Getting Data In

Community Activity

	Couldn't parse and extract mixed data (json and text) Hi, I am not able to send my logfile into 2 sourcetypes (json and non-json). Below is my config. I know the fix migh... by nareshinsvu Builder in Getting Data In 09-02-2019 0 4	0	4
	crcSalt = ? if the logfile is archived end of the day Hello experts, My inputs.conf is having below config. Just wondering what happens end of the day? Will my splunk loo... by nareshinsvu Builder in Getting Data In 09-02-2019 0 10	0	10
	Why is Splunk Enterprise not running on Windows 10? I installed Splunk Enterprise on my Windows 10 PC, but when I run it, I get a black webpage at http://localhost:8000/... by edbdic1 New Member in Getting Data In 09-02-2019 0 7	0	7
	I can not set TIME_FORMAT for event in props.conf Hello, splunk community. I am new to splunk and already reviewed ton of info on the topic but I still can't get why ... by noukash Explorer in Getting Data In 09-02-2019 0 2	0	2
	Ingesting JSON formatted logs into Splunk I'm able to get JSON formatted linux os & modx web logs into a Splunk index, but they are not formatted or parsed. Ho... by lball Explorer in Getting Data In 09-02-2019 0 4	0	4
	Please assist in LINE_BREAKER stanza in `props.conf` for custom app Dears, I have an app which generates logs in following pattern: ---------------------------------------- Timestamp: ... by Neur0mencer Explorer in Getting Data In 09-02-2019 0 6	0	6
	Logs to local Hfs if on corp network else send to Cloud Laptop sends log to local HFs if connected to corp network - otherwise send logs to Splunk Cloud. Data should not end... by rene_securelink Engager in Getting Data In 09-02-2019 0 7	0	7
	Splunk Alerts: Is it possible to have different results shown in the inline table and the attached CSV? Hi, I was wondering if it was possible for a Splunk email alert to have a different result set shown between the inl... by adamcoquim Explorer in Getting Data In 09-02-2019 0 2	0	2
	Blacklisting DNS queries with nullQueue I am attempting to blacklist DNS queries using nullQueue. props.conf # Blacklist domains [msad:nt6:dns] TRANSFORMS... by geoffmx Explorer in Getting Data In 09-01-2019 0 8	0	8
	Filter columns from CSV while monitoring I am monitoring a folder with csv files with 400+ fields, out of which need only 50 fields for my dashboard. Can we d... by ankitarath2011 Path Finder in Getting Data In 09-01-2019 0 4	0	4
	Sourctype and fix jason field data when i run below search its extracting data from AWS bucket so how ican convert this to search time in splunk cloud a... by Splunk_rocks Path Finder in Getting Data In 09-01-2019 0 2	0	2
	How to figure out if forwarders are utilizing props or transforms? We have Universal Forwarder on our windows servers varying in version from 6.2.3 to 7.1.3. Our Splunk Enterprise ver... by tsheets13 Communicator in Getting Data In 09-01-2019 0 8	0	8
	how to write the props.conf stanze to test the transforms Regex? The following is transforms.conf in my search head [a_b] SOURCE_KEY = _meta REGEX = (logtype::A.*(id::(123\|456)\|(id:... by pavanae Builder in Getting Data In 09-01-2019 0 4	0	4
	Why are logs going into an unknown folder? I have logs going from the Universal Forwarder but are going to the Unknown Folder instead of uploading to the Cloud.... by cedmunds New Member in Getting Data In 09-01-2019 0 3	0	3
	How do I set a source type for this data I have a script that pulls the data at the bottom into a file and then splunk pull the files from the corresponding d... by maxd Engager in Getting Data In 09-01-2019 0 5	0	5
	track all active session (RDP) in network by user hello, I want to track all active session(RDP) in the network and see who login which server, what is the source IP a... by givehchin Path Finder in Getting Data In 09-01-2019 0 7	0	7
	Invalid key in stanza .. in props.conf to make the configuration more readable I use "\" to break long lines, which works fine: EVAL-user = case ( FOO="Act... by PavelP Motivator in Getting Data In 08-31-2019 0 3	0	3
	Getting a list of field extractions using the API There are 2 endpoints that seem to return extractions which are data/transforms/extractions and data/props/extraction... by joemaz95 Path Finder in Getting Data In 08-30-2019 0 10	0	10
	Trouble ignoring events I'm having some difficulty forcing Splunk to ignore events which start with a '#' character. The file is compressed, ... by _smp_ Builder in Getting Data In 08-30-2019 0 21	0	21
	per_sourcetype_thruput logging stopped For several UF's, I've noticed that the metrics.log 'per_sourcetype_thruput' entries have stopped completely, for day... by splunkjas1 Path Finder in Getting Data In 08-30-2019 0 1	0	1
	Filter data by condition on a heavy forwarder Hello , Please i need to filter data on the heavy forwrader to eliminate some logs , Exemple : i need to ingnore ... by aalaa Path Finder in Getting Data In 08-30-2019 0 2	0	2
	Multiple fields to filter against Single inputlookup file Hi Experts Actually I am searching on one index, where Userid is with multiple fields like user,userids,useridvalue,... by gopiven Explorer in Getting Data In 08-30-2019 0 2	0	2
	JSON log extraction at index time Hi, I am trying to extract a JSON log file at index time. The log structure has a nested key(key,value) pairs. Like f... by saiynv New Member in Getting Data In 08-30-2019 0 5	0	5
	Heavy forwarder - Could not send data to output queue (parsingQueue) Below is my use-case (Heavy Forwarders -> Indexers). Need expert assessment. 1) I have very huge log files. 2) So, I... by nareshinsvu Builder in Getting Data In 08-29-2019 0 8	0	8
	How do I forward and delete logs? I would like to be able to forward logs and then delete them using a UF. How can I do this? For the sake of the Splu... by nick405060 Motivator in Getting Data In 08-29-2019 0 2	0	2