Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
nkingsbury

How much data should be sent to one forwarder?

Hello, I am setting up a log collector with a Universal Forwarder attached for collecting network logs (syslog-ng) an...
by nkingsbury Engager in Getting Data In 07-31-2019
0 6
0
6
ajames12

Help with docker Splunk logging driver URL change

We are in the process of changing our Splunk web DNS name and securing it with https. We are using Splunk logging d...
by ajames12 Engager in Getting Data In 07-31-2019
0 0
0
0
niha1318

Forward data to third-party systems from splunk

Hi, Splunk Version: 7.1.1 we are planning to send splunk existing data to third-party system called Champ. though i...
by niha1318 New Member in Getting Data In 07-31-2019
0 1
0
1
gurpal2000

I already have a source of gauged metrics accessible by http. How can Splunk PULL those?

I already have a source of gauged metrics accessible by http. How can Splunk PULL those? I cannot PUSH those metrics...
by gurpal2000 New Member in Getting Data In 07-31-2019
0 1
0
1
connorgoldenNav

Error parsing dashboard XML: The URI to be decoded is not a valid encoding. Go to "Edit Source" to fix

Windows Overview Dashboard error. Error parsing dashboard XML: The URI to be decoded is not a valid encoding. Go to "...
by connorgoldenNav New Member in Getting Data In 07-31-2019
0 0
0
0
twassing

What is the best practice to send logging from mobile devices to Splunk?

Hi everyone, currently i'm investigating what the best practice is to send logging from mobile devices (Android) to ...
by twassing Engager in Getting Data In 07-31-2019
0 2
0
2
DaClyde

feed Splunk App for Windows Infrastructure without forwarders?

I have a situation where management wants to see server status of some remote deployed servers, but due mostly to pol...
by DaClyde Contributor in Getting Data In 07-31-2019
0 1
0
1
amitosr

mask anonymize data by role

Is there a way to mask or anonymize data in splunk by role such that one role (such as Admin) can see all the data o...
by amitosr Explorer in Getting Data In 07-31-2019
1 5
1
5
keiran_harris

Can you help me split a JSON event with regex in props.conf?

Hi guru's: i have JSON data that looks like the below. { "BOMxmlDlTime": 0.6584670543670654, "TODAY-PLUS...
by keiran_harris Path Finder in Getting Data In 07-31-2019
0 5
0
5
ankithreddy777

Does Splunk Universal Forwarder forward audit events

Does Splunk Universal Forwarder forward audit event logs to Splunk _audit index? I can see Splunk HF's are forwarding...
by ankithreddy777 Contributor in Getting Data In 07-31-2019
0 3
0
3
mlog

Active Directory not send logs for Splunk

Hello, I am using splunk enterprise on linux server. I want to monitor active directory logs. I installed the univer...
by mlog New Member in Getting Data In 07-31-2019
0 3
0
3
yashjain12yj

I want to take input from forwarder but before that I want to run python script

I want to take input from forwarder but before that I want to run python script, just like in enterprise we can add d...
by yashjain12yj New Member in Getting Data In 07-31-2019
0 3
0
3
edwardrose

Change hostname

Hello All, I have several devices on our network that has one interface/IP address in our DMZ and a management IP ad...
by edwardrose Contributor in Getting Data In 07-31-2019
0 10
0
10
vinkumar_splunk

Running into errors while disabling the legacy ciphers in splunk 7.2

I am trying to follow the document to disable the legacy ciphers in the Splunk 7.2, and I notice that the cluster mas...
by vinkumar_splunk Splunk Employee Splunk Employee in Getting Data In 07-31-2019
0 2
0
2
volkanyilmaz

Xml logs event separation

Hi. I have 10000 xml log output. like : {LOG DATE.../DATE TIME.../TIME CC.../CC AMOUNT.../AMOUNT ...
by volkanyilmaz New Member in Getting Data In 07-31-2019
0 1
0
1
swmishra_splunk

LDAP pre-cache

If we have multiple users in our organization and do these users expire from the LDAP pre-cache?
by swmishra_splunk Splunk Employee Splunk Employee in Getting Data In 07-31-2019
0 1
0
1
rfitch

How to configure a sourcetype for JSON data to parse each line as a distinct event?

I have an application that logs out single line JSON statements. For some reason when I load this into Splunk, most o...
by rfitch Path Finder in Getting Data In 07-30-2019
2 5
2
5
Maniteja81

How to populate Meaningful form of data

Hi Guys, Can you please help me, in framing a query. Like i have this kind of data structure: clk_ctrl: { [-] ...
by Maniteja81 New Member in Getting Data In 07-30-2019
0 1
0
1
vinaybandaru

How do I create a report that can run automatically only when the indexer performs indexing after receiving an input file from forwarder instead of the scheduling with given fixed time ?

How do I create a report that can run automatically only when the indexer performs indexing after receiving an input ...
by vinaybandaru Path Finder in Getting Data In 07-30-2019
0 2
0
2
xindeNokia

When trying to set up a distributed system, can you help me with the following error?: "Unable to distribute to peer, peer has status=2"

distributed system. splunk 7.1.2 one SH + one indexer In the SH splunkd log: DistributedPeerManager - Distributed:...
by xindeNokia Path Finder in Getting Data In 07-30-2019
4 4
4
4
danielbb

What should the indexer queues be?

After filling the tiny queues on the indexers, we would like to move to bigger queues. We are thinking about the fo...
by danielbb Motivator in Getting Data In 07-30-2019
0 1
0
1
philrego

How do I see all Hosts?

It's only showing "Top 10 Values" for some reason.
by philrego Path Finder in Getting Data In 07-30-2019
0 7
0
7
jvmerilla

How to debug why a universal forwarder is parsing files from paths but no data is ingested?

Hi Everyone, I am trying to monitor xml files from a directory in a certain server. But for some unknown reason/s no...
by jvmerilla Path Finder in Getting Data In 07-30-2019
0 4
0
4
sujoybose77

Multiple Splunk indexer with same $SPLUNK_DB location

Hi, I have $SPLUNK_DB set up in a NAS storage. But the indexer is installed in a VM (say VM1) running on splunk versi...
by sujoybose77 Explorer in Getting Data In 07-29-2019
0 3
0
3
jacobpevans

Splunkd Warning: "C:\program files\...\local.meta already exists but with different casing: C:\Program Files\...\local.meta"

Hello fellow Splunkers, We've been tracking down and resolving our Splunkd errors and warnings. This one has us perp...
by jacobpevans Motivator in Getting Data In 07-29-2019
1 1
1
1
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All