Getting Data In

Community Activity

JSON Parse error while uploading .kmz - 7.2.0 Having some issues trying to upload a .kmz file.. It's working fine on the 7.3.1 sandbox I have myself, but trying to... by m_newman New Member in Getting Data In 10-15-2019 0 0	0	0
Error - saving custom sourcetype data cannot be written Error when trying to save sourcetype : In handler 'sourcetypes': Data could not be written: /nobody/destinations/prop... by shhhhh New Member in Getting Data In 10-15-2019 0 2	0	2
Receiving error after restarting docker-splunk, proceeds to add forward-server Hi, I am setting up a Splunk universal forwarder by pulling the universalforwarder docker image from docker-hub and ... by chibhat New Member in Getting Data In 10-15-2019 0 0	0	0
Need to limit iis logs to 4xx and 5xx statuses in universal forwarder I am trying to limit the input of iis logs to only 4xx and 5xx vaqlues in the sc_status field. In the etc\system\loc... by agatesoftware New Member in Getting Data In 10-15-2019 0 1	0	1
What are the best practices for assigning time zones in my Splunk platform deployment? When setting up my Splunk deployment, I was asked about what timezone I want the servers to have. I just assumed I sh... by sloshburch Ultra Champion in Getting Data In 10-15-2019 0 1	0	1
Session Duration in minutes I have a search that returns the "Avg Session Duration" by USER_ID. The results are coming back in minutes as long a... by JoeSco27 Communicator in Getting Data In 10-15-2019 0 4	0	4
Why does Splunk "Show Source" not match IIS log file? Hi, At my company, we have noticed that for some records (1-2%), the data we see in Splunk does not match the data c... by pzhou07920 Explorer in Getting Data In 10-15-2019 0 6	0	6
UF is not sending few logs Hi All, I have UF installed in my windows machine and its has IIS logs and App logs. In last few days, my forwarder ... by arunkns New Member in Getting Data In 10-15-2019 0 5	0	5
JSON line breaking I am trying to break one big json event into several events, eventually 1080, but in the example below there would be... by mcbradfordwcb Engager in Getting Data In 10-14-2019 0 1	0	1
How to send data via UDP port to 2 indexers? Hi Experts, I have a concern. I am aware that I can get data from UDP port and send it to an indexer. I have a conce... by vikas_gopal Builder in Getting Data In 10-14-2019 0 6	0	6
Does Splunk ingest files that existed before the remote folder monitor was created? I have a client server with a universal forwarder configured to forward data to an index server. On the client serve... by williamcharlton Path Finder in Getting Data In 10-14-2019 0 2	0	2
Will Splunk ingest the same data if it is sent to two different indexes? I currently see the wineventlog:security as a source under my wineventlog index for the Splunk_TA_Windows app and al... by eellingson New Member in Getting Data In 10-14-2019 0 1	0	1
Why are events indexing with the wrong time stamp Hi, A csv file has the format dd-mm-year hh:mm. Splunk swap the day and month for the events for the first 9 days of... by acceo_purch New Member in Getting Data In 10-14-2019 0 4	0	4
Cisco IOS and TA not showing data in dashboards I have a distributed environment: Splunk Enterprise 7.2.4 All infrastructure is RHEL 7.x Search head cluster (5 searc... by morphis72 Path Finder in Getting Data In 10-14-2019 0 6	0	6
Not receiving all files present in the directory? I am monitoring files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\ Below is my in... by pal_sumit1 Path Finder in Getting Data In 10-14-2019 0 1	0	1
HEC Posting Data Issue Hi All, I am trying to post some data to splunk via QT's Network Module. Currently, I have the HEC setup to where it... by adam1124 New Member in Getting Data In 10-14-2019 0 4	0	4
pushing data to new csv I have a csv where there are 5 columns and the number of rows is 1000. I have indexed that csv as continuous monitori... by kavyamohan Explorer in Getting Data In 10-14-2019 0 1	0	1
Importing Data From One index to my Splunk Enterprise Hi guys, I am trying to import data from an index provided by the instructor of a Splunk training course. Follow th... by ivialex New Member in Getting Data In 10-14-2019 0 11	0	11
Sending logs using Splunk HEC Hello, We have a requirement to send the logs from one of our IoT devices in to the Splunk. As it doesnt have syslog... by cyber_castle Path Finder in Getting Data In 10-13-2019 1 1	1	1
timezone setting based on forwarder naming convention? I'm sure Splunk'rs have ran across this already, so here's my issue. We have server naming conventions with "D" for ... by joesrepsolc Communicator in Getting Data In 10-13-2019 0 1	0	1
Given log data, can I calculate accuracy and output it in a dashboard? Hello, My events look like this: 2019-10-10T17:51:40+00:00 action="updateDate->saveDatesFromDataMining", 0={"urlupd... by ruhtraeel Path Finder in Getting Data In 10-13-2019 0 4	0	4
splunk fundamentals 1 learning module 5 lab not counting time spent or working - what do I do now? Currently my Module 5 lab is launching, but not recording the time spent or checking off that I have completed the la... by csocanalystwann New Member in Getting Data In 10-13-2019 0 1	0	1
how to remove multiple logs into single event [tomcat] EXTRACT = \/u01\/logs-(?\w+)\/.* in source Adding the below to BREAK EVENTS only at timestamp and TRUNCATIN... by duggp007 New Member in Getting Data In 10-13-2019 0 3	0	3
Do we need to install same Splunk Apps in all Indexer Cluster servers? Hi We are planning to have indexer cluster environment. For testing, we currently have single indexer which has al... by meoo Explorer in Getting Data In 10-12-2019 0 5	0	5
Where does the mapping of Account Name to src happen for the WinEventLog data? I'm not clear where and when the src field gets its value for the WinEventLog data. by danielbb Motivator in Getting Data In 10-12-2019 0 2	0	2