Getting Data In

Community Activity

Multiline Event with Values I have an event that is multiple lines: Mon May 4 22:06:47 PDT 2020 /dev/sdb1 13245631 12450471 127548 99... by trever Loves-to-Learn in Getting Data In 05-05-2020 0 2	0	2
How to forward logs from universal forwarders to heavy forwarders for filtering before routing to indexers? Hi Guies, We have multiple universal forwarders and 3 heavy weight forwarders. Currently all UFs are forwarding logs... by thezero Path Finder in Getting Data In 05-05-2020 3 11	3	11
Linebreaking Failure - BREAK_ONLY_BEFORE_DATE So here's a new one. I have an input (OpenLDAP Audit Logs). Each event (from #modify to #end modify) is generated at ... by alacercogitatus SplunkTrust in Getting Data In 05-05-2020 3 12	3	12
Split _raw field Hello there, I'm new to Splunk, and I have setup an alert to that returns some field including _raw field. The thin... by 3amer92 Explorer in Getting Data In 05-05-2020 0 1	0	1
Is there any way to find out that my sourcetype is reading props Is there any way to find out that my sourcetype is reading props? does it have any logs to check that whats all props... by rahul_mckc_splu Loves-to-Learn in Getting Data In 05-05-2020 0 1	0	1
Does anybody have experience monitoring Intersystems Cache with Splunk? If so, what are the details of your implementation? I am interested in monitoring Cache processes with Splunk. by muebel SplunkTrust in Getting Data In 05-05-2020 1 5	1	5
Is there an Integration between Spark and Splunk? Hello everyone, I want to integrate Spark and Splunk, using Spark to process searches faster. With Splunk Analytics... by mhsilva Explorer in Getting Data In 05-05-2020 0 4	0	4
How to monitor data retention policy and tweak accordingly. I've searched but havent yet been able to find the answer. We have a clustered index setup, and lots of data going in... by davidwaugh Path Finder in Getting Data In 05-05-2020 0 5	0	5
Splunk Daemon and Solarwinds Hi everyone, We are looking into the possibility of another way to monitor the Splunk universal forwarders on our se... by mysicksi Path Finder in Getting Data In 05-05-2020 0 2	0	2
advice for when you have more than 100 automatically extracted fields? It seems that if you have a lot of fields being extracted automatically, like via INDEXED_EXTRACTIONS=csv or via auto... by sideview SplunkTrust in Getting Data In 05-05-2020 9 7	9	7
Does UF 7.2.8 is compatable with RHEL 8 Does UF 7.2.8 is compatable with RHEL 8 ? Please let me know the minimum version of the UF agent that is compatible w... by venkateshparank Path Finder in Getting Data In 05-05-2020 0 4	0	4
log to metric from the output of a script we are utilizing log2metrics in the form of a script writes a csv file, then Splunk reads that csv file and converts ... by u568675 New Member in Getting Data In 05-04-2020 0 1	0	1
How do I blacklist events with a field containing a specific value? I have a set of JSON data and I would like to ignore (blacklist) all events where the field "id.orig_h" contains the ... by dbuehler Loves-to-Learn Everything in Getting Data In 05-04-2020 0 1	0	1
CSV date being replaced/not parsed correctly Let's say I have a CSV with the following spanning 10 years: Date \| Time \| Value 2020-05-01 4:00:00 PM 49.88 If I... by jaware_splunk Splunk Employee in Getting Data In 05-04-2020 0 7	0	7
Including log events from Microsoft Direct Access Hi, We would like to forward log events from a Microsoft Direct Access server into Splunk. I've installed the univer... by annebeate Path Finder in Getting Data In 05-04-2020 0 4	0	4
How to tell when it's safe to query the API about a newly created user? When using SSO with clustered search heads, users who lose SSO access leave behind knowledge objects and directories ... by krisreeves Path Finder in Getting Data In 05-04-2020 0 5	0	5
Frozen Index Management Is there an app/script/mechanism out there that would allow you to list your available frozen indices by their human ... by adalbor Builder in Getting Data In 05-04-2020 0 5	0	5
universal fowarder I am not finding universal fowarder that supports windows 2012 , NT 6.2 version ?? by punithjigali Explorer in Getting Data In 05-04-2020 0 1	0	1
No data from indexes in cloud search head Hi everyone, I could really use some input from you all. I am using Splunk cloud in my environment, with a deploymen... by mysicksi Path Finder in Getting Data In 05-04-2020 0 7	0	7
perfmon issue with %ProcessorTime scaling/max for a specific process I am using the Universal Forwarder to collect information on a Java Process. When monitoring "% Processor Time" for a... by j_star New Member in Getting Data In 05-04-2020 0 1	0	1
sizing cluster Good afternoon I know that there is official information regarding the maximum number of concurrent searches, sch... by efaundez Path Finder in Getting Data In 05-04-2020 0 1	0	1
Best Practice for Creating New Sourcetype - Splunk Cloud Hi All, I'm a new Splunk admin working inside of a pretty large Splunk Cloud environment. Historically, the folks on... by dfurtaw Path Finder in Getting Data In 05-04-2020 0 1	0	1
Forwarder only reads file if i save it, ignores when script saves it Hello everyone, I have Splunk Universal Forwarder running on a server watching a few files for changes. Log data is ... by LAcioffi Explorer in Getting Data In 05-04-2020 0 3	0	3
How can I monitor hidden file and folder creation on a windows host/server ? I am looking for a query that will help me monitor hidden file and folder creations on Linux/Win boxes. Can the comm... by itrimble1 Path Finder in Getting Data In 05-04-2020 0 0	0	0
REST API Saved Searches POST Duplicating Searches I'm trying to use the REST API to update a large number of alerts/saved searches across multiple environments. Specif... by stranjer Loves-to-Learn Lots in Getting Data In 05-04-2020 0 0	0	0