Getting Data In

Community Activity

Monitor Windows Event Log for Critical/Error I want to monitor certain events and all Error/Critical level events. https://answers.splunk.com/answers/663023/how-... by tmontney Builder in Getting Data In 05-06-2020 0 1	0	1
Raspberry Pi Universal Forwarder Bug Report for splunkforwarder-8.0.3-a6754d8441bf-Linux-arm.tgz: On a Raspberry Pi 3 armv7l GNU/Linux, INDEXED_EXTRACTIONS=JSON in the props.conf file results in unrecoverable JSON S... by BongoTheWhippet Path Finder in Getting Data In 05-06-2020 0 2	0	2
HF different index names for each target group I have a Splunk enterprise cluster which also needs to forward some logs to a completely separate Splunk cluster. I ... by stephenmuss Engager in Getting Data In 05-06-2020 1 2	1	2
Export results to a file gives Invalid Json file When I export my results to a JSON file and then try to validate it with jsonlint.com I get an EOF error. Is there a... by MattZerfas Communicator in Getting Data In 05-06-2020 1 15	1	15
how to import some columns from csv I have a csv file to import by app data ->monitor i would to import some columns (not all) before to index. It's poss... by splunk6161 Path Finder in Getting Data In 05-06-2020 0 11	0	11
Forwarder tells me there's an "ERROR JsonLineBreaker ... had parsing error:Unexpected character: '5'" - but the error originates in the forwarder's own log? Hello good people of the Splunk Community. This one's got me foxed. I noticed this morning that the splunkd logs on ... by BongoTheWhippet Path Finder in Getting Data In 05-06-2020 0 8	0	8
Free Trial Instance issue Hi Team, i have opened an account for free trail on Splunk cloud, but the instances are not created. will it take so... by jonnalagaddaani New Member in Getting Data In 05-06-2020 0 2	0	2
Why am I receiving a "No such file or directory" error when trying to run the Splunk AppInspect tool on Windows? Followed all the installation steps from http://dev.splunk.com/view/appinspect/SP-CAAAFAN Only issue I had was with ... by simpkins1958 Contributor in Getting Data In 05-06-2020 0 3	0	3
Multiline Event with Values I have an event that is multiple lines: Mon May 4 22:06:47 PDT 2020 /dev/sdb1 13245631 12450471 127548 99... by trever Loves-to-Learn in Getting Data In 05-05-2020 0 2	0	2
How to forward logs from universal forwarders to heavy forwarders for filtering before routing to indexers? Hi Guies, We have multiple universal forwarders and 3 heavy weight forwarders. Currently all UFs are forwarding logs... by thezero Path Finder in Getting Data In 05-05-2020 3 11	3	11
Linebreaking Failure - BREAK_ONLY_BEFORE_DATE So here's a new one. I have an input (OpenLDAP Audit Logs). Each event (from #modify to #end modify) is generated at ... by alacercogitatus SplunkTrust in Getting Data In 05-05-2020 3 12	3	12
Split _raw field Hello there, I'm new to Splunk, and I have setup an alert to that returns some field including _raw field. The thin... by 3amer92 Explorer in Getting Data In 05-05-2020 0 1	0	1
Is there any way to find out that my sourcetype is reading props Is there any way to find out that my sourcetype is reading props? does it have any logs to check that whats all props... by rahul_mckc_splu Loves-to-Learn in Getting Data In 05-05-2020 0 1	0	1
Does anybody have experience monitoring Intersystems Cache with Splunk? If so, what are the details of your implementation? I am interested in monitoring Cache processes with Splunk. by muebel SplunkTrust in Getting Data In 05-05-2020 1 5	1	5
Is there an Integration between Spark and Splunk? Hello everyone, I want to integrate Spark and Splunk, using Spark to process searches faster. With Splunk Analytics... by mhsilva Explorer in Getting Data In 05-05-2020 0 4	0	4
How to monitor data retention policy and tweak accordingly. I've searched but havent yet been able to find the answer. We have a clustered index setup, and lots of data going in... by davidwaugh Path Finder in Getting Data In 05-05-2020 0 5	0	5
Splunk Daemon and Solarwinds Hi everyone, We are looking into the possibility of another way to monitor the Splunk universal forwarders on our se... by mysicksi Path Finder in Getting Data In 05-05-2020 0 2	0	2
advice for when you have more than 100 automatically extracted fields? It seems that if you have a lot of fields being extracted automatically, like via INDEXED_EXTRACTIONS=csv or via auto... by sideview SplunkTrust in Getting Data In 05-05-2020 9 7	9	7
Does UF 7.2.8 is compatable with RHEL 8 Does UF 7.2.8 is compatable with RHEL 8 ? Please let me know the minimum version of the UF agent that is compatible w... by venkateshparank Path Finder in Getting Data In 05-05-2020 0 4	0	4
log to metric from the output of a script we are utilizing log2metrics in the form of a script writes a csv file, then Splunk reads that csv file and converts ... by u568675 New Member in Getting Data In 05-04-2020 0 1	0	1
How do I blacklist events with a field containing a specific value? I have a set of JSON data and I would like to ignore (blacklist) all events where the field "id.orig_h" contains the ... by dbuehler Loves-to-Learn Everything in Getting Data In 05-04-2020 0 1	0	1
CSV date being replaced/not parsed correctly Let's say I have a CSV with the following spanning 10 years: Date \| Time \| Value 2020-05-01 4:00:00 PM 49.88 If I... by jaware_splunk Splunk Employee in Getting Data In 05-04-2020 0 7	0	7
Including log events from Microsoft Direct Access Hi, We would like to forward log events from a Microsoft Direct Access server into Splunk. I've installed the univer... by annebeate Path Finder in Getting Data In 05-04-2020 0 4	0	4
How to tell when it's safe to query the API about a newly created user? When using SSO with clustered search heads, users who lose SSO access leave behind knowledge objects and directories ... by krisreeves Path Finder in Getting Data In 05-04-2020 0 5	0	5
Frozen Index Management Is there an app/script/mechanism out there that would allow you to list your available frozen indices by their human ... by adalbor Builder in Getting Data In 05-04-2020 0 5	0	5