Getting Data In

Community Activity

Wildcards not working in tags.conf I have the below config in tags.conf: [source=/some/directory/logs/foo-bar/error.log] sometag = enabled And this wo... by dhughesanz New Member in Getting Data In 01-10-2020 0 1	0	1
Configure Spunk Hot/Warm, Cold and Frozen How do I configure HOT / WARM, COULD, and FROZEN in Splunk Enterpise? I need to configure Splunk Data Retention and ... by erlindemberg Explorer in Getting Data In 01-10-2020 0 2	0	2
Need seperate count for UP and DOWN Peer Hi All, I have a query to display some BGP neighbour UP or DOWN. Output looks like nodelabel Status PEER_IP Ti... by jerinvarghese Communicator in Getting Data In 01-10-2020 0 5	0	5
Why did a Splunk forwarder stop sending to log packet? It was working fine until 1 month ago. There was no Splunk forwarder and network configuration change. No packets fro... by lifekis Explorer in Getting Data In 01-09-2020 0 5	0	5
Add hosts to Splunk multiselect UI I want to populate the list of hosts in the multiselect input option in Splunk. index=someIndexName * host!="notThis... by kirti_gupta12 Path Finder in Getting Data In 01-09-2020 0 1	0	1
Windows Security Events only being forwarded for a short time after restarting universal forwarder Hi everyone, I have about 20 windows servers and 30 linux servers, all with universal forwarders installed and config... by mccartneyc Path Finder in Getting Data In 01-09-2020 0 1	0	1
Forward specific inputs from indexer to intermediate forwarder Hi guys, here is the current setup I have. UF uses data cloning to send to both an indexer cluster and an intermedia... by mccartneyc Path Finder in Getting Data In 01-09-2020 0 3	0	3
How to configure a heavy forwarder to receive logs over port 514/1514? Hi, I have a new Splunk enterprise system up and running, with HFs and Indexers. For logs from network devices like F... by vnguyen46 Contributor in Getting Data In 01-09-2020 0 1	0	1
Visualization that takes into account time of day Hey all, So I'm kind of scratching my head on this, and any kind of guidance would be extremely helpful! Alright, s... by myoung54 Explorer in Getting Data In 01-09-2020 0 2	0	2
Assistance on mcollect command for perfmon I am trying to pull windows_TA perfmon data to a metric index to give our users sample data so they can create metric... by dsbruce Explorer in Getting Data In 01-09-2020 0 0	0	0
Best Practice for Gauging the Amount of Data Ingested Daily What is the best method for gauging the amount of data a log source feeds in? for example, let the system send data ... by itsmevic Communicator in Getting Data In 01-09-2020 0 1	0	1
how can I get Hostnames anits respective IP address through a query.For e.g (index=winlog \| Stats count by host) only returns hostnames .I would like the hostname and IP address how can I get Hostnames anits respective IP address through a query.For e.g (index=winlog \| Stats count by host) only... by simonselvin2019 Explorer in Getting Data In 01-09-2020 0 3	0	3
Promoting new source from test index I'm adding a new input (UNC directory) and due to previous lessons learned, I took from best practice and sent events... by davidbann Explorer in Getting Data In 01-09-2020 0 1	0	1
SHOULD_LINEMERGE = true and BREAK_ONLY_BEFORE_DATE = true defaults Hello, i am trying to understand the documentation surrounding SHOULD_LINEMERGE. It says the default is SHOULD_LIN... by dglass0215 Path Finder in Getting Data In 01-09-2020 0 2	0	2
How to get the desired results using Splunk Text Input? Hi, I have a dashboard. It has 3 text inputs. Search by IP Text Input 1 Search by NETBIOS Text Input 2 Search by... by mbasharat Builder in Getting Data In 01-09-2020 0 5	0	5
How to pick multiple value which has same key name Log looks like this. {...\"Key_name\":\"Value\",....}, {...\"Key_name\":\"Value\",....}, {...\"Key_name\":\"Value\",... by Deprasad Path Finder in Getting Data In 01-09-2020 0 9	0	9
Why are logs are being cut off? Some of the logs ingested into our Splunk environment has missing line. I was told that this could be the result of a... by lawrence_magpoc Path Finder in Getting Data In 01-08-2020 0 2	0	2
Can't feed data into Splunk I'm trying to know why I can't feed data in splunk. I'm trying to get data from windows servers to splunk, I've creat... by essibong1 New Member in Getting Data In 01-08-2020 0 2	0	2
How do I add additional performance counters to the Splunk UF Collector? We are attempting to add Microsoft RAS Total counters from PerfMon to the Splunk UF collector. We updated the local/i... by MTravisVolker Explorer in Getting Data In 01-08-2020 2 1	2	1
How does monitor:// handle windows shortcuts to directories containing logs? In an effort to get our inventory of inputs under control, I'm trying to get all servers to have one place for logs. ... by twinspop Influencer in Getting Data In 01-08-2020 1 7	1	7
query azure ad sign-in logs I have indexed my Azure AD audit and sign-in logs: { [-] Level: 4 callerIpAddress: xxx.xxx.xxx.xxx category... by rileyken2 Path Finder in Getting Data In 01-08-2020 0 0	0	0
archiving an index, moved to cold, remaining folders and files in db I'm working moving a retired index to frozen (indexer cluster). I've set the maxWarmDBCount = 0 for the index and all... by mikefg Communicator in Getting Data In 01-08-2020 0 0	0	0
Total users logged in at any given time to a Windows machine Hello all, I am fairly new to Splunk and am working on gathering data for our operations team. They are asking me to... by tkerr1357 Path Finder in Getting Data In 01-08-2020 0 2	0	2
Tutorial data upload error Hi, I'm fairly new to Splunk and currently undergoing some training. Within my home lab I have a Splunk instance ins... by becksyboy Contributor in Getting Data In 01-08-2020 2 26	2	26
How to put multiple heavy forwarder or indexer name in collectd.conf for matrices data Hello Guys, I need you help to figure out how to put multiple HF or indexer name in collectd.conf for matrices data... by Anirban92Chakra New Member in Getting Data In 01-08-2020 0 0	0	0