Getting Data In

Community Activity

SAML is not configured I'm trying to configure SAML in my Windows Enterprise Environment and keep getting this error: SAML has already been ... by afolabia Path Finder in Getting Data In 03-02-2020 1 1	1	1
Splunk Universal Forwarder 7.2.x compatible with Linux kernel 4.x / RHEL 8? Are the Splunk UF 7.2.x releases compatible with being run on Linux kernel versions 4.x, specifically RHEL 8? by egasway New Member in Getting Data In 03-02-2020 0 2	0	2
Server Class Blacklisting Not working Hello all, I am trying to blacklist some of the apps below. It doesn't matter what I do, the apps continue to get de... by ylucena Explorer in Getting Data In 03-02-2020 0 1	0	1
Ingest events from AWS SQS but how to config timestamp field in props.conf I am a newbie and I have understood basics on how to use the props.conf. But I dont find any doc on ingesting events ... by jerrin Explorer in Getting Data In 03-02-2020 0 0	0	0
return yesterday count on: ---\| eval filename=strftime(now(), "xyz_%d.csv Hello, I am running below search; daily (last 24h) .... which returns results and "outputlookup" results into a csv ... by knitz Explorer in Getting Data In 03-02-2020 1 1	1	1
How to avoid duplicates if two forwarders are monitoring the same directory? We are considering to deploy Splunk forwarders on our servers. For resilience, we want to install a forwarder on each... by yoyu777 Explorer in Getting Data In 03-02-2020 0 4	0	4
How to extract timestamp from JSON file I am uploading a JSON file into a test index and I'm trying to set the timestamp for and prefix. The events in the JS... by jwalzerpitt Influencer in Getting Data In 03-02-2020 0 2	0	2
crcSalt issue We have used below monitor in inputs.conf [monitor:///usr/sap/IXP/SYS/profile/DEFAULT.PFL] disabled = false sourcet... by sushildabare Path Finder in Getting Data In 03-02-2020 1 5	1	5
Splunk Forwarder enable boot start not working on Windows XP Hi, I have Universal Forwarder on my Windows XP machine. I enabled the boot-start upon installation but upon rebootin... by iancorrea Path Finder in Getting Data In 03-02-2020 0 1	0	1
Setting up "Windows Host Information" gathering with universal forwarder? Good Morning I wanted to ask if i could get some assistance/clarification on setting up the Windows Host Information... by Hudond Path Finder in Getting Data In 03-01-2020 0 1	0	1
Can Index on Satellite stay In sync with Index on Planet Earth? I would like to deploy Splunk in a non reliable network. I have an Index on a Satellite which is indexing events loca... by mzorzi Splunk Employee in Getting Data In 03-01-2020 57 13	57	13
Does EVENT_BREAKER configuration need to be added on a Splunk UF collecting logs via WinEventLog://ForwardedEvents inputs ? Hello Splunkers, Will EVENT_BREAKER configuration be a good idea to reduce indexer stickiness for a Splunk UF collec... by murikadan Path Finder in Getting Data In 03-01-2020 0 1	0	1
how to get the string data as a json object for the below logstash logs? { @timestamp: 2020-02-04T13:46:41.274+00:00 domain: test environment: dev level: INFO logger_name: co... by d942725 New Member in Getting Data In 02-29-2020 0 15	0	15
linebreaker for json sourcetype I am trying to break the below json data into each event {"audit_logs": [{"url": "https://Company.udesk.com/api/v2/a... by martinnepolean Explorer in Getting Data In 02-29-2020 0 6	0	6
Make extractions in props.conf from search query \| makeresults \| eval _raw="Nov 14 03:23:42 hostname rsyslogd-pstats:{ \"name\": \"global\", \"origin\": \"dynstats\"... by to4kawa Ultra Champion in Getting Data In 02-29-2020 0 5	0	5
How to extract multivalue identity fields into their own identities The following is a section of an larger JSON data source digested into our Splunk instance: "identities": [{"issuerA... by cpalicensing New Member in Getting Data In 02-28-2020 0 1	0	1
Carriage return newline (\r\n) not working as delimiter for makemv I am trying to break a field (httpRequest), into a multivalue field and then extract the value of one of the values. ... by jmartinf5 Engager in Getting Data In 02-28-2020 0 7	0	7
Why is Splunk index evaluation of _time inconsistent with timestamp in log file? The splunk index evaluation of _time is not consistent with what is in the log. See the two entries below. Both are f... by squiggle Explorer in Getting Data In 02-28-2020 1 8	1	8
log file parsing on IDX Hello, I just want to parse a log file. I try every solution found on forum but never work. (Splunk 7.3.3) Log: <ev... by secuc2r83 Path Finder in Getting Data In 02-28-2020 0 2	0	2
using rex mode="sed" to remove strings surrounded by # characters Hi, I have a series of log entries that are in the form #4 MyApp\Framework\DB\Adapter\Pdo\Mysql->_query('SELECT `st... by idjagger Engager in Getting Data In 02-28-2020 0 2	0	2
Is it a valid configuration to have indexers on different IP subnets/vlans for a single site in a multisite cluster? We have nine sites in a multi-site cluster with indexers at each site ranging from three to 15 servers. Each site's i... by kmarciniak Path Finder in Getting Data In 02-28-2020 0 1	0	1
Using Splunk Universal Forwarder to collect from ElasticSearch/Logstash one of our end-user clients have massive information stored in ELK stack. Our company needs to collect those data int... by koshyk Super Champion in Getting Data In 02-28-2020 0 4	0	4
Send files from to Splunk server from Jenkins Hello, I want to send report files which is in XML format from Jenkins to Splunk server. I am using Jenkins send fil... by bp1980 New Member in Getting Data In 02-28-2020 0 7	0	7
Event Timestamp mismatch with Index Timestamp Last year 2019 we have deployed Splunk Cloud in our environment . Post which we have configured the logs into Splunk ... by anandhalagaras1 Contributor in Getting Data In 02-28-2020 0 5	0	5
windows 2003 servers monitor using Splunk 8.0 I know both Microsoft and Splunk not supporting OS and UF(6.x) for windows 2003.And not compatible to send 6.x UF dat... by ansif Motivator in Getting Data In 02-27-2020 0 1	0	1