Getting Data In

Community Activity

trying to rename source at index time with transforms.conf hello, I want to change my source names in shorter ones. At first I had something that worked very well. transforms.... by julienoud New Member in Getting Data In 10-24-2019 0 1	0	1
splunk thinks text file is binary I have a file a like to upload to splunk with the following data: 72162397 SANTA CRUZ 00 33527710 01/08/201... by thinman Explorer in Getting Data In 10-24-2019 1 8	1	8
How to filter dynamically based on string match across two different lookups Hi, I am new to Splunk and am stuck at the this problem. To elaborate: I have attached example of datasets and the ... by rohankin New Member in Getting Data In 10-24-2019 0 8	0	8
What is the location of launch.conf in Splunk.(Indexers, SH, DS)? I want to know where is the location of launch.conf in our whole environment because i have to edit the proxy server ... by muizash Path Finder in Getting Data In 10-24-2019 0 3	0	3
I am looking to integrate Avanan I am looking to integrate Avanan a phishing solution and send its security logs that are in JSON format to an on prem... by clintonburnett Explorer in Getting Data In 10-23-2019 0 9	0	9
Rest call to splunk licenser/localslave to get master_uri returns "self" Hello, We have an integration test which verifies expected values after deploying a new splunk instance. This test ... by shoof New Member in Getting Data In 10-23-2019 0 1	0	1
Basic Table Header Rename I checked through the answers and cannot find anything that matches or will work... I am asking how to rename a tabl... by Mkaz New Member in Getting Data In 10-23-2019 0 4	0	4
LEEF format results in 1 liner entries into Splunk For some reason, 1 liner entries are send to my splunk, after incapsula logs shifted to LEEF format. Initially, we we... by tan_junyuan Engager in Getting Data In 10-23-2019 0 4	0	4
Using INDEXED_EXTRACTIONS=json produces duplicate values Before you ask, I have found at least 10 questions similar to this as well as two identical questions, both of which ... by mgallacher Engager in Getting Data In 10-22-2019 2 2	2	2
Why am I unable to paste search queries into Splunk Web search bar? Hi, Have an issue with a Splunk deployment on Windows (Server '08 Datacenter R2) with the end-user assets being Wind... by lmaclean Path Finder in Getting Data In 10-22-2019 0 5	0	5
I need a help in props.conf and transforms.conf Hi, I am new to splunk. Need some help in log filtering. I have below example log: p 12 02:04:55 xxx,[DEFAULT_LOG] 2... by graju89 Path Finder in Getting Data In 10-22-2019 0 2	0	2
How to alert if a syslog device does not send data in a rolling 24-hour period? Splunkers, To meet a regulatory requirement, I need to alert on if a syslog device does NOT send data to the Indexer... by matthew_foos Path Finder in Getting Data In 10-22-2019 0 4	0	4
data masking not working at index time Hi Guys, I have the below sample data , i want to mask the string after Basic and tried below transforms.conf and s... by kranthimutyala Path Finder in Getting Data In 10-22-2019 0 2	0	2
Splunk Azure DR Hello Is Splunk capable of clustering indexers and search heads that are in different Azure regions by jefthompson New Member in Getting Data In 10-22-2019 0 1	0	1
Can I filter logs coming from forwarders with config files under \etc\system or logs can be filtered just from heavy forwarders? Can I filter logs coming from forwarders with config files under \etc\system or logs can be filtered just from heavy ... by CsungyiPepi19 New Member in Getting Data In 10-22-2019 0 3	0	3
CheckPoint VPN - Get username with each firewall log Hi splunkers, I need to enrich the Checkpoint Firewall logs with the username in my corporate VPN logs. On a first ... by o_calmels Communicator in Getting Data In 10-22-2019 0 2	0	2
What is the best practice to address the "..is neither in the bundle downloaded from master nor managed by local deployment client..." validation failure? Two indexes are failing bundle validation checks on my cluster master with this error message: [Critical] App='syst... by sloshburch Ultra Champion in Getting Data In 10-21-2019 1 1	1	1
Disabling or removing extra description text in Windows 2008 event logs? I just recently started using Windows 2008 and when I got splunk setup and forwarding thge Windows event logs and I n... by Lowell Super Champion in Getting Data In 10-21-2019 6 14	6	14
Suppresssion settings in inputs.conf - Windows Events and TA for Windows Hey All, We have been experiencing issues with latency concerning Windows events being processed/indexed in Splunk. A... by adalbor Builder in Getting Data In 10-21-2019 0 0	0	0
2 Different Timezones being interpreted with the same IIS log file As with many folks, my IIS logs are setup to run with GMT timestamps. I have setup "TZ=GMT" on the sourcetype setup f... by derekho55 Explorer in Getting Data In 10-21-2019 0 0	0	0
Filtering out data Hi Team, We want to filter out the data during indexing time itself if the particular pattern (com.splunk.applicatio... by anandhalagarasa Path Finder in Getting Data In 10-21-2019 0 3	0	3
DHCP data into SPLUNK Dear All, How can we send DHCP data into splunk? What is the best way to push DHCP data into splunk? Is there any a... by santosh11 New Member in Getting Data In 10-21-2019 0 1	0	1
query optimization without join I am having multiple index and sources , initially we wrote query using join and we got desired output , but now our ... by vikashperiwal Path Finder in Getting Data In 10-21-2019 0 5	0	5
not seeing data in forwarder We have a Threatarmor appliance, it sends its logs in CEF format. I have a configured a Universal Forwarder on the sa... by hwkhan786 New Member in Getting Data In 10-21-2019 0 0	0	0
How do you replace _raw values for multiple fields? I'm trying to mask multiple fields from the raw results. Only one of the fields ends up masked in the raw. It seems I... by jgbricker Contributor in Getting Data In 10-21-2019 0 6	0	6