Getting Data In

Discussions

Thread Info

Can I use a diff command to compare which Windows host values are logging week over week?

I am in need of assistance/guidance in creating a query that will compare the windows logging hosts from previous wee...

by Explorer in

How do you exclude log lines from being indexed?

Hi, I am using Splunk 6.5. How can I exclude lines containing a pattern from being indexed? In my case I have IIS acc...

by New Member in

What are possible files to clear disk space in Splunk indexer?

Hi, In my production environment we allocated disk space around 800GB but still it's not enough. It is eating lot ...

by Explorer in

Setting the time-stamp recognition

We have"event": 1503162120.971 event=login fI="2017-05-31 23:21:22.000"... u_wl=25 uid=6da2479a-2b79-3c7a-8450-30c2d4...

by Explorer in

How to check license consumption of an index each day

Can i please know the query to find the license consumption for an index for each day for last 30 days . For example,...

by Path Finder in

How can I visualize daily license consumption and increase?

Can I please know how to track the license increase? For example , I have an sourcetype "access_log" which has contri...

by Path Finder in

Replace single quotes with double quotes

All, We have a lot of key value pairs using single quotes. I am THINKING there is a way to fix this using SEDCMD....

by Builder in

Can I use a Splunk universal forwarder to monitor memory, disk I/O, and CPU consumption?

Hello Splunkers, I want to ask you about Splunk Universal Forwarder memory, CPU and DISK I/O consumption monitorin...

by New Member in

SEDCMD - special requirement for backslash?

It seems I cannot replace data with a backslash in it. For instance: DOMAIN\USERNAME I have tried all of the fo...

by Contributor in

Filtering a Search

Hi there, so I had a nice search return but I have a few bits that I don't want in the search. Really all I care abou...

by Explorer in

Where is the correct configuration file located in order to modify the Windows 2012 R2 ulimit?

I run health check on my Splunk Enterprise 6.6.0 server running on Windows 2012 R2. I end up with the warning "One or...

by Communicator in

Getting an "Invalid key in stanza" errors for the Splunk Windows Universal agent configured with default configuration ?

Hi All, We are recently upgrade to the latest version of the Universal forwarder 6.6.1 as we moved Entire splunk inst...

by Motivator in

How do you route the same data to multiple indexes?

I am onboarding a new data source. I need to send all of the data to index 1 and part of data to index 2. Is it possi...

by Contributor in

Using an earliest_time and latest_time parameter, can the output be the amount of time between these 2 events?

Hi All I want to extract result for period of co-relation rule i.e: "dispatch.earliesttime" - "dispatch.latesttime...

by Communicator in

How to route events from a single host to multiple indexes?

Hi Splunk Community, I've the following scenario where I would like to route the events (JSON format) coming from ...

by Communicator in

Help with the logic to make this count my fields correctly

Hi, I have the following field called OS with 6 different values and count for each value: Windows = 5 Mac = 4 Lin...

by Explorer in

Ubuntu Desktop version install - .deb fails to install

I have tried Splunk Install on both VMware and Virtualbox Ubuntu Desktop version so I can use the graphical install i...

by Path Finder in

How can I search for a list of all 50 hosts on my network with the most recent date it was powered on?

Instead of typing in each host one by one in the data field to see when it was last updated, is there a way to run a ...

by Explorer in

How can I monitor Splunk instances (deployment, deployer, seach head, cluster master, etc.)?

I'm new to setting up clusters and I assumed that the splunk instances (deployment, deployer, seach head, cluster mas...

by Explorer in

Can I still send data to nullQueue while using _MetaData:Index to send data to an Alternate Index?

I have one source directory in the inputs.conf file that I need to parse out and send different events to different I...

by New Member in

Getting Data In

Discussions

Can I use a diff command to compare which Windows host values are logging week over week?

How do you exclude log lines from being indexed?

What are possible files to clear disk space in Splunk indexer?

Setting the time-stamp recognition

How to check license consumption of an index each day

How can I visualize daily license consumption and increase?

Replace single quotes with double quotes

Can I use a Splunk universal forwarder to monitor memory, disk I/O, and CPU consumption?

SEDCMD - special requirement for backslash?

Filtering a Search

Where is the correct configuration file located in order to modify the Windows 2012 R2 ulimit?

Getting an "Invalid key in stanza" errors for the Splunk Windows Universal agent configured with default configuration ?

How do you route the same data to multiple indexes?

Using an earliest_time and latest_time parameter, can the output be the amount of time between these 2 events?

How to route events from a single host to multiple indexes?

Help with the logic to make this count my fields correctly

Ubuntu Desktop version install - .deb fails to install

How can I search for a list of all 50 hosts on my network with the most recent date it was powered on?

How can I monitor Splunk instances (deployment, deployer, seach head, cluster master, etc.)?

Can I still send data to nullQueue while using _MetaData:Index to send data to an Alternate Index?

Splunk_TA_aws duplicated events

Onboard logs from McAfee EPO Cloud

serverclass.conf whitelist from pathname not worki...

Connect to your Azure Storage account with the Spl...

DataParserVerbose - Accepted time format has chang...