Getting Data In

Ask a Question

Discussions

Thread Info

Heavy forwarder internal logs to splunk cloud

Hi All, Hope you all are doing well. I ran into a issue that heavy fowarders are not sending internal logs to S...

by Path Finder in

How many indexes should I use?

Hello All, I have some sizing questions and wanted some input from the community. I'm pretty sure the answer, like...

by Motivator in

How to get earliest and latest from time filter?

I am using a dashboard with some filters including the built int time input for the events. For the queries in the...

by Explorer in

Forwarder Resend Data After Connect To Indexer

Hi, Splunkers: I have a forwarder that is target to a incorrect indexer and it was paused to send data for 3700s. ...

by Path Finder in

trouble with extracting data from JSON event

Hi, I am storing the events containing subscribers per subscription topics. The events look like this: {"type":...

by New Member in

Tonight i got a new host appear by mistake...

here is the host but when i try to search for it nothing... host="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...

by New Member in

How to capture Windows evtx files

A customer has asked me to pick up the following logs: %SystemRoot%\System32\Winevt\Logs\Application.evtx %SystemR...

by Path Finder in

Proper formatting (identation) of queries in savedsearches.conf stanza causes everything after the first | pipe to be ignored

Hi splunkers, I'm convinced that following clean code principles starts with proper indentation. That's why all...

by Path Finder in

Monitor hosts

I would like to monitor 10 hosts on a Splunk server. is that possible? What are the steps to monitor clients or hosts...

by New Member in

How to get tcp-ssl input for Splunk 6.0 to work

I have installed Splunk 6.0 (Free version) on Linux x64 system. I can collect syslog inputs on UDP port 514. But I tr...

by Explorer in

Original splunk container fails to start (RHEL 7.6 + Docker 1.13.1-103) -- but works fine on CentOS 7

Loading a new and unmodified splunk container throws an error and cannot start on RHEL 7.6 The docker image has been ...

by New Member in

json to table

Hi Experts, I want to convert Json format into table. My data have below field [ [-] { [-] day: Tue dayOfMonth: 1...

by Path Finder in

JSON Parse error while uploading .kmz - 7.2.0

Having some issues trying to upload a .kmz file.. It's working fine on the 7.3.1 sandbox I have myself, but trying to...

by New Member in

Error - saving custom sourcetype data cannot be written

Error when trying to save sourcetype : In handler 'sourcetypes': Data could not be written: /nobody/destinations/prop...

by New Member in

Receiving error after restarting docker-splunk, proceeds to add forward-server

Hi, I am setting up a Splunk universal forwarder by pulling the universalforwarder docker image from docker-hub an...

by New Member in

Need to limit iis logs to 4xx and 5xx statuses in universal forwarder

I am trying to limit the input of iis logs to only 4xx and 5xx vaqlues in the sc_status field. In the etc\system\loca...

by New Member in

What are the best practices for assigning time zones in my Splunk platform deployment?

When setting up my Splunk deployment, I was asked about what timezone I want the servers to have. I just assumed I sh...

by Ultra Champion in

Session Duration in minutes

I have a search that returns the "Avg Session Duration" by USER_ID. The results are coming back in minutes as long as...

by Communicator in

Why does Splunk "Show Source" not match IIS log file?

Hi, At my company, we have noticed that for some records (1-2%), the data we see in Splunk does not match the data...

by Explorer in

UF is not sending few logs

Hi All, I have UF installed in my windows machine and its has IIS logs and App logs. In last few days, my forwarde...

by New Member in

JSON line breaking

I am trying to break one big json event into several events, eventually 1080, but in the example below there would be...

by Engager in

How to send data via UDP port to 2 indexers?

Hi Experts, I have a concern. I am aware that I can get data from UDP port and send it to an indexer. I have a con...

by Builder in

Does Splunk ingest files that existed before the remote folder monitor was created?

I have a client server with a universal forwarder configured to forward data to an index server. On the client server...

by Path Finder in

Will Splunk ingest the same data if it is sent to two different indexes?

I currently see the wineventlog:security as a source under my wineventlog index for the Splunk_TA_Windows app and al...

by New Member in

Why are events indexing with the wrong time stamp

Hi, A csv file has the format dd-mm-year hh:mm. Splunk swap the day and month for the events for the first 9 days ...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Heavy forwarder internal logs to splunk cloud

How many indexes should I use?

How to get earliest and latest from time filter?

Forwarder Resend Data After Connect To Indexer

trouble with extracting data from JSON event

Tonight i got a new host appear by mistake...

How to capture Windows evtx files

Proper formatting (identation) of queries in savedsearches.conf stanza causes everything after the first | pipe to be ignored

Monitor hosts

How to get tcp-ssl input for Splunk 6.0 to work

Original splunk container fails to start (RHEL 7.6 + Docker 1.13.1-103) -- but works fine on CentOS 7

json to table

JSON Parse error while uploading .kmz - 7.2.0

Error - saving custom sourcetype data cannot be written

Receiving error after restarting docker-splunk, proceeds to add forward-server

Need to limit iis logs to 4xx and 5xx statuses in universal forwarder

What are the best practices for assigning time zones in my Splunk platform deployment?

Session Duration in minutes

Why does Splunk "Show Source" not match IIS log file?

UF is not sending few logs

JSON line breaking

How to send data via UDP port to 2 indexers?

Does Splunk ingest files that existed before the remote folder monitor was created?

Will Splunk ingest the same data if it is sent to two different indexes?

Why are events indexing with the wrong time stamp

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Routing data to different indexes using regex

Re-ingest Windows logs across enterprise

SC4S Syslog server update fails during download wi...

Event break multiline PowerShell Transcript Log

uberAgent

Getting Data In

Are you a member of the Splunk Community?

Discussions