Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why do I have a different result in a saved search from CSV files and a different saved search history?

Hi guys, We have a saved search that takes its sources from 5 csv files. On a run, it returns back 10k of events. ...

by New Member in

Why are the logs that are being forwarded to the indexer, cannot be seen on the search head?

I can see the logs on the indexer but they aren't searchable on search head. I've already checked for - Th...

by Path Finder in

Can we create a symbolic link for only search peer bundles in indexers?

Suppose splunk is installed in the path called SPLUNK_HOME/etc/.... and the search peers bundles are located the SPLU...

by Explorer in

How can I route os data from one set of indexers to another set of indexers?

Hi, We need to route os data from one set of indexers to another set of indexers,but while using the below setting...

by Engager in

indexes.conf location

Hi. I need to add some limits to retention in my indexes.conf file on several indexers. The documentation suggests...

by Path Finder in

How would I change the index of a sourcetype?

For example using WinEventLog: Security In props.conf [WinEventLog:Security] TRANSFORMS-routing=forexamplename ...

by New Member in

Indexing log files already (although not correctly) indexed

I am at first experience of indexing log files. Therefore I am conscious of not having a full control of what i am do...

by New Member in

How to install Splunk on Windows 2012 R2 server?

Hi All, I m new to Splunk, I would like to install Splunk enterprise on Windows 2012 R2 server via RDC Manager , I c...

by Path Finder in

How to blacklist specific accounts in Windows security log event 4663?

I've seen several posts here, but none that really have a concrete answer on this. I'm trying to blacklist certain ac...

by Explorer in

iis server on board into splunk

Hello Professionals, we set up Splunk about 6 months ago, now we would like to onboard iis server to Splunk.May I kno...

by New Member in

Powershell input for Splunk universal forwarder - Windows Server

I am just trying to create a dashboard which shows Windows System information (like Task Manager) Powershell scrip...

by Contributor in

Can you put an overlay on a mstats prediction?

I had a question from one of our engineers who are looking to leverage the metric indicies to do predictions of memor...

by Builder in

input stanza for on prem codedeploy logs

we use codedeploy to deploy to some of our on prem servers with the codedepoy agent it logs to C:\Deployments\xxxxxx-...

by Explorer in

Splunk ML Toolkit, Python, Custom Algorithm: How do I output a plot in a custom algorithm?

For ex, in the supplied CorrelationMatrix example, can I plot the correlation values? Something like a 'corrplot' in ...

by New Member in

How to rename index in data sent from another splunk instance?

We are receiving data from an external splunk instance. They have indexes A,B,C. When our indexers receive there data...

by Path Finder in

Authentication error: Client is not authenticated while trying to add search peers to the search head

I'm trying to set up a simple Splunk environment, but when running: $SPLUNK_HOME/bin/splunk add search-server http...

by Path Finder in

Why am I seeing duplicate field values under interesting fields?

Can anyone tell my why I am see duplicate host values (1 uppercase and 1 lowercase) in my interesting fields and how ...

by Explorer in

How can I further edit inputs.conf in order to blacklist an event on Windows forwarder?

Hi, I am tired of making this filter work but unfortunately nothing worked. I have Windows Security events where t...

by Path Finder in

How to filter users ending with $ using inputs.conf on a UF v6.6.

Hi and thankyou in advance, I need to be able to filter EventCode 4624 to NOT includes events with "Account Name" ...

by Path Finder in

How would I filter WinEventLog inputs on custom text?

Using the following inputs.conf on a Splunk forwarder; [WinEventLog://Security] index = wineventlog_test ...

by Communicator in

Getting Data In

Discussions

Why do I have a different result in a saved search from CSV files and a different saved search history?

Why are the logs that are being forwarded to the indexer, cannot be seen on the search head?

Can we create a symbolic link for only search peer bundles in indexers?

How can I route os data from one set of indexers to another set of indexers?

indexes.conf location

How would I change the index of a sourcetype?

Indexing log files already (although not correctly) indexed

How to install Splunk on Windows 2012 R2 server?

How to blacklist specific accounts in Windows security log event 4663?

iis server on board into splunk

Powershell input for Splunk universal forwarder - Windows Server

Can you put an overlay on a mstats prediction?

input stanza for on prem codedeploy logs

Splunk ML Toolkit, Python, Custom Algorithm: How do I output a plot in a custom algorithm?

How to rename index in data sent from another splunk instance?

Authentication error: Client is not authenticated while trying to add search peers to the search head

Why am I seeing duplicate field values under interesting fields?

How can I further edit inputs.conf in order to blacklist an event on Windows forwarder?

How to filter users ending with $ using inputs.conf on a UF v6.6.

How would I filter WinEventLog inputs on custom text?

Push notifications on policy violations and events...

index time extraction for json logs

f5 Silverline ASM

Index Field Transform not Catching Every Event

splunk-connect-for-kubernetes breaking on every ne...