Getting Data In

Community Activity

how to sum the machine OS in a JSON file Hi Guys, I have a JSON file for OS type in some cluster like below: {<!-- --> "clusterA": ubuntu, "clusterA": ubuntu, "c... by garumaru Explorer in Getting Data In 05-15-2020 0 2	0	2
Why does installing a forwarder using msiexec keeps failing? We are installing a forwarder to new workstations using the command below; *msiexec /i "splunkforwarder-7.0.0-c8a78e... by sylim_splunk Splunk Employee in Getting Data In 05-15-2020 0 2	0	2
How to check how many hosts are connecting (sending logs) to Splunk Forwarder Hi Guys, We have a remote site with a Splunk forwarder installed. How to check how many hosts are connecting (sendin... by splunktp Explorer in Getting Data In 05-15-2020 0 8	0	8
Perfmon sending logs to the wrong indexer I have a single instance deployment. I have a server that is sending Perfmon logs to my main index but I never told i... by splunktrainingu Communicator in Getting Data In 05-15-2020 0 1	0	1
syslog server set-up Hi, As a temporary measure (for 3 months), we have been asked to set-up one of the splunk server (HF) to work as sys... by test_splunk15 Explorer in Getting Data In 05-15-2020 0 1	0	1
How do I exclude certain emails from being indexed? We have recently turned on journaling within MS Exchange which basically sends a copy of every item to a journaling m... by capilarity Path Finder in Getting Data In 05-15-2020 0 3	0	3
Where does config file goes for Automatic lookups Hi , I want to delete few Automatic lookups from server as it doesnt give me option of deleting it from GUI. Even tho... by rashi83 Path Finder in Getting Data In 05-15-2020 0 9	0	9
Data disappearing and getting error when selecting sourcetype: "No results found...". I have sourcetype X in Splunk prod and dev. When trying to copy data from prod and ingesting it manually in dev, and ... by dwibedi03 Explorer in Getting Data In 05-15-2020 0 1	0	1
Configuration file precedence on universal forwarder and indexer Hi all, We set sourcetype in inputs.conf on universal forwarder, e.g. [monitor:///Firewall//_pa_firewall.log] ig... by stwong Communicator in Getting Data In 05-14-2020 0 2	0	2
Multiple timestamp fields with same field name I have some json data events that has multiple "date" fields. The date field I am looking to use as my timestamp come... by wwhite12 Path Finder in Getting Data In 05-14-2020 0 2	0	2
Splunk not ingesting some log files I have set splunk to ingest the /var/log directory. On this particular host, I go to filter by "source", and only se... by user789 New Member in Getting Data In 05-14-2020 0 6	0	6
Can I use the same Splunk Cloud heavy forwarder to send data to on-premises Splunk? I have a heavy forwarder currently sending data to Splunk Cloud. Can I use the same heavy forwarder to stop data sen... by ppanchal Path Finder in Getting Data In 05-14-2020 0 1	0	1
Blacklist Windows security event log with system account I am trying to filter out noise before it is sent to the indexer. We were using Windows Event Forwarding previously,... by s0mar Explorer in Getting Data In 05-14-2020 0 1	0	1
Strip lines from Logs before Indexing in Splunk Cloud Hi, I have an Apache instance with Splunk Forwarder installed that sends logs to Splunk Cloud directly (no heavy for... by schua New Member in Getting Data In 05-14-2020 0 1	0	1
Events from same file getting separate timestamps I have json files that have multiple events per file. However when I ingest the data, Splunk parses some of the times... by wwhite12 Path Finder in Getting Data In 05-14-2020 0 5	0	5
Enable Summary Index Search from REST API Hi! We are on Splunk 7.2.0, and I am trying to automate setting up a Saved Search using an Ansible Playbook that wou... by skirven Communicator in Getting Data In 05-14-2020 0 4	0	4
Parsing and Displaying a JSON String I have a JSON string as an event in Splunk below: {"Item1":{"Max":100,"Remaining":80},"Item2":{"Max":409,"Remaining"... by xinlux01rhi Explorer in Getting Data In 05-13-2020 0 4	0	4
Grouping hosts for serverclass.conf Hi all, I have a general question on saving some space and grouping hosts in serverclass.conf. I have reviewed This ... by putnamblake Path Finder in Getting Data In 05-13-2020 0 4	0	4
How to skip reading CVS heard from server where Splunk Universal Forwarder is installed Hi, On server with Splunk Universal Forwarder installed we are monitoring cvs log with a header and lines in the fo... by mlevsh Builder in Getting Data In 05-13-2020 0 0	0	0
Splunk Cloud timestamp When running a search for syslogs within 7 days, Splunk is retuning some logs that are months old. Timestamp is corre... by kevincorder New Member in Getting Data In 05-13-2020 0 4	0	4
spath for the JSON How can we use spath for below JSON to evaluate if for ConcurrentAsyncGetReportInstances , Remaining/Max*100 is >= 70... by sanjax90 New Member in Getting Data In 05-13-2020 0 5	0	5
HTTP Event collector - call not properly authenticated Have tried to setup HTTPEventCollector via cli using splunk documentation link: https://docs.splunk.com/Documentation... by sdkp03 Communicator in Getting Data In 05-12-2020 0 8	0	8
Distinct delimiters for same input I have a dashboard that takes 3 inputs. (TimePicker, Associate, and Activity). All items (inputs and dash panels) up... by seomaniv Explorer in Getting Data In 05-12-2020 0 2	0	2
New field add to existing capture -- time check needed? I have an application feeding to Splunk for the better part of a couple years now. Last December we change formats... by mb1226 Explorer in Getting Data In 05-12-2020 0 2	0	2
How to handle simple JSON array with spath The field value is ["","apples","oranges"] \| spath input=foo creates a multi-value field named '{}'. which is a litt... by ruman Splunk Employee in Getting Data In 05-12-2020 3 9	3	9