Getting Data In

Community Activity

How do I ingest logs that have two dots in their name I have a new client that has files named as follows: xxxx.xxxx.log Splunk is not ingesting them. How can I ingest ... by nls7010 Path Finder in Getting Data In 04-24-2020 0 2	0	2
Local props.conf and transforms.conf When creating the local/props.conf and local/transforms.conf, do I need to copy the entire default/props.conf and def... by balcv Contributor in Getting Data In 04-23-2020 0 3	0	3
How do I map my personally TZ-adjusted time to another TZ? Occasionally, we need to do user-TZ-setting-agnostic stuff in a search and so we need to be able to say, despite the ... by woodcock Esteemed Legend in Getting Data In 04-23-2020 1 4	1	4
Data search in JSON format Good day. I did not find the answer to my question, so I made a new topic. My device sends data from IDS in JSON form... by arttifex New Member in Getting Data In 04-23-2020 0 2	0	2
passing source script file name in another field before indexing i have a script which will be executed from inputs.conf but i need the script file name in a new field instead of sou... by DataOrg Builder in Getting Data In 04-23-2020 0 11	0	11
i need to index the source field value into new fields during index time please help me in indexing source field value into new fields value during index time. please help with transform/pro... by DataOrg Builder in Getting Data In 04-23-2020 0 9	0	9
How to pass value to python script from a Input.conf i need to pass the host value in the URL from external file to the python script. how to pass it through conf file? p... by DataOrg Builder in Getting Data In 04-23-2020 0 10	0	10
How to prevent linux_message_syslog input from overriding the FQDN of the host sent from a universal forwarder? All, I have an input in linux_message_syslog that seems to be working fine, but the universal forwarder is providin... by daniel333 Builder in Getting Data In 04-23-2020 1 4	1	4
How to create a new field with static value during index time I want to append new field with static value to the data during index time. how to create with props.conf/transform.... by DataOrg Builder in Getting Data In 04-23-2020 0 3	0	3
buckets - Frozen and Thawed bucket Hi, As soon as data moves from cold to frozen bucket it gets deleted? How data moves from frozen bucket to Thawed buc... by VijaySrrie Builder in Getting Data In 04-23-2020 0 1	0	1
Props.conf: Why isn't my mask working? I'm trying to mask out of the log below and I'm not sure what I'm doing wrong. log: [22/Apr/2020:19:29:57 -0400] MO... by morphis72 Path Finder in Getting Data In 04-22-2020 0 4	0	4
Anyone have a walk through for configuring letsencrypt with the HEC endpoit? All, Setting up a Splunk instance and in the past I used a load balancer that handled certs for me. But this instan... by daniel333 Builder in Getting Data In 04-22-2020 0 0	0	0
Parse nested JSON where the object names are different I have this application log that is made up of nested JSON { "status": "OK", "next": null, "data": { "Even... by randy_moore Path Finder in Getting Data In 04-22-2020 0 3	0	3
How to display the source for every event in search results without clicking drop-down? Is there a way to show the source for an event in the results for a search? I am wanting to see the complete source f... by webberw New Member in Getting Data In 04-22-2020 0 5	0	5
Why did Splunk restart heavy forwarder? Got an alert for a HF restarting and trying to find the root cause of unexpected restart. I'm using the search below ... by wwhite12 Path Finder in Getting Data In 04-22-2020 0 2	0	2
Universal forwarder is not sending logs. I am unable to get forwarders to show up in the console after installing server/forwarder. Getting "no clients or app... by zachantinelling Explorer in Getting Data In 04-22-2020 0 3	0	3
Writing a parser for a difficult log entry I have logs which are structure like such: "There are no delimiters between blocks since they are always 8-bytes w... by scottj1y Path Finder in Getting Data In 04-22-2020 0 4	0	4
My Playbook cannot be find in Alerts dashboard Hello, I'm on Splunk 7.3.3 with the "Security Monitoring for Splunk" https://splunkbase.splunk.com/app/4131 I have... by dadataz Explorer in Getting Data In 04-22-2020 0 2	0	2
DATA not feeding in INDEX : Splunk Hi I have got 5 node SPLUNK . NODE1 : Master + License Manager Node 2 : Indexer - peer Node 3 : Indexer - P... by vivekg72 Explorer in Getting Data In 04-22-2020 0 4	0	4
restart_webui_async and restart_webui_polite Hi, I see two (probably) new endpoints under server control. I'm using Splunk Enterprise 7.0.2 <link href="/servi... by ramesh_babu71 Path Finder in Getting Data In 04-22-2020 1 1	1	1
Is the splunk-8.0.2-a7f645ddaf91-linux-2.6-x86_64.rpm compatible with 4.x Kernel Hello all, I have RHEL 8.1 with Linux 4.x Kernel. The splunk-8.0.2-a7f645ddaf91-linux-2.6-x86_64.rpm should be the r... by kiogieplus New Member in Getting Data In 04-21-2020 0 1	0	1
How would you create a table from json array with a nested a array in each object I have tried quite a few different ways to capture data within a json object and return it as separate events, but my... by topherbirth Explorer in Getting Data In 04-21-2020 0 4	0	4
Fluentd HEC Output: How to target and utilize parts of a tag to configure my index, sourcetype, and host dynamically? I've got a bunch of custom syslog traffic flowing to a fluentd tier I have running in kubernetes. I'm using the rewri... by tprz Explorer in Getting Data In 04-21-2020 0 0	0	0
Splunk Unity JDBC Connect not working I am trying to use the Unity JDBC Driver for splunk : http://unityjdbc.com/splunk/splunk_jdbc.php But I keep receivin... by kkrishnan_splun Splunk Employee in Getting Data In 04-21-2020 0 4	0	4
Integrating Tableau to Splunk Hi, I wanted to integrate Tableau to Splunk. I have searched for tutorials and installed Splunk ODBC to my computer.... by andrehl Explorer in Getting Data In 04-21-2020 1 3	1	3