Getting Data In

Community Activity

Extract value from multiple events and find time delta Sample log data {‘job_id,:’1’, ‘stage_state’:’build_begin’,’stage_type:’build’,’start_time’:’2019-08-15 15:00:00’} {... by vanakkam New Member in Getting Data In 08-15-2019 0 1	0	1
How to extract two values from two same fields in two events and then find the difference in timestamp Log data example: {'job_no':'1','begin_build_time':'2019-08-15 11:00:00','event_type':'staging'} {'job_no':'1','end_... by vanakkam777 New Member in Getting Data In 08-15-2019 0 1	0	1
Splunk_Server is showing different server than the one in outputs.conf Hello, We currently in the process of moving to indexer clustering with 3 new servers. The 3 old servers a... by jordanking1992 Path Finder in Getting Data In 08-15-2019 0 6	0	6
Why is splunk-launch.conf not in system/local? Why is splunk-launch.conf not in system/local? by nick405060 Motivator in Getting Data In 08-15-2019 0 4	0	4
Split array into multiple lines I have event that looks like this: field1: field1_value field2: field2_value messages: [ { inner_field1: m... by makragic New Member in Getting Data In 08-15-2019 0 4	0	4
Where do I start with troubleshooting Parsing Queue issues on a UF? All, I have SplunkAdmins app installed and received alerts showing me that my Universal Forwarder on a series of Wi... by daniel333 Builder in Getting Data In 08-15-2019 0 3	0	3
Timestamp to Date Conversion I'm having an issue with a dashboard which is reporting UPC counts by day. If I use the following query, it gives the... by apautz22 Loves-to-Learn Lots in Getting Data In 08-15-2019 0 2	0	2
Splunk Parsing - How to do it I have below json that is printed in logs, { "timestamp": "2019-08-15T07:30:10,472Z", "level": "INFO", "threa... by deepak312 Explorer in Getting Data In 08-15-2019 0 1	0	1
What is the minimum network bandwidth required for Splunk forwarding? I plan to setup Splunk Forwarders to push Windows Events and also some linux events to my central Splunk indexer. Nee... by maverick Splunk Employee in Getting Data In 08-15-2019 1 10	1	10
no_appending_timestamp and syslog-ng clarification Just need to clarify - if I'm using syslog-ng to receive udp syslog I do not need the no_appending_timestamp = true i... by mikefg Communicator in Getting Data In 08-15-2019 0 1	0	1
Splunk_Server is showing different server than the one in outputs.conf Hello, We currently in the process of moving to indexer clustering with 3 new servers. The 3 old servers a... by jordanking1992 Path Finder in Getting Data In 08-15-2019 0 0	0	0
Why am I getting error "SSL certificate generation failed" while starting the splunkd process on the universal forwarder? Hi All, I'm unable to start the splunkd process on the universal forwarder and it's giving an error that SSL certifi... by kpavan Path Finder in Getting Data In 08-15-2019 0 6	0	6
Sending multi-line Events as a single line to archive and unchanged to indexer Hi there, I'm struggling with the following: On a heavy forwarder I get two types of data: windows events and firewal... by dkrey Explorer in Getting Data In 08-15-2019 0 6	0	6
Add monitor file with new index not working Hello, I have problem with Splunk Forwarder. Currently, i monitor a dir (/var/log/httpd/*) but it automatic delete ... by tanglong Engager in Getting Data In 08-15-2019 0 4	0	4
How to prevent duplicates in batch mode? I have a number of small files, each of which maps to a single event. Since these files aren't actively added to (on... by trenin Explorer in Getting Data In 08-14-2019 2 6	2	6
Splunk Enterprise install windows I use the basic install on my domain controller and then install forwarder on other machines in the domain. and put m... by srs_rjmd New Member in Getting Data In 08-14-2019 0 1	0	1
How to list defined sourcetypes through API I am looking for a way to list all defined sourcetypes on a Splunk server, using the REST API. From what little inf... by jbanker Explorer in Getting Data In 08-14-2019 0 3	0	3
Multiline Event being split into multiple events I have a multiline event that's being split into multiple events. I've tried LINE_BREAKER, BREAK_ONLY_BEFORE, and BRE... by alanzchan Path Finder in Getting Data In 08-14-2019 0 11	0	11
Splunk Cloud \| Splunk Universal Forwarder \| No scripts found under the selected path Hello, I'm trying to pull some data from an API and push it to Splunk using the Universal Forwarder. I installed the... by izauer Explorer in Getting Data In 08-14-2019 0 0	0	0
timestsamp when data was ingested When we have ingested wrong timestamps, is there a way to find the timestamp of WHEN the data was ingested, not the _... by wfskmoney Path Finder in Getting Data In 08-14-2019 0 2	0	2
Remove ::ffff: from logs I am looking to remove the ::ffff: from Windows event logs: Network Information: Client Address: ::ffff:XX.X... by diegosainz Path Finder in Getting Data In 08-14-2019 1 10	1	10
Indexes.conf question Hey All, I have a question surrounding the best way to deploy the indexes.conf in our environment. We currently have... by adalbor Builder in Getting Data In 08-14-2019 1 4	1	4
inputs.conf monitor stanza for Windows Universal Forwarder with wildcards not working I'm facing a problem with writing a stanza that would collect log files from a directory tree. The tree is (example):... by Neur0mencer Explorer in Getting Data In 08-14-2019 0 2	0	2
Indexers props.conf From Splunk it's said it's best to do your custom Field extractions at search time. So the only extractions you do on... by Jarohnimo Builder in Getting Data In 08-14-2019 0 5	0	5
help with mstats needed Hello, I have a metric index reflecting the OS kpis (unix nmon tool). In order to process the data with ML algorithm... by damucka Builder in Getting Data In 08-13-2019 0 2	0	2