Getting Data In

Discussions

Thread Info

How to ingest Cyberark logs in Splunk?

Is there a published method or documentation on how to ingest Cyberark logs? Thanks, Jan Clairmont 302-669-9972

by New Member in

How to avoid "ERROR WinEventLogChannel - saveCheckpointStr: Failed to rename checkpoint file" when monitoring a folder with .evtx files?

I have a folder with some .evtx files from another machine that I need to get forwarded and indexed into splunk. The ...

by New Member in

Compare/calculate with current date

Hi, I want to create automatic obsolecance reports in Splunk. I grab the info from a database. There is a collum t...

by Explorer in

How to eliminate events with ">Debug"

Trying to eliminate logs that start with ">Debug". Must be missing something with my logic. All the data has a sourc...

by Communicator in

Data validation across multiple deployments

Hi, We have old Splunk architecture which we will be retiring. New architecture is in place. We have configured da...

by Contributor in

splunk stress test

Hello i want to perform performance testing to my splunk environment is there a good way to make stress tests ? ...

by Communicator in

Extract date from Filename source

Hi in my events I am getting time which is extracted correctly by Splunk for _time timestamp and for date extraction ...

by Builder in

Can the HTTP Event Collector provide the channel identifier in the Splunk events

We are sending data to the HTTP Event Collector raw endpoint from multiple systems, but we have no control over the d...

by New Member in

Reference values in CSV versus hardcoding search query for desired results

It is possible to have Splunk reference values inside a CSV file at search time? This is much needed as I'm currently...

by Communicator in

How to use line breaking for sample data?

Hi, How to use line breaking to break events before TBD, new event starts with TBD. sample data: ABC*11*231...

by Path Finder in

How to parse out a single line following a static line in a java stack trace?

Hello, I am new to Splunk and attempting to parse and display a single line of text from a java stack trace captur...

by New Member in

Infoblox timezone not changing

We are collecting logs from Infoblox and forwarding from the product into Splunk which is working as expected, howeve...

by Explorer in

Reconfigure how timestamps appear in raw data

I have a date in a column with the name of Date and Time. The current format is 02/04/19 12:50:49, but it really sho...

by Explorer in

Multi-line event break question

Currently all of the logs coming in from a call manager are being broken up per line and I am trying to merge them in...

by New Member in

Splunk Universal Forwarder 7.3.0 index-time field extraction bug

Hi, after upgrading splunkforwarder from 7.0.1 to 7.3.0 we started experiencing a weird bug. We extract several fiel...

by Explorer in

Splunk Indexes.conf retention

Hi, I am currently setting up retention for an index, I want a retention period of 1 year where after that period the...

by Communicator in

How to replace single backslash (\) with double back slash(\\) from a base search result which is a token value and it is used as an input for the sub search?

Base Search: We are fetching the data from the field named WMIError as given below, WMIError="Unable to connect to...

by Path Finder in

How to troubleshoot error "skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied..."?

Hi All, Could you please guide us why we are getting this message in our Splunk Web portal and how to trouble sho...

by Motivator in

Is there a dbconnect alternative that doesn't consume so much license?

Is there an alternative to dbconnect for getting RDBMS data into Splunk? I'm having some errors due to moving the dat...

by Engager in

How to parse out fields

Hi, I have an XML-like (but not proper XML) feed that I need to parse. A sample is below, and I need to parse out eac...

by Champion in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to ingest Cyberark logs in Splunk?

How to avoid "ERROR WinEventLogChannel - saveCheckpointStr: Failed to rename checkpoint file" when monitoring a folder with .evtx files?

Compare/calculate with current date

How to eliminate events with ">Debug"

Data validation across multiple deployments

splunk stress test

Extract date from Filename source

Can the HTTP Event Collector provide the channel identifier in the Splunk events

Reference values in CSV versus hardcoding search query for desired results

How to use line breaking for sample data?

How to parse out a single line following a static line in a java stack trace?

Infoblox timezone not changing

Reconfigure how timestamps appear in raw data

Multi-line event break question

Splunk Universal Forwarder 7.3.0 index-time field extraction bug

Splunk Indexes.conf retention

How to replace single backslash (\) with double back slash(\\) from a base search result which is a token value and it is used as an input for the sub search?

How to troubleshoot error "skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied..."?

Is there a dbconnect alternative that doesn't consume so much license?

How to parse out fields

How I Instrumented a Rust Application Without Knowing Rust

Splunk Community Platform Survey

Observability Highlights | November 2022 Newsletter

May I have sample code to query Splunk data using ...

How to add metadata to UF config files?

Splunk Add-on for Citrix Netscaler - IPFIX/AppFlow

AWS S3 Input- Ingest .csv files that are not actua...

Increased CPU on Universal Forwarder since v9