Getting Data In

Community Activity

Line breaking : problem with blank lines ? Hi experts, I'm collecting logs wich look like this : 2019-12-18_09:51:42.982 [] [req-] INFO ParGideBS.getByCle b... by DavidCaputo Path Finder in Getting Data In 12-18-2019 0 1	0	1
Index By host OR Sourcetype by host Hello, I have 2 questions I am hoping someone can help me with. I am trying to figure out how to categorize data bas... by jamie_leclair Engager in Getting Data In 12-18-2019 0 10	0	10
How to call $SPLUNK_HOME or %SPLUNK_HOME% from a .bat file for Windows Scripted input? I have a working scripted input using the first method below, however I'm wanting to get rid of the hard coding of SP... by bandit Motivator in Getting Data In 12-17-2019 0 8	0	8
syslog-ng props and transforms conf for ingesting data Hi! I'm trying to ingest metric data from a Virtual Machine Linux box, using syslog-ng and Splunk Universal Forwarde... by chrisratliff95 New Member in Getting Data In 12-17-2019 0 0	0	0
Run universal forwarder in Docker as unprivileged account I am trying to run the universal forwarder in OpenShift which by default doesn't allow containers to run with a privi... by adamstortz Engager in Getting Data In 12-17-2019 1 1	1	1
How find index-time field extractions. Hello all, Our environment has some custom index-time field extractions we find to be very useful (yes, I know Splun... by adamsmith47 Communicator in Getting Data In 12-17-2019 0 2	0	2
Problem with my search (activity log on of 3 users , Active directory) Hello everybody, (Sorry for my english) splunk version 7.0.0 I have two problems on my search I am searching the ac... by tinpelayee Engager in Getting Data In 12-17-2019 0 1	0	1
How do I copy forwarder inputs from one indexer to another indexer? I'm working on load balancing the universal forwarder and want to make sure the additional indexer that will now rece... by ntripp_element Explorer in Getting Data In 12-17-2019 0 3	0	3
Hostname macro in inputs.conf Hi, I have a Linux based application server that exists in two copies on xhostA and xhostB. I am getting their syslog... by afx Contributor in Getting Data In 12-17-2019 0 1	0	1
how to configure splunk forwarder to monitor a file whose name changes on daily basis Hi All, I am trying to monitor a logfile which is generated in a path every day at 23:55 from a python script. My pr... by poddraj Explorer in Getting Data In 12-17-2019 0 1	0	1
Release schedule for docker images What is the release schedule for docker images? It doesn't look as if the version of 7.2 that is patched against the ... by platformred Explorer in Getting Data In 12-17-2019 0 1	0	1
Metrics dimensions shares What is the best way to get dimensions share for metrics index? For example is I have dimension IS_ERROR with "bool v... by tomasfurch New Member in Getting Data In 12-16-2019 0 0	0	0
how does Universal Forwarder work? Hi, all I wonder about Universal Forwarder. I have to switch master uri of deploymentclient.conf and outputs.conf b... by nanachu Path Finder in Getting Data In 12-16-2019 0 3	0	3
Best timestamp format Hello guys, could you confirm Splunk handles best US format (MM/DD/YYYY or YYYY/MM/DD for instance) where month prece... by splunkreal Influencer in Getting Data In 12-16-2019 0 1	0	1
splunk_server I frequently envoke on my search head against a indexer cluster with 10 members: index= \| dedup splunk_server \| tabl... by halbeisendv Path Finder in Getting Data In 12-16-2019 0 4	0	4
Error in Splunk extract i18n script Hi, I have app that already has some translations and I need to add more of them to .po file. From what I understand... by seva98 Path Finder in Getting Data In 12-16-2019 0 0	0	0
Archive some of indexes in a separate disk. I am currently migrating my splunk instance to a new environment. The problem is we are having some old index, in w... by ayush1906 Communicator in Getting Data In 12-16-2019 0 1	0	1
extract fields from Nested multivalue JSON Hello, we have complex Json having mutli level with multivalue fields. In below example topologyMetrics has 4 subno... by AKG1_old1 Builder in Getting Data In 12-15-2019 0 6	0	6
How do I configure and enforce a 6 month data retention policy? Hello, I am trying to configure a 6 month data retention policy in which data has to be deleted from an index 180 da... by andrewtrobec Motivator in Getting Data In 12-15-2019 0 2	0	2
JSON input not splitting up in single line I am using API to fetch the JSON logs and sending JSON output to Splunk. Props.conf is on the search head. I am see... by rishma Explorer in Getting Data In 12-14-2019 0 4	0	4
How can I upload an Administrative Events.evtx file? We are trying to upload the Administrative Events.evtx file via the Add Data interface. However, the interface doesn'... by ddrillic Ultra Champion in Getting Data In 12-14-2019 0 9	0	9
Parsing of makeresults I executed the following SPL with makeresults, but the results only give me the fields for _time and _raw... i don't ... by awmorris Path Finder in Getting Data In 12-13-2019 0 6	0	6
Help modifying timezone in props.conf I need to change the timezone for a host sending logs to our production instance. I have set up a free test instance... by thenetworksfine Observer in Getting Data In 12-13-2019 0 2	0	2
host (PC) linux on my Network Good morning, everyone, As the title says, I would like to know which Linux hosts have access to my network, not the... by numeroinconnu12 Path Finder in Getting Data In 12-13-2019 0 7	0	7
How to prevent Splunk from converting time to date Hi, I have a log file like this: 08:00:00.032 user parameter: A[0]B[0]C: Action successful. This is just hour:... by indeed_2000 Motivator in Getting Data In 12-13-2019 0 12	0	12