Getting Data In

Ask a Question

Discussions

Thread Info

Working with CSV

I have CSV like this- PPAGE_ID1 PPAGE_ID2 PPAGE_ID3 PPAGE_ID4 PPAGE_ID5 PPAGE_ID6 1-Jan 123 123...

by Contributor in

Regex for Line Break props.conf

Hello Splunkers, Any Regex geniuses that can help line break the below logs. Ideally remove the text in th...

by Communicator in

help with the dashboard time calculation needed

Hello, I have relatively easy issue I am struggling with. I would like to calculate the time difference in seconds...

by Builder in

How to write dynamic rest api script in Shell??

Hi All, I was writing one script in shell for getting data though rest api . Below is the connect of the scrip...

by Path Finder in

How do I group unstructured events based on errorcode that they contain in body?

I have some base splunk query which gives me list of events which has body mentioned below - event 1. {"Errors":{"...

by Engager in

Inconsistent indexing time on CSV monitor

We have been using daily CSV exports from our "X" monitoring servers that we then display on our performance board ea...

by Explorer in

Sourcetype renaming not taking

Following the documentation for sourcetype renaming, I still fail to get it working. I have added an entry in Sourcet...

by Explorer in

how to delete duplicate events

I messed up my production server - deleted by mistake some of the internal splunk indexes instead of deleting them on...

by Communicator in

API json preview field

As seen in https://docs.splunk.com/Documentation/Splunk/7.2.3/RESTUM/RESTusing#Example_B:_JSON_response_format_exampl...

by Contributor in

One record, two values per field?

We've been acquiring data for some time now via manual imports with CSV files. We're finishing up the process of auto...

by Path Finder in

error after stopping and connecting to instance in aws

Hi Everyone, I spinned up a new windows instance in aws, then i installed splunk application in that server. Then ...

by New Member in

Universal Forwarder 8.0 upgrade path from 6.x

We have a bunch of older 6.x universal forwarders that will be incompatible with an 8.0 Enterprise Splunk instance. I...

by New Member in

How to filter our dashboard by each host or including all hosts?

Hi, I'm trying to filter our dashboard by each host or including all hosts. We have many field(chart) in a dashbo...

by Explorer in

How do you filter data from a log and send them to 2 splunk instances while discarding the rest?

I'm trying to filter data from a log and send them to 2 splunk instances while discarding the rest. I've tried a lit...

by Explorer in

TCP requirement for syslog transfer

Syslogs are sent on UDP port 514 towards Syslog-ng But we have experienced if tcp for port 514 is not working/not ...

by Path Finder in

HTTP Event Collector returns Bad Request - what is wrong with my event?

While posting a request to Splunk via HEC, I get the response as {"text":"No data","code":5} and when I enable versio...

by Contributor in

Monitor logs on Indexers and forward to another indexer cluster

In my environment, we send everything to our indexer cluster and use data cloning using _TCP_ROUTING on the universal...

by Path Finder in

Original Timestamp Value/Format

Hello, I'm looking for a way to capture the original timestamp value/format from various logs. Here are some of the f...

by Builder in

splunk-kubernetes-logging in Kubernetes cluster getting error_class=Net::OpenTimeout error="execution expired"

I am trying to setup splunk-kubernetes-logging. I have my daemonset running on my worker nodes, but fluentd is failin...

by New Member in

default.meta [views\setup]

Hello guys,Does anyone know what views\setup found in default.meta means? Also if Search & Reporting app default.m...

by Motivator in

splunk forwarder upgrade

Hi All i have a requirement to upgrade splunk forwarder from 7.1 to 7.3.3, I will use sccm to upgrade to 7.3.3, exper...

by Explorer in

Splunk HF send only auditd, syslog, linux_secure to 3rd party syslog

I am having trouble wrapping my head around how to configure a HF to forward the sourcetypes of syslog and auditd to ...

by Explorer in

Why am I getting "ERROR UiPythonFallback - Appserver at http://127.0.0.1:8065 never started up!" on my Splunk 6.2.1 indexers?

I am new to Splunk, and noticed the web interface for my Indexers is offline. After reviewing the logs I found the...

by Engager in

How to split String sentence into one row?

Hello, I have a fields in my index named MESSAGE. [BBB] ProcessGenererIdentifiantLMKRImpl/genererIdentifiantLM...

by Explorer in

WinEventlog Input for [WinEventLog://Microsoft-Windows-Shell-Core/AppDefaults]

Hi, I try to monitor Microsoft-Windows-Shell-Core/AppDefaults directory. I tried adding it to Splunk_TA_window...

by Influencer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Working with CSV

Regex for Line Break props.conf

help with the dashboard time calculation needed

How to write dynamic rest api script in Shell??

How do I group unstructured events based on errorcode that they contain in body?

Inconsistent indexing time on CSV monitor

Sourcetype renaming not taking

how to delete duplicate events

API json preview field

One record, two values per field?

error after stopping and connecting to instance in aws

Universal Forwarder 8.0 upgrade path from 6.x

How to filter our dashboard by each host or including all hosts?

How do you filter data from a log and send them to 2 splunk instances while discarding the rest?

TCP requirement for syslog transfer

HTTP Event Collector returns Bad Request - what is wrong with my event?

Monitor logs on Indexers and forward to another indexer cluster

Original Timestamp Value/Format

splunk-kubernetes-logging in Kubernetes cluster getting error_class=Net::OpenTimeout error="execution expired"

default.meta [views\setup]

splunk forwarder upgrade

Splunk HF send only auditd, syslog, linux_secure to 3rd party syslog

Why am I getting "ERROR UiPythonFallback - Appserver at http://127.0.0.1:8065 never started up!" on my Splunk 6.2.1 indexers?

How to split String sentence into one row?

WinEventlog Input for [WinEventLog://Microsoft-Windows-Shell-Core/AppDefaults]

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Routing data to different indexes using regex

Re-ingest Windows logs across enterprise

SC4S Syslog server update fails during download wi...

Event break multiline PowerShell Transcript Log

uberAgent

Getting Data In

Are you a member of the Splunk Community?

Discussions