Getting Data In

Community Activity

Is it possible to ingest XML? It is 2019 and there is still not a comprehensive Splunk Answer or Documentation on how to ingest XML. Can someone e... by nick405060 Motivator in Getting Data In 11-20-2019 0 2	0	2
What is the better way of extracting user from domain in configuration We have a Splunk TA already extract the user field (defined in transforms.conf) from the raw data; however, the user ... by lucas4394 Path Finder in Getting Data In 11-20-2019 0 2	0	2
Inputlookup Exception List not filtering I have a report that shows me all "missing" hosts across our network. I have created a lookup file and definition to... by rykermurdock77 Explorer in Getting Data In 11-20-2019 0 2	0	2
Apache Access Log Extract Byte Size I have tons of log lines coming from the Apache access log that look something like this: 11/19/19 1:39:01.000 PM 19... by doprocess Engager in Getting Data In 11-20-2019 0 2	0	2
CentOS 6 iptables blocking universal forwarder communication to deployment server "Couldn't complete HTTP request: Connection timed out" On a number of CentOS 6 machines which have long iptables rules with multiple chains (details can be provided if requ... by tfallon New Member in Getting Data In 11-20-2019 0 5	0	5
Why am I losing events when neither the cold path usage or maxage are being met? I have an index I'm using to backfill a bunch of data, and as I'm tracking the event count by sources, I'm seeing spl... by briancronrath Contributor in Getting Data In 11-19-2019 0 8	0	8
Splunk Forwarder support by Splunk Hi - We are upgrading Splunk to 7.2.8 since 7.0 is out of support. the Universal forwarders are not mentioned in the ... by rishrai New Member in Getting Data In 11-19-2019 0 3	0	3
How to change timezone of a timestamp in results of search? I have created a query that tracks the Start and End Time of a given job. These start and end times are calculated by... by tyhopping1 Engager in Getting Data In 11-19-2019 0 1	0	1
what should I do if the Indexers don't receive logs for a syslog server-based log file, for more than 5 minutes Syslog Server Source Feed Check' was triggered. It is raised when the Indexers don't receive logs for a syslog server... by abhishekdubey00 Engager in Getting Data In 11-19-2019 0 1	0	1
Replacing backslash not working in SEDCMD after re-directing through transforms.conf and applying it in props.conf. Hi, I am trying to escape backslash character from json data. It works when I apply SEDCMD definations in props.conf... by chaitalynavare Engager in Getting Data In 11-19-2019 0 5	0	5
Splunk UF Deployment - Possible Issues Hello. We are planning on deploying UFs across our enterprise ~ 3000 systems. Currently, we have deployed UFs to 50 s... by johann2017 Explorer in Getting Data In 11-19-2019 0 5	0	5
Lots of log files, how can I reduce forwarder memory usage? The forwarder is using 4.3 GB memory. I think that is insane. OS: Windows 2008 R2 Splunk 4.2.3 The folder I am monit... by andyk Path Finder in Getting Data In 11-19-2019 2 9	2	9
_indextime is 5 hrs ahead of event time (_time) Hi, We have Splunk Enterprise 7.2.6 in our environment. I noticed there are latencies (difference between _time and ... by vijayad Explorer in Getting Data In 11-19-2019 1 13	1	13
Active Directory - Admon limits approx 1000 assets Hi splunkers ! I ve just configured active directory monitoring based on Splunk 7.3 Active Directory inputs. The AD ... by o_calmels Communicator in Getting Data In 11-19-2019 0 0	0	0
How to break a multi-line event with regex, provided that the date and time containing the milliseconds changes only at the beginning of the line. Hi, I have the following log format, How can I break this multiline event, with the condition if the date is changed ... by leandromatperei Path Finder in Getting Data In 11-18-2019 0 4	0	4
Do Universal Forwarders need a license master? When I restart the Splunk Universal forwarder, the following warnings get logged (to the _internal index): 07-07-201... by krdo Communicator in Getting Data In 11-18-2019 1 3	1	3
How to transform multiple timestamps in an event I have an event that prints the actual time which Splunk metadata has, but instead, I want to use the other timestamp... by MOHITJOSHI Engager in Getting Data In 11-18-2019 0 1	0	1
How do i convert a Json Multi key value pair to multi line chart Hi I have X number of "totalHitCount" in a JSON file (mtr.gauges.caching_metrics.nodes{}.totalHitCount). Within mult... by robertlynch2020 Influencer in Getting Data In 11-18-2019 0 1	0	1
Splunk_TA_Windows Winregistry Sourcetype missing? All, Just working with Splunk_TA_Windows today and noticed that there is no specified sourcetype in inputs.conf and... by daniel333 Builder in Getting Data In 11-18-2019 0 0	0	0
Splunk DBConnect and retention Hi All, I am wondering how does the retention works when I am ingesting data which is older than the actual retenti... by nithin204 Explorer in Getting Data In 11-18-2019 0 1	0	1
Logging to Job Inspector from Custom Search Command Hi folks. I have a custom search command and I am using self.logger to log messages from the command. Please see my ... by gdavoian Engager in Getting Data In 11-18-2019 1 0	1	0
What is best practices for forwarders and an index cluster? Good morning all, I am building a lab environment at AWS and I would like to know which one is the best approach for... by borja_luaces New Member in Getting Data In 11-18-2019 0 3	0	3
Master Class I got to manage some indexers, I seek this can be done by master class server. How do i configure it? by dani9 Explorer in Getting Data In 11-18-2019 0 3	0	3
Cisco Router ACL Logs - How to Utilize in Cisco Security App? Hi All - Just discovered Splunk, and I must say it's an amazing tool. I've configured a router to send syslog messa... by umpiloto Engager in Getting Data In 11-18-2019 1 4	1	4
Problem with removing spaces using sed - with <> characters present <Update> <data> <user> <dialogs>/finesse/api/User/72741/Dialogs</dialogs> <extension></extension> <firstName>Bert</fi... by Ttreb New Member in Getting Data In 11-17-2019 0 2	0	2