk Cloud Hi, I have an Apache instance with Splunk Forwarder installed that sends logs to Splunk Cloud directly (no heavy for... by schua New Member in Getting Data In 05-14-2020 0 1	0	1
Events from same file getting separate timestamps I have json files that have multiple events per file. However when I ingest the data, Splunk parses some of the times... by wwhite12 Path Finder in Getting Data In 05-14-2020 0 5	0	5
Enable Summary Index Search from REST API Hi! We are on Splunk 7.2.0, and I am trying to automate setting up a Saved Search using an Ansible Playbook that wou... by skirven Communicator in Getting Data In 05-14-2020 0 4	0	4
Parsing and Displaying a JSON String I have a JSON string as an event in Splunk below: {"Item1":{"Max":100,"Remaining":80},"Item2":{"Max":409,"Remaining"... by xinlux01rhi Explorer in Getting Data In 05-13-2020 0 4	0	4
Grouping hosts for serverclass.conf Hi all, I have a general question on saving some space and grouping hosts in serverclass.conf. I have reviewed This ... by putnamblake Path Finder in Getting Data In 05-13-2020 0 4	0	4
How to skip reading CVS heard from server where Splunk Universal Forwarder is installed Hi, On server with Splunk Universal Forwarder installed we are monitoring cvs log with a header and lines in the fo... by mlevsh Builder in Getting Data In 05-13-2020 0 0	0	0
Splunk Cloud timestamp When running a search for syslogs within 7 days, Splunk is retuning some logs that are months old. Timestamp is corre... by kevincorder New Member in Getting Data In 05-13-2020 0 4	0	4
spath for the JSON How can we use spath for below JSON to evaluate if for ConcurrentAsyncGetReportInstances , Remaining/Max*100 is >= 70... by sanjax90 New Member in Getting Data In 05-13-2020 0 5	0	5
HTTP Event collector - call not properly authenticated Have tried to setup HTTPEventCollector via cli using splunk documentation link: https://docs.splunk.com/Documentation... by sdkp03 Communicator in Getting Data In 05-12-2020 0 8	0	8
Distinct delimiters for same input I have a dashboard that takes 3 inputs. (TimePicker, Associate, and Activity). All items (inputs and dash panels) up... by seomaniv Explorer in Getting Data In 05-12-2020 0 2	0	2
New field add to existing capture -- time check needed? I have an application feeding to Splunk for the better part of a couple years now. Last December we change formats... by mb1226 Explorer in Getting Data In 05-12-2020 0 2	0	2
How to handle simple JSON array with spath The field value is ["","apples","oranges"] \| spath input=foo creates a multi-value field named '{}'. which is a litt... by ruman Splunk Employee in Getting Data In 05-12-2020 3 9	3	9
How to split values that appear in one row? I have search querrie created from json file. Problem is values that i have appear in one row, instead of 3 rows(in j... by ikoniasavina Explorer in Getting Data In 05-12-2020 0 11	0	11
Extract nested json Looking for some assistance extracting all of the nested json values like the "results", "tags" and "iocs" in the scr... by ch1221 Path Finder in Getting Data In 05-12-2020 0 11	0	11
Sort results by time events Hi everyone, Can someone please help with a search I'm trying to create. My end goal is to capture which user accoun... by mysicksi Path Finder in Getting Data In 05-12-2020 0 2	0	2
Regex to extract field: data inside a a parenthesis Hello, I would like to extract data from inside a parenthesis to create a new field This command for a search works w... by jaimelopez Explorer in Getting Data In 05-12-2020 0 11	0	11
New Source type and Timestamp from Event Hi Experts, I have a even like below generated from my application. {<!-- --> "index": "exp_prod", "host": "myhost... by santhoshvelling New Member in Getting Data In 05-12-2020 0 4	0	4
What are the software and hardware requirements for Splunk HEC? Hi, I want to confisure Splunk HEC on dedicated splunk server. Please let me know the server hardware and software ... by abhi04 Communicator in Getting Data In 05-12-2020 0 4	0	4
How to enable monitoring of SQL DB size I am trying to find the format for a perfmon input to collect the following from a universalforwarder but am not sure... by cmahan Path Finder in Getting Data In 05-12-2020 0 5	0	5
How can I analyze Splunk Phantom's PostgreSQL logs using pgBadger? What are the best configuration settings for using pgBadger to analyze Splunk Phantom's PostgreSQL logs? by awilcox_splunk Splunk Employee in Getting Data In 05-11-2020 0 1	0	1
TIMEֹֹ_FORMAT configuration I have a date like May 10 2020 11:20 PM in csv file Defined in props.conf TIME_FORMAT - %b %d %Y %I:%M %p but gett... by rayar Contributor in Getting Data In 05-11-2020 0 2	0	2
Splunk HEC extract value incorrect when there is curly braces in value of key-value pairs. Using HTTP Event Collector to receier data. When there is unwanted curly brace(s) in value. Event parse incorrect. Ho... by cdp_fap Observer in Getting Data In 05-11-2020 0 7	0	7