Getting Data In

Community Activity

Remove ::ffff: from logs I am looking to remove the ::ffff: from Windows event logs: Network Information: Client Address: ::ffff:XX.X... by diegosainz Path Finder in Getting Data In 08-14-2019 1 10	1	10
Indexes.conf question Hey All, I have a question surrounding the best way to deploy the indexes.conf in our environment. We currently have... by adalbor Builder in Getting Data In 08-14-2019 1 4	1	4
inputs.conf monitor stanza for Windows Universal Forwarder with wildcards not working I'm facing a problem with writing a stanza that would collect log files from a directory tree. The tree is (example):... by Neur0mencer Explorer in Getting Data In 08-14-2019 0 2	0	2
Indexers props.conf From Splunk it's said it's best to do your custom Field extractions at search time. So the only extractions you do on... by Jarohnimo Builder in Getting Data In 08-14-2019 0 5	0	5
help with mstats needed Hello, I have a metric index reflecting the OS kpis (unix nmon tool). In order to process the data with ML algorithm... by damucka Builder in Getting Data In 08-13-2019 0 2	0	2
Eventtypes have gone missing I have had Splunk Stream up and running for a while, but after upgrading to 7.3.1 some of my Eventtypes that drive th... by kmower Communicator in Getting Data In 08-13-2019 0 1	0	1
Backing-up a Splunk app being developed inside a Docker container? I'm using the Splunk-developed splunk/splunk:7.3.0 Docker image as the base ( from) image for my own custom Docker im... by Graham_Hanningt Builder in Getting Data In 08-13-2019 0 5	0	5
Failed to set up Universal forwarder with docker compose I want to setup a universal forwarder that receive logs from a syslog server (share a volume) and send logs to a rece... by rotemya Explorer in Getting Data In 08-13-2019 0 18	0	18
Can a search head "connect" to a search peer on an other sites? I don't know how to formulate this question but I'll give it try. I have a complete Splunk Enterprise installation o... by mukuru74 New Member in Getting Data In 08-13-2019 0 2	0	2
How to get perfmon data into a metrics index? Hello, i have TA Windows 6.0.0 installed on my multisite cluster enviroment on but i cannot see any data incoming in... by jkwiotek New Member in Getting Data In 08-13-2019 0 8	0	8
Multiple lines in a single event CSV Hi. I have the following CSV entry. The problem is that splunk take events from every line, but i have to merge mult... by rdgg97 Explorer in Getting Data In 08-13-2019 0 6	0	6
help with inputcsv needed - how to read last line only Hello, I am appending the file with outputcsv and then I would like to read it with inputcsv, however the last line ... by damucka Builder in Getting Data In 08-13-2019 0 2	0	2
How to turn values into their own field? Hi. I'd like to grab unique values of a field, and turn them into their own field. And then, to put their correspondi... by russell120 Communicator in Getting Data In 08-13-2019 0 2	0	2
Events Doubled Overnight I am having an issue as of July 25 and July 26 the events had doubled from logon and logoff commands that I used for ... by keldridg2 New Member in Getting Data In 08-13-2019 0 2	0	2
How to configure Cisco AMP for Endpoints Events input I tried to configure the AMP for Endpoints API Access on the Cisco AMP for Endpoints Events input app. However the co... by Kayoko New Member in Getting Data In 08-13-2019 0 4	0	4
exclude events based on field Hi, Using filemonitor. we are collecting data from a file which sends data of all nix servers. Now we want to only ex... by martinnepolean Explorer in Getting Data In 08-13-2019 0 6	0	6
Why are we seeing an issue with an EXTREMELY busy forwarder bogging down our indexers? Recently, indexing from that particular forwarder has gotten to be even slower, sometimes falling hours behind. I'm c... by ChadLangUAB Path Finder in Getting Data In 08-13-2019 0 4	0	4
Can default certificate be used for communication between universal forwarder and heavy forwarder in Splunk cloud? I am pretty new to splunk. We are implementing heavy forwarder on EC2 instance which receives the data from UF and fo... by Amogh88 New Member in Getting Data In 08-13-2019 0 1	0	1
Splunk UF not forwarding Data So, I've been searching for quite a while to figure out the issue on what I've been experiencing. Now at a loss I ne... by ltrand Contributor in Getting Data In 08-13-2019 1 4	1	4
props.conf not effective Hi, this issue has been mentioned here before but still my changes in props.conf are not effective. Here is the confi... by juleserror Engager in Getting Data In 08-13-2019 0 5	0	5
How to create a new field and assign the hostname field using IP address Hi All, We are getting data from an application server for all servers and we are getting the IP address in dest_ip ... by martinnepolean Explorer in Getting Data In 08-13-2019 0 3	0	3
Window Event (Multiline) nullQueue Question Hi A nullQueue procedure is need in multiline data, such as in a Windows security log. The heavy forwarder is trying ... by khyoung7410 Communicator in Getting Data In 08-12-2019 0 3	0	3
Problem replicating config (bundle) to search peer ' xx.x.xx.xx:8089 ', Unknown write error. i have a relative simple setup. One instance is an indexer, another is search head and heavy forwarder. All seems fin... by danthebiman New Member in Getting Data In 08-12-2019 0 0	0	0
how to search events within few minutes of given date time I have been looking all over and still not able to get this working. I saw few links here and still none helps. Lets... by arusoft Communicator in Getting Data In 08-12-2019 0 3	0	3
UF User Windows Hello friends! i hope you guys can help me. I have installed UF on windows server but i need to know the following: ... by julian0125 Explorer in Getting Data In 08-12-2019 0 2	0	2