Getting Data In

Community Activity

Convert time in CSV upload I have a CSV file uploaded via "lookup Editor" and my "Scan Date" column has the following time format: 11/19/2019 1... by vulnfree Explorer in Getting Data In 11-29-2019 0 1	0	1
Search process did not exit cleanly, exit_code=-1, description="exited with code -1 I'm getting the following error in the Search head. How do I troubleshoot? Search process did not exit cleanly, exit... by aalaa Path Finder in Getting Data In 11-29-2019 1 1	1	1
Can Splunk index Windows Event Log(evt,evtx) files? Windows Server 2003, Windows XP and 2000 generate evt files, where Windows Vista, 2008 Server, Windows 7 generate evt... by Ledio_Ago Splunk Employee in Getting Data In 11-29-2019 5 10	5	10
WMI connect error I configured a splunk heavy repeater to use WMI to collect the security logs, application logs, and system logs of re... by molingxiu New Member in Getting Data In 11-29-2019 0 0	0	0
WMI connect error I configured a splunk heavy repeater to use WMI to collect the security logs, application logs, and system logs of re... by molingxiu New Member in Getting Data In 11-29-2019 0 0	0	0
How to calculate the time between events based on a field change grouped by another field? I'm attempting to generate a table which shows the time between two consecutive login events for a user when the IP a... by goodsellt Contributor in Getting Data In 11-28-2019 1 7	1	7
single indexer operation Hi, It may be a very simple question but i want to know how the indexing actually works when the indexer is down for... by surekhasplunk Communicator in Getting Data In 11-28-2019 0 3	0	3
Splunk UFW - Indexing Headers as Events Apologies as I know this has been asked a few times, but none of the answers I have found seem to work. I have some ... by krisalexroberts New Member in Getting Data In 11-28-2019 0 0	0	0
Query joining 3 sourcetypes I am trying to create a query that combines results from 3 sources, one of which is a lookup table. Any help would b... by markhvesta Path Finder in Getting Data In 11-27-2019 1 1	1	1
How to use a portion of the hostname in your inputs.conf monitor path? Got a bunch of logs to pickup from different machines. Evidently each machine has a share to the other machines, so I... by joesrepsolc Communicator in Getting Data In 11-27-2019 0 7	0	7
sourcetype reporting interval? Anybody have a query to show sourcetype reporting intervals (how often a ST sends data). I cant download or install ... by nahfam Path Finder in Getting Data In 11-27-2019 0 2	0	2
How to speed Up Windows Event Log Processing? I indexed about one GB of Windows Event Logs using the add data feature by monitoring the folder where the event log ... by spiced New Member in Getting Data In 11-27-2019 0 1	0	1
Splunk UF Backlog Hey everyone, quick UF question here... If a UF stops for whatever reason then comes back on later on, will the UF se... by johann2017 Explorer in Getting Data In 11-27-2019 0 3	0	3
UF and Platform version level compatibility with new timestamp issue Just got the notification about the timestamp issue coming in Jan 2020. Timestamp Issue I am currently running 7.2.... by jeffbat Path Finder in Getting Data In 11-27-2019 0 4	0	4
What will be LINE_BREAKER for these events? 2019-11-06 16:13:21,886 [9] DEBUG B005_01_01BusinessLogic - 2019-11-06 16:13:21,886 [9] DEBUG B005_01_01BusinessLogi... by muizash Path Finder in Getting Data In 11-27-2019 0 6	0	6
Single Search Head/Single Indexer (distributed search) Hi, Is it possible to create a single search head instance ? And or a single indexer instane? - Or are the instanc... by splunk_user_99 Explorer in Getting Data In 11-27-2019 0 1	0	1
conditional index and sourcetype name inputs.conf by file-naming-convention So my goal is to be able to pass a file to a splunk-monitored directory.. and have splunk apply it to the appropriate... by hiddenkirby Contributor in Getting Data In 11-27-2019 2 7	2	7
How to monitor and alert when the Splunk universal forwarder service has been stopped or modified? On my Universal Forwarders, I want to have the ability to monitor and alert off when the Splunk Universal forwarder s... by johann2017 Explorer in Getting Data In 11-26-2019 0 5	0	5
What is the difference between installing an add-on at the search head and the indexer? Hi all, I was going to install the Linux Secure Technology Add-On and the installation says that it needs to be inst... by borja_luaces New Member in Getting Data In 11-26-2019 0 1	0	1
Can we configure the smartstore caching capability of the indexers? Are there any configurations associated with the smartstore caching capability of the indexers? by danielbb Motivator in Getting Data In 11-26-2019 0 1	0	1
Reimporting Event Data / Fixing Data Holes Because of network problems between my HFs and my indexing tier I have some "holes" in my data. With holes I mean mis... by jroedel Path Finder in Getting Data In 11-26-2019 0 7	0	7
Why do we see a discrepancy between VSphere and perfmon when reporting on cpu? For a certain Windows Server 2016 Standard, VSphere reports around 50% cpu utilization while perfmon reports around 3... by danielbb Motivator in Getting Data In 11-26-2019 0 1	0	1
Windows Host Status (Red, Amber, Green) Has anyone been able to create a single panel (Red, Amber, Green status) for a windows host to show if the host has c... by nathanluke86 Communicator in Getting Data In 11-26-2019 0 4	0	4
Can anyone help me identify auto-finalized or truncated searches/alerts? I am having trouble crafting a search to identify auto-finalized or truncated searches. This is the search I am usi... by Task1906 Explorer in Getting Data In 11-26-2019 0 1	0	1
Can 1 sourcetype have 2 CHARSET? I have a sourcetype named "abc" It is configured to CHARSET=UTF_8 When I see the events, some events split because o... by muizash Path Finder in Getting Data In 11-25-2019 0 1	0	1