Getting Data In

Community Activity

	Why are JSON fields extracted and displayed twice? JSON fields are extracted twice. On Universal forwarder (7.0.3) the settings props.conf are like this [my_sourcetyp... by thirusama Path Finder in Getting Data In 08-29-2019 0 12	0	12
	Access /services/receivers/stream endpoint through Nginx proxy? We're running a Splunk indexer behind an Nginx proxy in order to apply HSTS headers. However, we recently noticed tha... by donaldson8 New Member in Getting Data In 08-29-2019 0 0	0	0
	No data from TCP input Hi All, We have a Splunk environment running on 6.2.2. We configured a TCP input to receive logs directly from netwo... by siva_cg Path Finder in Getting Data In 08-29-2019 0 9	0	9
	Feeds TOR network traffic Hello all. I'm now working out how to detect tor traffic. How better me do this? Maybe some articles, guides, some tr... by test_qweqwe Builder in Getting Data In 08-29-2019 0 6	0	6
	csv files with variable structure - how to input ? Hi, There is a task to index csv structured files where the structure depends on one or several fields. For example i... by flyingpiglet Engager in Getting Data In 08-29-2019 0 0	0	0
	How to export "Structured Logs" from Splunk to CSV file Hello. I am new with Splunk, I have the following question/issue: My goal is to parse a raw log file with Splunk an... by psychogyiokosta New Member in Getting Data In 08-29-2019 0 6	0	6
	How to forward Windows 2003 logs New to Splunk, I am trying to get logs forwarded from a 2003 server that we have, but having no luck. I installed a ... by kbakeragx New Member in Getting Data In 08-28-2019 0 5	0	5
	Why are logs forwarding from server to Splunk server but not in a readable format (-splunk-cooked-mode-v3)? The logs are forwarding to from our server to the Splunk server. But the logs are not readable format. (Attached scr... by rdevudra New Member in Getting Data In 08-28-2019 0 3	0	3
	Anonymize Multiple Data Points in Splunk Search I am trying to anonymize customer credit card data in splunk logs but when more than one card appears in the same eve... by markhvesta Path Finder in Getting Data In 08-28-2019 0 2	0	2
	Problem with Blacklisting and wildcards Trying to reduce some of the noise caused by NTLM failures by adding the following to our Windows Event Log stanza fo... by asofo Path Finder in Getting Data In 08-28-2019 0 7	0	7
	how to pass a global variable as source? I add a global variable like below ` globalvariable <query> \| makeresults \| eval var="D:\ALM-Splunk-Delivery\Rep... by reney44 Engager in Getting Data In 08-28-2019 0 0	0	0
	How to parse combined JSON and Syslog event? I have an event that has a syslog preamble with a JSON body. They take this shape: <190>0 2019-08-27T17:51:22.87657... by mzeb New Member in Getting Data In 08-27-2019 0 1	0	1
	Error using sa-ldapsearch I'm using the lastest version of the app and Splunk 7.0.1 and I've tried every suggestion I can find on the Splunk we... by jms112080 New Member in Getting Data In 08-27-2019 0 3	0	3
	Sourcetype on SH overwriting config on HF Hi, I am working in a shared environment with several Heavy Forwarders that sent data to Splunk Cloud Indexers and a... by omuelle1 Communicator in Getting Data In 08-27-2019 0 1	0	1
	Problem with json and duplicate events Hi I have this data indexed, as you can see there is only one monitored_element_id. {"monitored_jobs":[{"monitored_e... by jarrebola Explorer in Getting Data In 08-27-2019 0 2	0	2
	Not getting complete MSExchange management event information ingested into Splunk. The configuration I have written to ingest MSExchange management data isn’t ingesting all the information contained i... by abhijit_mhatre Path Finder in Getting Data In 08-27-2019 0 4	0	4
	Dropping blank paths in a JSON search Hi, I am doing some experimentation wirh regards JSON events. I have two events loaded: {<!-- --> "event": ... by brutecat Path Finder in Getting Data In 08-27-2019 0 4	0	4
	PREAMBLE_REGEX used to ignore line of log not working as stated in splunk docs Hello I found this attribute in mysql app in props.conf: PREAMBLE_REGEX = #\sTime:\s\d+\s+\d{1,2}:\d{2}:\d{2} test ... by net1993 Path Finder in Getting Data In 08-26-2019 0 12	0	12
	How can I route two types of data to two different non-Splunk TCP ports? Hi guys I want to forward some of my data from my indexer to one port on our Rapid7 InsightIDR server, and some of m... by nick405060 Motivator in Getting Data In 08-26-2019 0 0	0	0
	How to display multiline columns I'm using Splunk 6.1.4 (soon to be 7.x). I've processed some windows event log data and as per normal Spunk processin... by shocko Contributor in Getting Data In 08-26-2019 0 12	0	12
	Splunk HEC Obfuscate data Hi community, I need your help to resolve a question. Is it possible to obfuscate / mask data that is sent via HEC? ... by lufermalgo Path Finder in Getting Data In 08-26-2019 0 5	0	5
	duplicate data indexing i see duplicate data getting indexed.its impacting license. can you please suggest how i can fix this.below is the mo... by shivanandbm Explorer in Getting Data In 08-26-2019 0 2	0	2
	What is the StreamFwd process? We have encountered an odd process, named 'streamfwd.exe.delete_me', running on a test instance that we are piloting ... by wilcompl1334 Explorer in Getting Data In 08-26-2019 0 0	0	0
	How to reroute index for props/transform Hello, I have my props/transforms setup so that it routes data to specific indexes (For the most part) based on hos... by dglass0215 Path Finder in Getting Data In 08-26-2019 0 3	0	3
	Splunk unexpected timestamp parsing behavior Greetings, In my environment, I have set up an Universal Forwarder that is monitoring a single server .log file, whi... by sendijsd Engager in Getting Data In 08-26-2019 0 2	0	2