Getting Data In

Community Activity

Splunk_TA_esxilogs - Why Verbose and Trivia Log are set to NullQueues in transforms.conf Hi Splunk Support Team, We have utilized the vmware app add-on Splunkbase Splunk_TA_esxilogs and just want to unde... by mel_arce Engager in Getting Data In 04-13-2020 0 1	0	1
LINE_BREAKER keep the line breaking regex string Hi team, I have logs like this: This is Tom This is Amy This is David This is Ben I want the line breaking to be ... by season88481 Contributor in Getting Data In 04-13-2020 0 2	0	2
Need your help once again - Index file, json with EPOCH time "grid_w":1693,"solar_pct":0,"epoch":1586824635}} I need to ingest a JSON file with epoch time stamps.. its timest... by pir8radio Path Finder in Getting Data In 04-13-2020 0 1	0	1
splunk universal forwarder not monitoring all files in a folder Same version of splunk forwarder (8.0.2) on 2 linux servers are behaving differently. One lists all files under a fo... by sid1987 New Member in Getting Data In 04-13-2020 0 4	0	4
Splunk Install in Forwarder Mode and Props Hi, I want to preface I understand that props isn't fully processed if you install it on the universal forwarder. My... by ifeldshteyn Communicator in Getting Data In 04-13-2020 0 3	0	3
Splunk Add-on for Blue Coat ProxySG: Has anyone have props.and transforms to work properly for Bluecoat 6.7.3.5 log formatting? Hi Experts Splunk Add-on for Blue Coat ProxySG: Has anyone gotten the props and transforms to work properly for Bluec... by mshakeb Loves-to-Learn Everything in Getting Data In 04-13-2020 0 7	0	7
How to send journal logs to splunk ? How do i send journal logs to splunk?? journalctl -u servicename Here journal logs are raw logs. Will splunk read ... by meenakande New Member in Getting Data In 04-13-2020 0 3	0	3
Setnull and Setparsing I am using SETNULL and SETPARSING to include and exclude log events. Here is the files - Props.conf [OktaIM2:log] T... by rashi83 Path Finder in Getting Data In 04-13-2020 0 3	0	3
Order of execution / precedence of multiple TRANSFORMS consider: Log: 2020-04-01 10:20:30 firstabc secondxyz props.conf [test] REPORT-a = report_a, report_b transfor... by PavelP Motivator in Getting Data In 04-13-2020 1 8	1	8
parsing mix of json and other type without Splunk query if the field is mix of json and some other type. is it possible to parse the field at index time or search time witho... by ekcsoc Path Finder in Getting Data In 04-13-2020 1 0	1	0
Can we index data to Splunk which is from custom search command? Hello all,I have an add-on with written a custom search command and I wanted to know in How can I push the results of... by loginsoftresear Explorer in Getting Data In 04-12-2020 0 3	0	3
REST API - Unauthorized error I am trying to connect with REST API and I am able to use this guide https://answers.splunk.com/answers/685730/can-i-... by av2214 New Member in Getting Data In 04-12-2020 0 11	0	11
Splunk Enterprise Trial version - Need to change the index name Hi, I have downloaded Splunk enterprise Trial version for Windows 64 bit. Only the Search Head is accessible?I create... by VijaySrrie Builder in Getting Data In 04-11-2020 0 4	0	4
What is the proper use of props.conf for timestamp conditional mapping Hello, I have the following data in plain text format that contains several datetime values, it looks like this : ... by dhtran Loves-to-Learn Lots in Getting Data In 04-11-2020 0 2	0	2
Number of events in logs after migrating to Exchange 2016 We recently added Exchange 2016 to our Exchange environment and moved all mailboxes/pubic folders to it. We have an ... by heathramos Path Finder in Getting Data In 04-10-2020 0 3	0	3
Which props.conf for my .csv ? Hi I have a .csv file without header but with fixed fields which i would like to send to my Splunk server with the u... by hattori_hanzo New Member in Getting Data In 04-10-2020 0 3	0	3
Problem with log reception using syslog PFSENSE and splunk Hello, I'm new on reddit and I'd like a little help, I will try to be the clearest as possible. I have 2 Pfsense 2.... by albertdu93 New Member in Getting Data In 04-10-2020 0 0	0	0
Splunk Cloud on-boarding logs Hello, I deployed a free trial of Splunk Cloud instance to learn how to onboard logs into Splunk. I tried for hours b... by superuser88 Engager in Getting Data In 04-10-2020 0 2	0	2
How to set up time properly? I use TIME_PREFIX and TIME_FORMAT to recognize the timestamp of my logs. There is a field, named timezone. It is the ... by cdp_fap Observer in Getting Data In 04-10-2020 0 3	0	3
How to edit my configuration files to index nginx data in Splunk? I have set up a new server, and I'm trying to get nginx access logs into splunk. This is not working. These are my c... by marcrsplunk New Member in Getting Data In 04-10-2020 0 3	0	3
Best practices - Syslog-ng to splunk Hi, I know this topic isn't the first here, but I have some problem to get a good anwser for this specific problem.... by gamsecurity Explorer in Getting Data In 04-10-2020 0 6	0	6
Error while creating new index while trying to create a new index in search head getting error like Invalid apply cluster-bundle error="Bundle valid... by VijaySrrie Builder in Getting Data In 04-09-2020 0 5	0	5
How to get the OS version in which Splunk UF is running? Hi Everyone, My Splunk UF's are installed on Linux. How do I get the OS version. (Not OS type). I am using Splunk App... by Sidharda Path Finder in Getting Data In 04-09-2020 0 2	0	2
I need Help with properly breaking up events Hello, I'm having an issue where clam av logs aren't breaking the events correctly. I'm confident the line_breaking ... by Jarohnimo Builder in Getting Data In 04-09-2020 0 4	0	4
Questions about Universal Forwarder. If any one could help me clarifying these ...that would help. UniversalForwarder can send data at a time to "One" in... by zacksoft Contributor in Getting Data In 04-09-2020 0 3	0	3