Getting Data In

Community Activity

How can I create a historical search to see if a sourcetype didn't come in for certain hosts? Hello all, I currently have a search that checks to see if a sourcetype is coming for specific hosts tagged with a c... by mpham07 Path Finder in Getting Data In 12-31-2019 0 6	0	6
How can I check whether the script has indeed run A script is defined in the inputs.conf file [script:///opt/splunkforwarder/bin/scripts/top.sh] interval = 0 0 * * * ... by pratapa Explorer in Getting Data In 12-31-2019 0 1	0	1
Should we be adding a restart flag to the Splunk "Patching app"? https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020 I noticed this app didn't have th... by briancronrath Contributor in Getting Data In 12-31-2019 0 2	0	2
Search peer has the following message: idx=_internal Throttling indexer, too many tsidx files in bucket='dir", is splunk optimizer running? Hello, I am getting these messages , what is the action upon this? The disk space is not even near half,that shouldn'... by linu1988 Champion in Getting Data In 12-31-2019 1 3	1	3
I want to parse the time before 1970/1/1 00:00:00. I'm trying and trying to simulate R code with Splunk. When running R data in Splunk, data before 1970 appears. I unde... by to4kawa Ultra Champion in Getting Data In 12-30-2019 0 4	0	4
How can to modify filter without relaunching javascript Hi, I have a problem with my javascript in Splunk. On my dashboard, I have two filters : - Filter on the dat... by marylenebrey New Member in Getting Data In 12-30-2019 0 2	0	2
How to get counter values in a metrics Index? Hi Splunkers, I am currently working on collecting my SNMP network performance data on Splunk 7.3.3. As SNMP polling... by oliverpaetzold New Member in Getting Data In 12-29-2019 0 0	0	0
Cpu and memory usage This probably has been asked many many times but there is still not a good answer out there.i simply want to use forw... by carlyleadmin Contributor in Getting Data In 12-28-2019 0 10	0	10
Is it better to specify TIME_FORMAT or let Splunk automatically determine time format? Hey, I am currently doing clean up work on some of the in house TA's build for our environment. We are getting timest... by bolaojewale Explorer in Getting Data In 12-27-2019 0 1	0	1
Best Practices for SNMP traps from Universal Forwarder I am trying to send SNMP traps from Cisco wireless controllers to our universal forwarder which has net-snmp installe... by thefilmguy New Member in Getting Data In 12-27-2019 0 0	0	0
What are the proper user quotas to protect our indexers? Yesterday, one indexer got crashed due to a very badly developed dashboard - it instantly consumed all the memory of... by danielbb Motivator in Getting Data In 12-27-2019 0 4	0	4
confusion with tags I am trying to understand the functionality of 'tags' index="main" source="a.csv" \| fields Code Description \| head ... by palisetty Communicator in Getting Data In 12-27-2019 0 1	0	1
Unable to log into $Splunk_Home on CMD or PowerShell (Beginner) When trying to log into splunk to get to the @root for splunk it is not recognizing the path provided. In powershell... by virggray New Member in Getting Data In 12-27-2019 0 2	0	2
Monitor Stanza I am having trouble with one my monitor stanza's. I am trying to monitor a log file for AV threats. I am using 2 stan... by jwray97 Explorer in Getting Data In 12-27-2019 0 3	0	3
splunk cloudに対してcliを使用する方法 AMLのためsplunk cloudに保存しているログにたいして、定期的にqueryを実行してその出力結果をcsv等で取得したいと考えております。定期的にqueryで実行することはreport機能で可能かと思いますが、結果をsp... by nishida_tada_ca Loves-to-Learn Lots in Getting Data In 12-26-2019 0 6	0	6
How to setup Brocade Switches to send SYSLOG data to Splunk? HI everyone, We have a Splunk architecture of 2 HFs, 4 indexers and 1 Master Node.. We are wanting to onboard syslo... by Splunker2911 Loves-to-Learn in Getting Data In 12-26-2019 0 1	0	1
How can I filter events before they are indexed so they aren't indexed? I tried this solution but no success. I am trying to filter data from being indexed.I need only the Error events In ... by amit2301 New Member in Getting Data In 12-26-2019 0 8	0	8
JSON Data issues observations_statistics: { [-] risk_vectors: { [-] botnet_infections: { [-] average_duration_day... by chiraggl Engager in Getting Data In 12-26-2019 0 2	0	2
How to continuously monitor a file in splunk even though it is not updated I want to monitor a cfg/csv file daily. The file does not get updated daily, it gets updated once a month or once a q... by shreyasathavale Communicator in Getting Data In 12-26-2019 0 3	0	3
Validating timestamp extraction after an update Hi, I have updated all my instances by updating the datetime.xml file as described here: https://docs.splunk.com/Do... by amankhan1 Path Finder in Getting Data In 12-25-2019 0 3	0	3
Is it ok to use ellipsis wildcard more than once? Is it ok to use ellipsis wildcards (...) more than once to recurses through directories in props.conf's spec stanza? ... by Junie Loves-to-Learn in Getting Data In 12-25-2019 0 2	0	2
Breaking events JSON For some reason the LINE_BREAKER option for Splunk keeps turning a JSON log file into a single event, ignoring everyt... by mmoermans Path Finder in Getting Data In 12-25-2019 0 1	0	1
Please route me i am at INDEX deadend. I appreciate your time and effort. below are questions 1) I want to find out where is the index.conf for my index... by Rocky31 Path Finder in Getting Data In 12-25-2019 0 10	0	10
/proc/loadavg output not working in gcp instance Hi, I have a script that is printing output of "/proc/loadavg". The script is running fine when executed manually. B... by ankitarath2011 Path Finder in Getting Data In 12-25-2019 0 0	0	0
Is it possible to ignore line breaker raw data? I'm monitor a folder with some file. Could I make whole file as one event without line_breaker? I've tried transactio... by vietlq414 Explorer in Getting Data In 12-25-2019 0 2	0	2