Getting Data In

Discussions

Thread Info

issues with SEDCMD

I have the below file being indexed in spunk, { "records": [ { <event}} and I would like to ...

by Path Finder in

fully reindexing a file every time the datestamp changes

I've a few different automated pulls of data into directories of files I want splunk to index. These files get comple...

by Contributor in

How To Restart A Windows-based Service From A Triggered Alert - Run A Script

Hi, I have created a Splunk alert that will be triggered when a Windows-based service is down (ie. Print Spooler)....

by New Member in

Does TZ setting account for daylight savings time changes?

Does anyone know if the TZ setting "US/Central" accounts for daylight savings time changes (e.g. TZ=US/Central)?

by Ultra Champion in

AD FS - event ID 1102

Hello, I have encountered a problem with AD FS events that has the ID 1102. They are getting the action "cleared", ...

by Contributor in

Will Outputs.conf reflect the timestamp parameters?

Hello Splunkers, I have outputs.conf in my Universal Forwarder at \etc\system\local\ , I am monitoring some log fi...

by Communicator in

Issue with monitoring one specific log file

Hi, I am monitoring multiple files/directory under different sourcetype. For one specific log file I am getting wi...

by Builder in

Why am I unable to set sourcetype in props.conf?

I have a syslog feed sending me firewall data from a linux system. It calls that sourcetype syslog, of course. I'm...

by Contributor in

Splunk universal forwarder crashes : Crashing thread: parsing

I have splunk universal forwarder version-6.5.2 after few days it crashes and gives error as- Received fatal signa...

by Builder in

How does Splunk connect to the Universal forwarders — using IP or HostNames?

Can anyone clarify if Splunk Deployment server and Indexer connects to Universal forwarder using hostname or IP addre...

by Path Finder in

How to filter out data after specific event?

Hi, I'm trying to filter out data after a specific event occurs. I want to drop all of the search data to dis...

by Path Finder in

Syslog data to new Splunk instance

I've recently inherited an old Splunk installation, and I'm in the process of migrating it over to a new updated inst...

by New Member in

Splunk build (SPLUNK_BUILD) for 7.1.2. I

I'd need to run a custom docker build and it required the build hash to grab the release. Thanks.

by New Member in

Can anyone tell me where the "Destination app" can be set for a source type?

Can anyone tell me where the "Destination app" can be set for a SourceType? When we try to change it in the GUI, we g...

by Path Finder in

How to calculate the difference in minutes/seconds between two timestamps in a human readable format?

Submit Date / Creation Date Time Stamp Incident Response Date Time 09/14/2016 01:14 AM 09/14/2016...

by Explorer in

Error while searching using the value from the input

I have the following dynamic options for my "consumer" multiselect: index=$index$ | fillnull value="not specified...

by New Member in

How to filter data by multiselect

I'm trying to use multiselect for filtering my charts data: search "msg.mdc.headers.consumer{}"=$consumer$ , w...

by New Member in

Line breaking not working with rolling log files

Log file name : run_xxxxxxx_XXX_XXXXXX_XXX.log.04020830 This is the log file name and its suffix always ends with ...

by Path Finder in

how can I keep the original host name in my summary index?

I would like to duplicate a subset of events to another index. Just an exact duplicate of the original event. Summary...

by Explorer in

Can you help me with an issue when adding a second indexer?

one Search head / one indexer system — try to add a second indexer. After I added the second indexer, in the searc...

by Path Finder in

Getting Data In

Discussions

issues with SEDCMD

fully reindexing a file every time the datestamp changes

How To Restart A Windows-based Service From A Triggered Alert - Run A Script

Does TZ setting account for daylight savings time changes?

AD FS - event ID 1102

Will Outputs.conf reflect the timestamp parameters?

Issue with monitoring one specific log file

Why am I unable to set sourcetype in props.conf?

Splunk universal forwarder crashes : Crashing thread: parsing

How does Splunk connect to the Universal forwarders — using IP or HostNames?

How to filter out data after specific event?

Syslog data to new Splunk instance

Splunk build (SPLUNK_BUILD) for 7.1.2. I

Can anyone tell me where the "Destination app" can be set for a source type?

How to calculate the difference in minutes/seconds between two timestamps in a human readable format?

Error while searching using the value from the input

How to filter data by multiselect

Line breaking not working with rolling log files

how can I keep the original host name in my summary index?

Can you help me with an issue when adding a second indexer?

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

Onboarding local MS Exchange Server with audit and...

spunk perfmon.exe counters not found error in splu...

Integrate Splunk and Azure Log Analytics

De-nesting JSON during indexing

HEC Token Authentication Failures

Getting Data In

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >