Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

REST API JSON output only with "result" field (without offset, etc.)

Hey guys, could you please help! I use curl -k -u 'myUser:myPwd' https://localhost:8089/services/search/jobs/expor...

by Contributor in

Do I need TIBCO or smth like that (highload to Splunk REST API queries)

Hey guys, I have an online connection with another web service Serv1: A. it sends data to MySplunk via online REST A...

by Contributor in

How to modify syslog source type to handle rfc3339 timestamp?

We pass messages with rsyslog using the rfc3339 time format. It has microseconds, and it has a timestamp. But noticed...

by New Member in

Use RegEx to set sourcetype on UF where events are in a JSON format

Scenario: two different source types being sent to UF (snort and firewall) from the same IP/source. form...

by Path Finder in

splunk with Docker in windows

Hello is it possible to run splunk in docker container in windows ? if yes, can someone link me to the installation g...

by Path Finder in

Process of Indexed Extraction Configuration

Hi All! I'm currently running into a very weird situation with a Splunk instance I inherited. I setup the props.co...

by Path Finder in

What can be the effects of rebooting a server without taking the forwarder down cleanly?

Many of the forwarders here go down when the servers go for maintenance work. What can go wrong with the forwarders w...

by Motivator in

Search Head - props.conf and transforms.conf not taking into effect in apps directory

I have a universal forwarder forwarding key-value-delimited log events to an indexer. I have created an app on the se...

by Path Finder in

Fields Extraction from JSON File

Im monitoring a JSON file and forwarding the data using UF to my indexers . Im having problems to extract the JSON fi...

by Path Finder in

ui_inactivity_timeout - web.conf

has anyone successfully implemented user session timeouts on their SHC? We are experiencing users keeping multiple da...

by Communicator in

How do I ingest logs that have two dots in their name

I have a new client that has files named as follows: xxxx.xxxx.log Splunk is not ingesting them. How can I ingest log...

by Path Finder in

Local props.conf and transforms.conf

When creating the local/props.conf and local/transforms.conf, do I need to copy the entire default/props.conf and def...

by Communicator in

How do I map my personally TZ-adjusted time to another TZ?

Occasionally, we need to do user-TZ-setting-agnostic stuff in a search and so we need to be able to say, despite the ...

by Esteemed Legend in

Data search in JSON format

Good day. I did not find the answer to my question, so I made a new topic. My device sends data from IDS in JSON form...

by New Member in

passing source script file name in another field before indexing

i have a script which will be executed from inputs.conf but i need the script file name in a new field instead of sou...

by Builder in

i need to index the source field value into new fields during index time

please help me in indexing source field value into new fields value during index time. please help with transform/pro...

by Builder in

How to pass value to python script from a Input.conf

i need to pass the host value in the URL from external file to the python script. how to pass it through conf file? p...

by Builder in

How to prevent linux_message_syslog input from overriding the FQDN of the host sent from a universal forwarder?

All, I have an input in linuxmessagesyslog that seems to be working fine, but the universal forwarder is providin...

by Builder in

How to create a new field with static value during index time

I want to append new field with static value to the data during index time. how to create with props.conf/transfor...

by Builder in

buckets - Frozen and Thawed bucket

Hi, As soon as data moves from cold to frozen bucket it gets deleted? How data moves from frozen bucket to Thawed ...

by Contributor in

Getting Data In

Discussions

REST API JSON output only with "result" field (without offset, etc.)

Do I need TIBCO or smth like that (highload to Splunk REST API queries)

How to modify syslog source type to handle rfc3339 timestamp?

Use RegEx to set sourcetype on UF where events are in a JSON format

splunk with Docker in windows

Process of Indexed Extraction Configuration

What can be the effects of rebooting a server without taking the forwarder down cleanly?

Search Head - props.conf and transforms.conf not taking into effect in apps directory

Fields Extraction from JSON File

ui_inactivity_timeout - web.conf

How do I ingest logs that have two dots in their name

Local props.conf and transforms.conf

How do I map my personally TZ-adjusted time to another TZ?

Data search in JSON format

passing source script file name in another field before indexing

i need to index the source field value into new fields during index time

How to pass value to python script from a Input.conf

How to prevent linux_message_syslog input from overriding the FQDN of the host sent from a universal forwarder?

How to create a new field with static value during index time

buckets - Frozen and Thawed bucket

Onboard logs from McAfee EPO Cloud

serverclass.conf whitelist from pathname not worki...

Connect to your Azure Storage account with the Spl...

DataParserVerbose - Accepted time format has chang...

how to extract json fields in a mixed type log out...