Getting Data In

Community Activity

Why does Splunk "Show Source" not match IIS log file? Hi, At my company, we have noticed that for some records (1-2%), the data we see in Splunk does not match the data c... by pzhou07920 Explorer in Getting Data In 10-15-2019 0 6	0	6
UF is not sending few logs Hi All, I have UF installed in my windows machine and its has IIS logs and App logs. In last few days, my forwarder ... by arunkns New Member in Getting Data In 10-15-2019 0 5	0	5
JSON line breaking I am trying to break one big json event into several events, eventually 1080, but in the example below there would be... by mcbradfordwcb Engager in Getting Data In 10-14-2019 0 1	0	1
How to send data via UDP port to 2 indexers? Hi Experts, I have a concern. I am aware that I can get data from UDP port and send it to an indexer. I have a conce... by vikas_gopal Builder in Getting Data In 10-14-2019 0 6	0	6
Does Splunk ingest files that existed before the remote folder monitor was created? I have a client server with a universal forwarder configured to forward data to an index server. On the client serve... by williamcharlton Path Finder in Getting Data In 10-14-2019 0 2	0	2
Will Splunk ingest the same data if it is sent to two different indexes? I currently see the wineventlog:security as a source under my wineventlog index for the Splunk_TA_Windows app and al... by eellingson New Member in Getting Data In 10-14-2019 0 1	0	1
Why are events indexing with the wrong time stamp Hi, A csv file has the format dd-mm-year hh:mm. Splunk swap the day and month for the events for the first 9 days of... by acceo_purch New Member in Getting Data In 10-14-2019 0 4	0	4
Cisco IOS and TA not showing data in dashboards I have a distributed environment: Splunk Enterprise 7.2.4 All infrastructure is RHEL 7.x Search head cluster (5 searc... by morphis72 Path Finder in Getting Data In 10-14-2019 0 6	0	6
Not receiving all files present in the directory? I am monitoring files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\ Below is my in... by pal_sumit1 Path Finder in Getting Data In 10-14-2019 0 1	0	1
HEC Posting Data Issue Hi All, I am trying to post some data to splunk via QT's Network Module. Currently, I have the HEC setup to where it... by adam1124 New Member in Getting Data In 10-14-2019 0 4	0	4
pushing data to new csv I have a csv where there are 5 columns and the number of rows is 1000. I have indexed that csv as continuous monitori... by kavyamohan Explorer in Getting Data In 10-14-2019 0 1	0	1
Importing Data From One index to my Splunk Enterprise Hi guys, I am trying to import data from an index provided by the instructor of a Splunk training course. Follow th... by ivialex New Member in Getting Data In 10-14-2019 0 11	0	11
Sending logs using Splunk HEC Hello, We have a requirement to send the logs from one of our IoT devices in to the Splunk. As it doesnt have syslog... by cyber_castle Path Finder in Getting Data In 10-13-2019 1 1	1	1
timezone setting based on forwarder naming convention? I'm sure Splunk'rs have ran across this already, so here's my issue. We have server naming conventions with "D" for ... by joesrepsolc Communicator in Getting Data In 10-13-2019 0 1	0	1
Given log data, can I calculate accuracy and output it in a dashboard? Hello, My events look like this: 2019-10-10T17:51:40+00:00 action="updateDate->saveDatesFromDataMining", 0={"urlupd... by ruhtraeel Path Finder in Getting Data In 10-13-2019 0 4	0	4
splunk fundamentals 1 learning module 5 lab not counting time spent or working - what do I do now? Currently my Module 5 lab is launching, but not recording the time spent or checking off that I have completed the la... by csocanalystwann New Member in Getting Data In 10-13-2019 0 1	0	1
how to remove multiple logs into single event [tomcat] EXTRACT = \/u01\/logs-(?\w+)\/.* in source Adding the below to BREAK EVENTS only at timestamp and TRUNCATIN... by duggp007 New Member in Getting Data In 10-13-2019 0 3	0	3
Do we need to install same Splunk Apps in all Indexer Cluster servers? Hi We are planning to have indexer cluster environment. For testing, we currently have single indexer which has al... by meoo Explorer in Getting Data In 10-12-2019 0 5	0	5
Where does the mapping of Account Name to src happen for the WinEventLog data? I'm not clear where and when the src field gets its value for the WinEventLog data. by danielbb Motivator in Getting Data In 10-12-2019 0 2	0	2
How to configure the universal forwarder to Heavy forwarder then to an Indexer? Hi, Can someone help what are the step I need to do if I have below flow : Universal Forwarder ------- Heavy forwar... by pankajupadhyay Path Finder in Getting Data In 10-12-2019 0 3	0	3
Timestamp matching outside of the acceptable window getting below error after upgrade to latest splunk version: 10-11-2019 08:02:49.775 +0000 WARN DateParserVerbose - T... by yog123 New Member in Getting Data In 10-12-2019 0 2	0	2
Why are we getting "DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event", but our logs or props.conf haven't changed? Splunk is showing the following WARN messages in the logs suddenly, but nothing was changed on the logs or props.conf... by nmohammed Builder in Getting Data In 10-12-2019 0 19	0	19
Why is huge duplicate and unwanted data being indexed into Splunk? Dear All, We are getting huge duplicate data and unwanted data into splunk and while we are querying the performance... by santosh11 New Member in Getting Data In 10-12-2019 0 1	0	1
How do you specify which version of the REST API to use? We've recently upgraded one of our Splunk Indexers to version 5.0.2 The problem is that this specific indexer was se... by tiny3001 Path Finder in Getting Data In 10-11-2019 1 8	1	8
How do I configure a heavy forwarder to send data to an indexer, but also send data as a single line to a syslog server? Hi, I need to change a bit of my Splunk architecture and split the data output as follows: Forward from Heavy Forwa... by kengilmour Path Finder in Getting Data In 10-11-2019 0 3	0	3