Getting Data In

Community Activity

Question on data retention Hello All , I have indexer cluster with 5 indexers with different storage space .Indexer 1 has 4.3TB ,Indexer2 has 6... by vrmandadi Builder in Getting Data In 01-14-2020 0 5	0	5
CIS Link on InfoSec App Compliance Page The InfoSec App compliance page has a header with a URL that links to a document called Splunk and the CIS Security C... by jrenees Engager in Getting Data In 01-14-2020 0 0	0	0
Forward filtered logs to indexer and full logs to third party syslog server Hello, I am currently forwarding logs from uf to HF to idx. What I am trying to achieve is drop windows event with ... by archme Explorer in Getting Data In 01-14-2020 0 1	0	1
i can't find the existing index Greetings!! I can't find the existing index, after inputs other data into that index? I have done /opt/Splunk/bin/... by pacifikn Communicator in Getting Data In 01-14-2020 0 5	0	5
Where do I have to set persistent queue configuration in order to offload event on UF's disk? Hi, I am collecting event from UF to IDX. Sometimes events are missing due to network issue btw UF and IDX. So I am t... by brandy81 Path Finder in Getting Data In 01-14-2020 0 0	0	0
Help with props and regex for index time extraction and adjustment of time zone A typical Event (which has no line breaks): HOSTVULN: HOST_ID=109436564, IP="10.1.40.106", TRACKING_METHOD="AGENT", ... by untieshoe Path Finder in Getting Data In 01-13-2020 0 8	0	8
Transaction Command: Determine Outliers/Mismatches Only I am using the transaction command in Splunk to group the events of an identical log file across two hosts. Essentia... by bcarr12 Path Finder in Getting Data In 01-13-2020 0 1	0	1
Script Input Hello Friends! I was trying to send an input Script to all my AIX servers ( i have aprox 20) but the script only get... by juls0125 New Member in Getting Data In 01-13-2020 0 0	0	0
How to get non matching value by comparing two multivalued field without using join or append? I want to get value from one multivalued field which are not present in other multivaliued field from same index and ... by ankitgupta15 Engager in Getting Data In 01-13-2020 0 3	0	3
Forward matching events to a third party system. I would like to understand if the following requirement can be made to work.. We are ingesting AWS Cloudtrail events... by Stokers_23 Explorer in Getting Data In 01-13-2020 0 0	0	0
Filter events from UF based on source + sourcetype or host Hello, is it possible to filter events based on sourcetype + (host OR sourcetype) with props.conf/transforms.conf on... by splunkreal Influencer in Getting Data In 01-13-2020 0 4	0	4
How to separate hosts/other fields into other data indexes? I've got several data indexes (only one server) already that are separated by forwarders or listener ports. However, ... by bigfatyeastroll Path Finder in Getting Data In 01-13-2020 0 3	0	3
TcpInputProc - Encountered S2S Exception=Invalid _meta atom: for key="Caption": Hi I get al lot of the following messages on my IX: TcpInputProc - Encountered S2S Exception=Invalid _meta atom: for... by aagehh New Member in Getting Data In 01-13-2020 0 4	0	4
SPLUNK could't parse all files in same directrory please need your support as SPLUNK didn't parse all files from same path, i.e for example in my inputs.conf there are... by Amirahussein Path Finder in Getting Data In 01-13-2020 0 1	0	1
How to do custom encryption and decryption on a Splunk universal forwarder? I am trying to do custom encryption and decryption of data on the universal forwarders. I am trying to configure the ... by dk30390 New Member in Getting Data In 01-13-2020 0 0	0	0
how to export a splunk app to .spl What is command that i need to use to export a splunk app into .spl format ? by chimbudp Contributor in Getting Data In 01-13-2020 2 5	2	5
Not able to read CSV from Universal forwarder I am trying to read csv from one of my universal forwareder, below is my inputs file [monitor://D:\DUMP\Updated_Dump... by shugup2923 Path Finder in Getting Data In 01-12-2020 0 4	0	4
KV_MODE = multi not capturing fields I am using the splunk for unix app and the KV_MODE = multi entry in props.conf is not working. For example, I am stil... by jamesvz84 Communicator in Getting Data In 01-12-2020 1 2	1	2
Question About Retetion Policy No Effect Hi, Splunkers: I have a question about retention policy that I had configured my index linux_log of frozenTimePeriod... by aojie654 Path Finder in Getting Data In 01-12-2020 0 2	0	2
Why did my data not deleted when reaching retention limit? Hi, Splunkers: I have a question about retention policy that I had configured my index linux_log of frozenTimePeriod... by aojie654 Path Finder in Getting Data In 01-12-2020 0 1	0	1
Custom timestamp detection for a sourcetype with some event w/o timestamp Hello there, For a particular sourcetype there are events with a timestamp and events without timestamp. As Splunk ... by D2SI Communicator in Getting Data In 01-11-2020 0 9	0	9
How to convert JSON array of Key/Value pairs to Column/Value? Lets say we have Json data in the following format ( using 2 events as an example) Event 1) Time Event 5/19/19 2... by mlevsh Builder in Getting Data In 01-10-2020 0 4	0	4
Parse json - relate parent key to child-array values Source JSON Structure: { "working": { "https://site.number.one": [ { "metric": "... by n_young New Member in Getting Data In 01-10-2020 0 6	0	6
json output read single value when there are multiple for a segment Hi, I have a json output which is getting indexed correctly. And i am collectng ip from remotemanagement{}.ip . But ... by surekhasplunk Communicator in Getting Data In 01-10-2020 0 11	0	11
KV store keys, REST API and URL encoding forward slashes I have a KV collection that uses a CIDR-style network address as the key value. This means that delete operations ... by hughkelley Path Finder in Getting Data In 01-10-2020 0 6	0	6