Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Nadhiyaa

How to remove the duplicate values from json events

Below is sample data . How to remove the duplicate values
by Nadhiyaa Path Finder in Getting Data In 09-04-2019
0 4
0
4
djime

How do you prevent Splunk from indexing duplicated events?

How do you prevent Splunk from indexing duplicate events forwarded from different forwarders? The monitored log files...
by djime New Member in Getting Data In 09-04-2019
0 7
0
7
marellasunil

Why are all services still being indexed, even with my WinHostMon whitelist configuration specifying certain services?

Hi, I want to index only the services "AppHostSvc", "Iisadmin" & "AppHostSvc", but even with the below input.conf co...
by marellasunil Communicator in Getting Data In 09-04-2019
0 5
0
5
lufermalgo

Splunk HEC response time

Hello community, how can I build a report that allows me to know what the response time it takes for requests via HTT...
by lufermalgo Path Finder in Getting Data In 09-04-2019
0 5
0
5
meenu_2017

scripted input not following the cron schedule

I have a scripted input that runs on the schedule 0 9 * * * (once a day at 9 am). This is a powershell scripted input...
by meenu_2017 Engager in Getting Data In 09-04-2019
0 3
0
3
vrmandadi

What is procedure to upgrade universal and heavy forwarders?

Hello , We have around 13 heavy forwarders.How does the upgrade thing work , should we log into each instance and do...
by vrmandadi Builder in Getting Data In 09-04-2019
0 3
0
3
noob4now

Create a multiple value Time Zone Clock as a table

My Server is in GMT (Zulu Time) which is accurate for the log collection, but I'd like to have a table that shows mul...
by noob4now New Member in Getting Data In 09-04-2019
0 0
0
0
rashi83

We are on Splunk 7.3.1 , would need to know if there is any to de-duplicate the incoming data on FOrwarder or Indexer level?

We have many instances where duplicate data has been coming due to server instances running in wrong manner. Because ...
by rashi83 Path Finder in Getting Data In 09-04-2019
1 1
1
1
mdp009

How to route the alert notification to a specific manager based on the user that triggered the alert?

How can I route the alert notification to a specific manager based on the user that triggered the alert? The user is ...
by mdp009 New Member in Getting Data In 09-04-2019
0 0
0
0
amanno

Nested Loop or a Sub-search

Hi guys, I know there has to be a straightforward way to do this in SPL just can't figure out which to use. I have ...
by amanno New Member in Getting Data In 09-04-2019
0 2
0
2
jerzy999

How to extract fields from json ?

I do have a single (unfortunately not very repetitive in terms of number of characters and overall form) JSON event w...
by jerzy999 New Member in Getting Data In 09-04-2019
0 2
0
2
stevenbutterwor

How do I send events to nullqueue?

I am currently ingesting AWS VPC Flow logs from our AWS tenant. Most of the logs are internal traffic between ec2 in...
by stevenbutterwor Path Finder in Getting Data In 09-04-2019
0 8
0
8
gelica

Monitor directory containing zip files

Hi, I'm trying to monitor a directory which contains zip files. The zip files contain different file types, and I'm ...
by gelica Communicator in Getting Data In 09-04-2019
2 6
2
6
daniel333

How can Splunk running as local user impact DNS?

All, I have a deployment server on centOS7 for a few months now. Out of nowhere it could not send data via it's out...
by daniel333 Builder in Getting Data In 09-03-2019
0 1
0
1
TokyoQ

Different timezone for script monitor cron expression

I can see that general cron jobs can support running in a particular timezone through the CRON_TZ parameter. https:/...
by TokyoQ New Member in Getting Data In 09-03-2019
0 3
0
3
stephenggilmore

How to change the displayed time filter when a different dropdown value is selected?

I have two filters on my dashboard. One for time (using the Time filter) and one for environment (using the Dropdown ...
by stephenggilmore Explorer in Getting Data In 09-03-2019
0 5
0
5
sachaz

Fields in Splunk Cloud from Heavy Forwarder (Add-on Windows and Linux)

I've installed Splunk Add-on for Windows and Splunk Add-on for Unix and Linux in the Heavy forwarder. I only edited i...
by sachaz Explorer in Getting Data In 09-03-2019
0 2
0
2
Glasses

What is the best way to configure splunk to ingest data received from 3rd party WebHook alert actions?

Hi, I am new to configuring splunk to receive "webhook" posts and index them. I have an application that generates "w...
by Glasses Builder in Getting Data In 09-03-2019
0 0
0
0
mcastino

Why does the date format in scheduled csv report change in an email?

I have made a scheduled report which emails a csv file containing counts of particular events for each day in the las...
by mcastino New Member in Getting Data In 09-03-2019
0 3
0
3
ramyasurendrana

Integrate Splunk with Azure Devops

We are trying retrieve user story details from Azure Devops (TFS) to splunk. Users wanted the work items closed and o...
by ramyasurendrana New Member in Getting Data In 09-03-2019
0 0
0
0
geoffmx

Determine which Active servers with Universal Forwarder areNOT sending logs to Splunk

We have a bunch of servers with UFs installed. These servers may have different operational states. For example, "Act...
by geoffmx Explorer in Getting Data In 09-03-2019
0 4
0
4
nareshinsvu

Couldn't parse and extract mixed data (json and text)

Hi, I am not able to send my logfile into 2 sourcetypes (json and non-json). Below is my config. I know the fix migh...
by nareshinsvu Builder in Getting Data In 09-02-2019
0 4
0
4
nareshinsvu

crcSalt = ? if the logfile is archived end of the day

Hello experts, My inputs.conf is having below config. Just wondering what happens end of the day? Will my splunk loo...
by nareshinsvu Builder in Getting Data In 09-02-2019
0 10
0
10
edbdic1

Why is Splunk Enterprise not running on Windows 10?

I installed Splunk Enterprise on my Windows 10 PC, but when I run it, I get a black webpage at http://localhost:8000/...
by edbdic1 New Member in Getting Data In 09-02-2019
0 7
0
7
noukash

I can not set TIME_FORMAT for event in props.conf

Hello, splunk community. I am new to splunk and already reviewed ton of info on the topic but I still can't get why ...
by noukash Explorer in Getting Data In 09-02-2019
0 2
0
2
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...
Top Solution Authors
View All