Getting Data In

Community Activity

	How do I copy forwarder inputs from one indexer to another indexer? I'm working on load balancing the universal forwarder and want to make sure the additional indexer that will now rece... by ntripp_element Explorer in Getting Data In 12-17-2019 0 3	0	3
	Hostname macro in inputs.conf Hi, I have a Linux based application server that exists in two copies on xhostA and xhostB. I am getting their syslog... by afx Contributor in Getting Data In 12-17-2019 0 1	0	1
	how to configure splunk forwarder to monitor a file whose name changes on daily basis Hi All, I am trying to monitor a logfile which is generated in a path every day at 23:55 from a python script. My pr... by poddraj Explorer in Getting Data In 12-17-2019 0 1	0	1
	Release schedule for docker images What is the release schedule for docker images? It doesn't look as if the version of 7.2 that is patched against the ... by platformred Explorer in Getting Data In 12-17-2019 0 1	0	1
	Metrics dimensions shares What is the best way to get dimensions share for metrics index? For example is I have dimension IS_ERROR with "bool v... by tomasfurch New Member in Getting Data In 12-16-2019 0 0	0	0
	how does Universal Forwarder work? Hi, all I wonder about Universal Forwarder. I have to switch master uri of deploymentclient.conf and outputs.conf b... by nanachu Path Finder in Getting Data In 12-16-2019 0 3	0	3
	Best timestamp format Hello guys, could you confirm Splunk handles best US format (MM/DD/YYYY or YYYY/MM/DD for instance) where month prece... by splunkreal Motivator in Getting Data In 12-16-2019 0 1	0	1
	splunk_server I frequently envoke on my search head against a indexer cluster with 10 members: index= \| dedup splunk_server \| tabl... by halbeisendv Path Finder in Getting Data In 12-16-2019 0 4	0	4
	Error in Splunk extract i18n script Hi, I have app that already has some translations and I need to add more of them to .po file. From what I understand... by seva98 Path Finder in Getting Data In 12-16-2019 0 0	0	0
	Archive some of indexes in a separate disk. I am currently migrating my splunk instance to a new environment. The problem is we are having some old index, in w... by ayush1906 Path Finder in Getting Data In 12-16-2019 0 1	0	1
	extract fields from Nested multivalue JSON Hello, we have complex Json having mutli level with multivalue fields. In below example topologyMetrics has 4 subno... by AKG1_old1 Builder in Getting Data In 12-15-2019 0 6	0	6
	How do I configure and enforce a 6 month data retention policy? Hello, I am trying to configure a 6 month data retention policy in which data has to be deleted from an index 180 da... by andrewtrobec Motivator in Getting Data In 12-15-2019 0 2	0	2
	JSON input not splitting up in single line I am using API to fetch the JSON logs and sending JSON output to Splunk. Props.conf is on the search head. I am see... by rishma Explorer in Getting Data In 12-14-2019 0 4	0	4
	How can I upload an Administrative Events.evtx file? We are trying to upload the Administrative Events.evtx file via the Add Data interface. However, the interface doesn'... by ddrillic Ultra Champion in Getting Data In 12-14-2019 0 9	0	9
	Parsing of makeresults I executed the following SPL with makeresults, but the results only give me the fields for _time and _raw... i don't ... by awmorris Path Finder in Getting Data In 12-13-2019 0 6	0	6
	Help modifying timezone in props.conf I need to change the timezone for a host sending logs to our production instance. I have set up a free test instance... by thenetworksfine Observer in Getting Data In 12-13-2019 0 2	0	2
	host (PC) linux on my Network Good morning, everyone, As the title says, I would like to know which Linux hosts have access to my network, not the... by numeroinconnu12 Path Finder in Getting Data In 12-13-2019 0 7	0	7
	How to prevent Splunk from converting time to date Hi, I have a log file like this: 08:00:00.032 user parameter: A[0]B[0]C: Action successful. This is just hour:... by indeed_2000 Motivator in Getting Data In 12-13-2019 0 12	0	12
	How to merge two search queries of same source and get the difference using splunk ? Hi team, I have two below queries, can you please suggest how to merge and get difference of counts in separate colu... by kanamarlapudive New Member in Getting Data In 12-13-2019 0 7	0	7
	How to filter few lines from an event in splunk Hi all, I am new to splunk and am facing issue while trying to filter lines which has "Dequeue" in the event. I want ... by poddraj Explorer in Getting Data In 12-13-2019 0 2	0	2
	Different IIS hosts logging to different indexes We got several IIS servers and want to index IIS logs into Splunk. However, we need to seperate some of the servers t... by erikwie Path Finder in Getting Data In 12-13-2019 0 5	0	5
	Splunk truncating large input json data and not indexing. Hi I have used python script to call some api's and sending the response to splunk. If the response is small, splu... by swithinb Explorer in Getting Data In 12-13-2019 0 2	0	2
	How to make Universal Forwarder to run script after monitoring of the directory returns files Hi, In Universal Forwarder(Windows), I have scenario where I need to run my pre-processing scripts after file fro... by viramamo Explorer in Getting Data In 12-13-2019 0 11	0	11
	splunk upgrade from 7.3.3 to 8.0.0 failed (Could not create path D:\splunk\data\index\_metrics\db appearing in indexes.conf: 5 ) Hi, anyone know how to solve this problem? C:\Users\AppData\Local\temp\splunk.log In the log file is shown : Could ... by jerjer951109 Loves-to-Learn in Getting Data In 12-13-2019 0 9	0	9
	How is it possible to move indexers to different site in same cluster I had 6 indexers in a cluster in 2 sites A and B. One of the admins(through scripting) configured 6 more indexers but... by bfarr Explorer in Getting Data In 12-12-2019 0 1	0	1