Getting Data In

Community Activity

Can i set a MAX MB or GB size per file? Hi I have an issues that every now again one sourcetype can produce lots of bad data into the TB, Splunk will then t... by robertlynch2020 Influencer in Getting Data In 01-15-2020 0 3	0	3
Issue filtering specific logs on UF Hi, I have recently started building apps on splunk. I am monitoring a log file on the UF , containing logs from var... by tirthasplunk New Member in Getting Data In 01-15-2020 0 0	0	0
How to resolve timestamp and line processing issues in pdfgen.log ? I am getting the below two warning messages, 1. 11-27-2017 06:00:22.902 +1100 WARN DateParserVerbose - Failed to par... by damode Motivator in Getting Data In 01-15-2020 1 14	1	14
If an indexer receives logs from a heavy forwarder is it able to forward a subset of data to another Indexer? Hi at all, I have some Heavy Forwarders that receive data from some Universal Forwarders and take syslogs from some a... by gcusello SplunkTrust in Getting Data In 01-14-2020 0 3	0	3
Does Splunk have the ability to batch ingest large .csv files? Is Splunk capable of batch ingesting large .csv files? It does not seem like it. For example, the below works [moni... by nick405060 Motivator in Getting Data In 01-14-2020 1 3	1	3
Index Master statistics different between Settings, Indexes and Setting, Index Clustering, Indexes I have an index cluster with 24 indexers, and a set of custom indexes that I manage on the index master in $SPLUNK_HO... by thormanrd Path Finder in Getting Data In 01-14-2020 0 1	0	1
Question on data retention Hello All , I have indexer cluster with 5 indexers with different storage space .Indexer 1 has 4.3TB ,Indexer2 has 6... by vrmandadi Builder in Getting Data In 01-14-2020 0 5	0	5
CIS Link on InfoSec App Compliance Page The InfoSec App compliance page has a header with a URL that links to a document called Splunk and the CIS Security C... by jrenees Engager in Getting Data In 01-14-2020 0 0	0	0
Forward filtered logs to indexer and full logs to third party syslog server Hello, I am currently forwarding logs from uf to HF to idx. What I am trying to achieve is drop windows event with ... by archme Explorer in Getting Data In 01-14-2020 0 1	0	1
i can't find the existing index Greetings!! I can't find the existing index, after inputs other data into that index? I have done /opt/Splunk/bin/... by pacifikn Communicator in Getting Data In 01-14-2020 0 5	0	5
Where do I have to set persistent queue configuration in order to offload event on UF's disk? Hi, I am collecting event from UF to IDX. Sometimes events are missing due to network issue btw UF and IDX. So I am t... by brandy81 Path Finder in Getting Data In 01-14-2020 0 0	0	0
Help with props and regex for index time extraction and adjustment of time zone A typical Event (which has no line breaks): HOSTVULN: HOST_ID=109436564, IP="10.1.40.106", TRACKING_METHOD="AGENT", ... by untieshoe Path Finder in Getting Data In 01-13-2020 0 8	0	8
Transaction Command: Determine Outliers/Mismatches Only I am using the transaction command in Splunk to group the events of an identical log file across two hosts. Essentia... by bcarr12 Path Finder in Getting Data In 01-13-2020 0 1	0	1
Script Input Hello Friends! I was trying to send an input Script to all my AIX servers ( i have aprox 20) but the script only get... by juls0125 New Member in Getting Data In 01-13-2020 0 0	0	0
How to get non matching value by comparing two multivalued field without using join or append? I want to get value from one multivalued field which are not present in other multivaliued field from same index and ... by ankitgupta15 Engager in Getting Data In 01-13-2020 0 3	0	3
Forward matching events to a third party system. I would like to understand if the following requirement can be made to work.. We are ingesting AWS Cloudtrail events... by Stokers_23 Explorer in Getting Data In 01-13-2020 0 0	0	0
Filter events from UF based on source + sourcetype or host Hello, is it possible to filter events based on sourcetype + (host OR sourcetype) with props.conf/transforms.conf on... by splunkreal Motivator in Getting Data In 01-13-2020 0 4	0	4
How to separate hosts/other fields into other data indexes? I've got several data indexes (only one server) already that are separated by forwarders or listener ports. However, ... by bigfatyeastroll Path Finder in Getting Data In 01-13-2020 0 3	0	3
TcpInputProc - Encountered S2S Exception=Invalid _meta atom: for key="Caption": Hi I get al lot of the following messages on my IX: TcpInputProc - Encountered S2S Exception=Invalid _meta atom: for... by aagehh New Member in Getting Data In 01-13-2020 0 4	0	4
SPLUNK could't parse all files in same directrory please need your support as SPLUNK didn't parse all files from same path, i.e for example in my inputs.conf there are... by Amirahussein Path Finder in Getting Data In 01-13-2020 0 1	0	1
How to do custom encryption and decryption on a Splunk universal forwarder? I am trying to do custom encryption and decryption of data on the universal forwarders. I am trying to configure the ... by dk30390 New Member in Getting Data In 01-13-2020 0 0	0	0
how to export a splunk app to .spl What is command that i need to use to export a splunk app into .spl format ? by chimbudp Contributor in Getting Data In 01-13-2020 2 5	2	5
Not able to read CSV from Universal forwarder I am trying to read csv from one of my universal forwareder, below is my inputs file [monitor://D:\DUMP\Updated_Dump... by shugup2923 Path Finder in Getting Data In 01-12-2020 0 4	0	4
KV_MODE = multi not capturing fields I am using the splunk for unix app and the KV_MODE = multi entry in props.conf is not working. For example, I am stil... by jamesvz84 Communicator in Getting Data In 01-12-2020 1 2	1	2
Question About Retetion Policy No Effect Hi, Splunkers: I have a question about retention policy that I had configured my index linux_log of frozenTimePeriod... by aojie654 Path Finder in Getting Data In 01-12-2020 0 2	0	2