Getting Data In

Community Activity

	Please assist in LINE_BREAKER stanza in `props.conf` for custom app Dears, I have an app which generates logs in following pattern: ---------------------------------------- Timestamp: ... by Neur0mencer Explorer in Getting Data In 09-02-2019 0 6	0	6
	Logs to local Hfs if on corp network else send to Cloud Laptop sends log to local HFs if connected to corp network - otherwise send logs to Splunk Cloud. Data should not end... by rene_securelink Engager in Getting Data In 09-02-2019 0 7	0	7
	Splunk Alerts: Is it possible to have different results shown in the inline table and the attached CSV? Hi, I was wondering if it was possible for a Splunk email alert to have a different result set shown between the inl... by adamcoquim Explorer in Getting Data In 09-02-2019 0 2	0	2
	Blacklisting DNS queries with nullQueue I am attempting to blacklist DNS queries using nullQueue. props.conf # Blacklist domains [msad:nt6:dns] TRANSFORMS... by geoffmx Explorer in Getting Data In 09-01-2019 0 8	0	8
	Filter columns from CSV while monitoring I am monitoring a folder with csv files with 400+ fields, out of which need only 50 fields for my dashboard. Can we d... by ankitarath2011 Path Finder in Getting Data In 09-01-2019 0 4	0	4
	Sourctype and fix jason field data when i run below search its extracting data from AWS bucket so how ican convert this to search time in splunk cloud a... by Splunk_rocks Path Finder in Getting Data In 09-01-2019 0 2	0	2
	How to figure out if forwarders are utilizing props or transforms? We have Universal Forwarder on our windows servers varying in version from 6.2.3 to 7.1.3. Our Splunk Enterprise ver... by tsheets13 Communicator in Getting Data In 09-01-2019 0 8	0	8
	how to write the props.conf stanze to test the transforms Regex? The following is transforms.conf in my search head [a_b] SOURCE_KEY = _meta REGEX = (logtype::A.*(id::(123\|456)\|(id:... by pavanae Builder in Getting Data In 09-01-2019 0 4	0	4
	Why are logs going into an unknown folder? I have logs going from the Universal Forwarder but are going to the Unknown Folder instead of uploading to the Cloud.... by cedmunds New Member in Getting Data In 09-01-2019 0 3	0	3
	How do I set a source type for this data I have a script that pulls the data at the bottom into a file and then splunk pull the files from the corresponding d... by maxd Engager in Getting Data In 09-01-2019 0 5	0	5
	track all active session (RDP) in network by user hello, I want to track all active session(RDP) in the network and see who login which server, what is the source IP a... by givehchin Path Finder in Getting Data In 09-01-2019 0 7	0	7
	Invalid key in stanza .. in props.conf to make the configuration more readable I use "\" to break long lines, which works fine: EVAL-user = case ( FOO="Act... by PavelP Motivator in Getting Data In 08-31-2019 0 3	0	3
	Getting a list of field extractions using the API There are 2 endpoints that seem to return extractions which are data/transforms/extractions and data/props/extraction... by joemaz95 Path Finder in Getting Data In 08-30-2019 0 10	0	10
	Trouble ignoring events I'm having some difficulty forcing Splunk to ignore events which start with a '#' character. The file is compressed, ... by _smp_ Builder in Getting Data In 08-30-2019 0 21	0	21
	per_sourcetype_thruput logging stopped For several UF's, I've noticed that the metrics.log 'per_sourcetype_thruput' entries have stopped completely, for day... by splunkjas1 Path Finder in Getting Data In 08-30-2019 0 1	0	1
	Filter data by condition on a heavy forwarder Hello , Please i need to filter data on the heavy forwrader to eliminate some logs , Exemple : i need to ingnore ... by aalaa Path Finder in Getting Data In 08-30-2019 0 2	0	2
	Multiple fields to filter against Single inputlookup file Hi Experts Actually I am searching on one index, where Userid is with multiple fields like user,userids,useridvalue,... by gopiven Explorer in Getting Data In 08-30-2019 0 2	0	2
	JSON log extraction at index time Hi, I am trying to extract a JSON log file at index time. The log structure has a nested key(key,value) pairs. Like f... by saiynv New Member in Getting Data In 08-30-2019 0 5	0	5
	Heavy forwarder - Could not send data to output queue (parsingQueue) Below is my use-case (Heavy Forwarders -> Indexers). Need expert assessment. 1) I have very huge log files. 2) So, I... by nareshinsvu Builder in Getting Data In 08-29-2019 0 8	0	8
	How do I forward and delete logs? I would like to be able to forward logs and then delete them using a UF. How can I do this? For the sake of the Splu... by nick405060 Motivator in Getting Data In 08-29-2019 0 2	0	2
	Why are JSON fields extracted and displayed twice? JSON fields are extracted twice. On Universal forwarder (7.0.3) the settings props.conf are like this [my_sourcetyp... by thirusama Path Finder in Getting Data In 08-29-2019 0 12	0	12
	Access /services/receivers/stream endpoint through Nginx proxy? We're running a Splunk indexer behind an Nginx proxy in order to apply HSTS headers. However, we recently noticed tha... by donaldson8 New Member in Getting Data In 08-29-2019 0 0	0	0
	No data from TCP input Hi All, We have a Splunk environment running on 6.2.2. We configured a TCP input to receive logs directly from netwo... by siva_cg Path Finder in Getting Data In 08-29-2019 0 9	0	9
	Feeds TOR network traffic Hello all. I'm now working out how to detect tor traffic. How better me do this? Maybe some articles, guides, some tr... by test_qweqwe Builder in Getting Data In 08-29-2019 0 6	0	6
	csv files with variable structure - how to input ? Hi, There is a task to index csv structured files where the structure depends on one or several fields. For example i... by flyingpiglet Engager in Getting Data In 08-29-2019 0 0	0	0