Getting Data In

Community Activity

How to parses received multi type syslog logs on indexeurs Hello I have a problem for which I have not found a solution despite several hours of research. I have an indexer o... by michaelroussel2 New Member in Getting Data In 09-05-2019 0 0	0	0
Linux Universal Forwarder - Security Recommendations Hello Splunk-Community, for month we are discussing with our Linux admins, if it is ok to install Splunk Universal F... by splk Communicator in Getting Data In 09-05-2019 1 2	1	2
Help extracting user logins from IIS logs to one report Hello, I'm trying to extract two types of data from IIS logs to sum up the login counts for a list of specific users.... by mwagnerfhlbc Engager in Getting Data In 09-05-2019 0 0	0	0
Filtering data block in Heavy Forwarder Hello, I have a problem that I don't know how to solve. We are receiving logs in xml via universal forwarders. The lo... by jrballesteros05 Communicator in Getting Data In 09-05-2019 0 12	0	12
Run the equivalent of an `extract` command on a structured JSON event's subfield We're ingesting structured JSON logs from a source and would like to run the equivalent of the extract command on one... by ckarcher New Member in Getting Data In 09-05-2019 0 8	0	8
Polling not working, the rest addon is just showing the only the initial few. Polling not working, the rest addon is just showing the only the initial few. The only data that i see is from the d... by vivinjetha New Member in Getting Data In 09-05-2019 0 0	0	0
Monitor alerts (alarm if alerts do not work) Hello together, i want to monitor existing alerts in splunk. For the case that an alarm doesn't work proper and does... by igschloessl Explorer in Getting Data In 09-05-2019 0 2	0	2
SNMP Modular Input Custom MIB Hello. After installing snmp modular input have a problem with MIB. Logs are not human readable format. Example: no... by bakdaulet Loves-to-Learn Lots in Getting Data In 09-04-2019 0 0	0	0
Multi line event not breaking Hello Splunk community! I have a monitored input file. A process writes a header to a continuous log file and about... by shpot New Member in Getting Data In 09-04-2019 0 2	0	2
Is there any current documentation on how to add network nodes to Splunk to gather data? I recently started a new job and used Splunk at my old one. I know the power of Splunk and know it will be useful fo... by mniemann New Member in Getting Data In 09-04-2019 0 2	0	2
How to remove the duplicate values from json events Below is sample data . How to remove the duplicate values by Nadhiyaa Path Finder in Getting Data In 09-04-2019 0 4	0	4
How do you prevent Splunk from indexing duplicated events? How do you prevent Splunk from indexing duplicate events forwarded from different forwarders? The monitored log files... by djime New Member in Getting Data In 09-04-2019 0 7	0	7
Why are all services still being indexed, even with my WinHostMon whitelist configuration specifying certain services? Hi, I want to index only the services "AppHostSvc", "Iisadmin" & "AppHostSvc", but even with the below input.conf co... by marellasunil Communicator in Getting Data In 09-04-2019 0 5	0	5
Splunk HEC response time Hello community, how can I build a report that allows me to know what the response time it takes for requests via HTT... by lufermalgo Path Finder in Getting Data In 09-04-2019 0 5	0	5
scripted input not following the cron schedule I have a scripted input that runs on the schedule 0 9 * * * (once a day at 9 am). This is a powershell scripted input... by meenu_2017 Engager in Getting Data In 09-04-2019 0 3	0	3
What is procedure to upgrade universal and heavy forwarders? Hello , We have around 13 heavy forwarders.How does the upgrade thing work , should we log into each instance and do... by vrmandadi Builder in Getting Data In 09-04-2019 0 3	0	3
Create a multiple value Time Zone Clock as a table My Server is in GMT (Zulu Time) which is accurate for the log collection, but I'd like to have a table that shows mul... by noob4now New Member in Getting Data In 09-04-2019 0 0	0	0
We are on Splunk 7.3.1 , would need to know if there is any to de-duplicate the incoming data on FOrwarder or Indexer level? We have many instances where duplicate data has been coming due to server instances running in wrong manner. Because ... by rashi83 Path Finder in Getting Data In 09-04-2019 1 1	1	1
How to route the alert notification to a specific manager based on the user that triggered the alert? How can I route the alert notification to a specific manager based on the user that triggered the alert? The user is ... by mdp009 New Member in Getting Data In 09-04-2019 0 0	0	0
Nested Loop or a Sub-search Hi guys, I know there has to be a straightforward way to do this in SPL just can't figure out which to use. I have ... by amanno New Member in Getting Data In 09-04-2019 0 2	0	2
How to extract fields from json ? I do have a single (unfortunately not very repetitive in terms of number of characters and overall form) JSON event w... by jerzy999 New Member in Getting Data In 09-04-2019 0 2	0	2
How do I send events to nullqueue? I am currently ingesting AWS VPC Flow logs from our AWS tenant. Most of the logs are internal traffic between ec2 in... by stevenbutterwor Path Finder in Getting Data In 09-04-2019 0 8	0	8
Monitor directory containing zip files Hi, I'm trying to monitor a directory which contains zip files. The zip files contain different file types, and I'm ... by gelica Communicator in Getting Data In 09-04-2019 2 6	2	6
How can Splunk running as local user impact DNS? All, I have a deployment server on centOS7 for a few months now. Out of nowhere it could not send data via it's out... by daniel333 Builder in Getting Data In 09-03-2019 0 1	0	1
Different timezone for script monitor cron expression I can see that general cron jobs can support running in a particular timezone through the CRON_TZ parameter. https:/... by TokyoQ New Member in Getting Data In 09-03-2019 0 3	0	3