Getting Data In

Community Activity

Need a help with posting data using Rest API's from one Splunk to another Hello, I have my own Splunk where I installed SPLUNK ES and I just got the Search head access from somebody's SPLU... by satyaallaparthi Communicator in Getting Data In 07-19-2019 0 9	0	9
index based on first three characters of hostname Hello, I am trying to implement setting a specific index based on part of the hostname. For ALL of my data that I ... by dglass0215 Path Finder in Getting Data In 07-19-2019 0 6	0	6
Index only first Occurrence of string in events I want to know if below things are possible in splunk and if YES then How it can be achieved- 1. Below is sample even... by ips_mandar Builder in Getting Data In 07-19-2019 0 5	0	5
using source in props.conf to break the below event based on realm . I am trying to break the event based on the realm in the below example. My sourcetype "Iam_logs" is defined globally ... by Sujithkumarkb Observer in Getting Data In 07-19-2019 0 1	0	1
HTTP Event Collector on Heavy forwared I want to configure HTTP Event collector on one of the Heavy forwarder. initially i create the app with named splunk... by riqbal47010 Path Finder in Getting Data In 07-19-2019 0 3	0	3
Python script error during installation of Splunk Forwarder Add-on for WAS I see below error while running installation script of Splunk Forwarder Add-on for WAS. $ python was_log_inputs.py ... by lalbsah Engager in Getting Data In 07-18-2019 0 3	0	3
How to break event 1 and 2 further? Each Realm entry should be an event, JSON is the source. Event1: {"realm":"/humapp","transactionId":"d9d6ba4e-c3bb... by Sujithkumarkb Observer in Getting Data In 07-18-2019 0 5	0	5
Timestamp from file name I have file names like this "Patch-Data_2-1-2012.csv" How do I use the date in the file name for the datestamp for ... by hartfoml Motivator in Getting Data In 07-18-2019 2 5	2	5
Splunk Website Monitoring stops working if I add more app URLS to be monitored! Hello, I am trying to configure Splunk Website Monitoring app to probe new application URLS. It was working fine, un... by vsrigane Explorer in Getting Data In 07-18-2019 0 0	0	0
How/where to tell a new data input to use this new index in a cluster? I have a cluster environment, 3 indexers and one Master indexer/DMC/LM, a deployment server, syslog-ng Heavy Forwarde... by MikeVenable Path Finder in Getting Data In 07-18-2019 0 2	0	2
Format unicode characters in json input We're trying to index json formatted logs from kubernetes pods by removing the json formatting and making the logs ap... by vstariradev Explorer in Getting Data In 07-18-2019 0 0	0	0
"Brute Force Access Behavior Detected" from Microsoft domain controllers Seeing lots of "Brute Force Access Behavior Detected" notable events coming from Microsoft domain controllers. The c... by dsuddu Engager in Getting Data In 07-18-2019 6 4	6	4
inputs.conf segment setting Not sure why the hostname for the monitor stanza below is not being parsed out... directory is as follows: /mnt/log... by plumainwfs New Member in Getting Data In 07-18-2019 0 2	0	2
Splunk Add-on for Microsoft Windows NOT CIM I have installed the Splunk Add-on for Microsoft Windows App on the latest 6.0 Version on Splunk Enterprise 7.3 i am... by omri_p Engager in Getting Data In 07-18-2019 0 0	0	0
sum multiple value in a json Hello, I have a raw like this: .success [{"importo":2,"tipologiaOperazione":"AAA"},{"importo":1.82,"tipologiaOperazi... by 3vi Engager in Getting Data In 07-18-2019 0 2	0	2
I am not able to send logs to 2 different indexer I have a setup, where I have one production indexer and another one is development indexer. I want all the data to be... by saramamurthy_sp Splunk Employee in Getting Data In 07-18-2019 0 2	0	2
Why is the field extraction transformation not working in conjunction with data filtering transformation? I'm trying to minimize the amount of data from Kubernetes JSON events that are being indexed into my Splunk instance.... by alanzchan Path Finder in Getting Data In 07-17-2019 0 21	0	21
Universal Forwarder invoke powershell script on-demand How can I run a powershell script on a Universal Forwarder on-demand instead of scheduling it in the inputs.conf and ... by kevinbullock New Member in Getting Data In 07-17-2019 0 0	0	0
Extract Json and non-json data from single event Hello Champions, Need your help in extracting mixed data. Below is my sample data. I indexed it as a single event wi... by nareshinsvu Builder in Getting Data In 07-17-2019 0 3	0	3
Filter and get count of kvstore records via REST API I have a kvstore collection with ~50 000 records. I want to get count of records that satisfy some conditions, but I ... by asnegina New Member in Getting Data In 07-17-2019 0 1	0	1
Why isn't my transforms working? \etc\system\local\transforms.conf [drop4768OK] REGEX = EventCode=4768(.\|\t\|\r\|\n)Result.Code.*0x0 DEST_KEY = queue... by tmontney Builder in Getting Data In 07-17-2019 0 12	0	12
manually run a scripted input? I have a scripted input in Splunk that sends it's data to Splunk via STDOUT. Is there any way to run the script on-de... by jeff Contributor in Getting Data In 07-17-2019 0 5	0	5
Splunk Webの動作についてお世話になっております。 Splunk Webについてご質問があります。現在インデックスサーバをスタンドアロンで構築し（OSはCentOS7）設定のデータ入力→ファイルとディレクトリ→新しいローカルファイルとディレクトリからファ... by alffsadm Explorer in Getting Data In 07-17-2019 1 5	1	5
Can I dynamically set the default host value using a Universal Forwarder? I'm using host_regex on a Universal Forwarder. inputs.conf [monitor:///app/splunkforwarder/logs/containername/*.lo... by psyched4splunk Explorer in Getting Data In 07-17-2019 0 6	0	6
Docker logs control in Splunk Hi there, Is there anyway on Splunk search peer or Forwarder to filter the data. Like log messages that contain DEBUG... by rashi83 Path Finder in Getting Data In 07-16-2019 0 2	0	2