Getting Data In

Community Activity

Translate my windows event viewer search query to splunk search query Hi, I would like to translate my windows event log custom query to splunk search syntax. <QueryList> <Query Id="0... by jarves New Member in Getting Data In 08-06-2019 0 10	0	10
How can I keep my data unique with manually uploading two overlapping log files? How can manual data uploads with overlapping log files include only unique data? The goal is to avoid uploading dupli... by mkawamura New Member in Getting Data In 08-06-2019 0 1	0	1
How to import .edb data in Splunk Hi , i want to import below data in splunk - "C:\Windows\System32\CertLog\xyz Authentication CA - Ext.edb" it is... by himanshu_b_shek New Member in Getting Data In 08-06-2019 0 1	0	1
How to extract an event timestamp where seconds and milliseconds are concatenated without padded zeros? I came across a weird log format where the seconds and milliseconds are concatenated without padded zeros. Example d... by diogofgm SplunkTrust in Getting Data In 08-06-2019 1 1	1	1
Indexer Menu 7.2.3 What is the significance of searchable copies and replicated copies flapping between green and gray on the indexer cl... by halbeisendv Path Finder in Getting Data In 08-06-2019 0 1	0	1
Index ingestion failure I have a case where an index failed to index due to some network issue. But was not aware of it and the dashboard wen... by jiaqya Builder in Getting Data In 08-06-2019 0 0	0	0
Can “Microsoft Office 365 App for Splunk” use log data from “Microsoft Azure Active Directory Add-on for Splunk” for the Azure AD logs? One question about “Microsoft Office 365 App for Splunk”. Can it use log data from “Microsoft Azure Active Directory... by awesomeguan New Member in Getting Data In 08-05-2019 0 0	0	0
How to ensure regex filters in transforms.conf and a stanza in props.conf only applies to a specific input? Hello, so I understand that my props.conf and transforms.conf (below) in theory allow me to filter out the events th... by bms9nmh New Member in Getting Data In 08-05-2019 0 3	0	3
Indexing live XML data from large files We are having Splunk Enterprise version(7.1.0) for reading data from different indexes. But we have been provided la... by aritratony New Member in Getting Data In 08-05-2019 0 1	0	1
If there are two statements in a log, how to set a custom message if those two statements are existing in one log Hello All, Here is my sample data. "**19:30:06 C:\Pelibib\MBX\20190618193001755_MA07.MBX processed and deleted*... by mnarmada Path Finder in Getting Data In 08-05-2019 0 4	0	4
How to use split in search? Hi, how to me use a command split or other command that make two field from one? Example: Im get a token with text "... by sbimizry Engager in Getting Data In 08-05-2019 0 2	0	2
How to edit outputs.conf for universal forwarder in linux Hi, I was trying to edit outputs.conf for universal forwarder, but when i was searching for outputs.conf file in e... by raghu0463 Explorer in Getting Data In 08-05-2019 0 10	0	10
Script for install Splunk Forwarder on Windows? Hi; Is there script or bat file to install Splunk forwarder, I have tried script existing in the below link but not... by aalhabbash1 Path Finder in Getting Data In 08-04-2019 0 1	0	1
NSlookup on Network Tools App with Specified DNS Server? I am trying to write an alert in Splunk which will tell us if the 2 DNS servers we have setup for a domain are workin... by khavildar Explorer in Getting Data In 08-03-2019 0 2	0	2
How to add AWS ap-east-1 region to Splunk Add-On for Amazon Hi guys, Anyway to add ap-east-1 (Hong Kong) region to the Splunk Add-On for Amazon? ap-east-1 is a relatively new ... by goldjoy New Member in Getting Data In 08-03-2019 0 0	0	0
Splunk App Fortinet Fortigate I have firewall data coming to my syslog server.The syslog file gets rotated every 24 hours. Ive installed forwarder... by vinod94 Contributor in Getting Data In 08-03-2019 0 2	0	2
How to investigate crashing indexer Our indexers are in a cluster. We have 4 indexers and they are crashing once a week, I do not how to start investigat... by shivanandbm Explorer in Getting Data In 08-02-2019 0 2	0	2
Does Windows Server 2016 only produce xml logs? I have a Windows 2016 Server and I've got a UF sending windows event logs. They only come in as xml, even if I put r... by gregbo Communicator in Getting Data In 08-02-2019 0 1	0	1
Does "rex mode=sed" pass as SEDCMD regex check? Hello. I'm attempting to reduce the volume of log message with full text of terms and conditions, through using SEDCM... by selenith Engager in Getting Data In 08-02-2019 0 1	0	1
Microsoft Secure Score Is this possible include a Microsoft Secure Score Splunk Dashboard can someone provide the details for this by gotoole Loves-to-Learn Lots in Getting Data In 08-01-2019 0 0	0	0
Anonymize clear text credentials in Powershell logs using SEDCMD I am attempting to anonymize clear-text credentials passed via PowerShell referring to the splunk documentation to ... by geoffmx Explorer in Getting Data In 08-01-2019 0 5	0	5
Need to add _raw content into "Log Event" My Splunk alerts use the "Log Event" actions. How do I add the contents of _raw into the "Event" field? I tried $r... by fshimaya Engager in Getting Data In 08-01-2019 0 1	0	1
Logrotate question to Permit Splunk user to read syslog? All, I have /var/log/messages on a host I want Splunk to be able to read. Here is my log rotation config. Splunk us... by daniel333 Builder in Getting Data In 08-01-2019 0 0	0	0
python script return json, and show a table in search. I use python script to get json data thouth an API, and i want show them in a table in splunk search. the python scri... by xuehui New Member in Getting Data In 08-01-2019 0 1	0	1
Can anyone help me how to configure heavy forwarder? I installed the Splunk enterprise on Linux, I used universal forwarder and I could get my logs using it on my Splunk... by raghu0479 New Member in Getting Data In 08-01-2019 0 4	0	4