Getting Data In

Community Activity

How to stop/Kill Splunk forwarder after receiving error message Hello Splunkers, I am facing this issue since past one week. Splunk is not forwarding any logs. I have tried everyt... by ramprakash Explorer in Getting Data In 07-22-2019 0 1	0	1
How to set a regex to break each host_details line out individually in props? I have a script that feeds Syslog to a TCP port on a Heavy Forwarder box that is EOL. I set up a new AWS HF and sent ... by Glasses Builder in Getting Data In 07-22-2019 0 1	0	1
partially rewrite event index name based on sourcetype value Hello, I already know how to statically rewrite the index value based on a sourcetype. Typically using something sim... by sylbaea Communicator in Getting Data In 07-22-2019 0 0	0	0
Password policy logs in Active Directory. Hi Splunker; Is there way for Splunk monitor password policy in AD, such as; what is content this policy about how n... by aalhabbash1 Path Finder in Getting Data In 07-22-2019 0 3	0	3
Extracting Fields using Regex Hi All, TIME_PREFIX= MAX_TIME_LOOKAHEAD= LINE_BREAKER= Below are the logs which need to be extracted. Kindly help!... by EHariharan Explorer in Getting Data In 07-22-2019 0 1	0	1
Extract multiple jsons from array Hi all . This is an example of a json i'm sending to my Splunk cloud. { "workers": [ { "UserID": 10000... by amitdaniel Explorer in Getting Data In 07-22-2019 0 3	0	3
Standalone transforms.conf stanza (not called in props.conf) without warnings Hello, In a particular TA, I had to use a standalone transforms.conf stanza : [standalone_stanza] REGEX = (.+?)\:\s... by D2SI Communicator in Getting Data In 07-22-2019 0 2	0	2
Symantec Endpoint 14 via syslog onboarding Apologies first, for the long post; I'm trying to get clarification on some previous posts, hopefully this post can c... by bluecollar Engager in Getting Data In 07-22-2019 0 1	0	1
Scripted Input Cron Schedule not working correctly I have the following inputs.conf for a scripted input. However this is not working as per what I thought it would. Th... by aknsun Path Finder in Getting Data In 07-21-2019 0 5	0	5
Splunk indexers cluster Hi, I have a lab setup with 1 SH, 1 Master node, 2 indexers peers. My question is, which one of the indexers should a... by itzikshviro Explorer in Getting Data In 07-20-2019 0 2	0	2
Who is sending to my heavy forwarder? I'm getting a lot of parsing errors on my heavy forwarders ...Failed in pcre_exec: Error PCRE_ERROR_MATCHLIMIT... but... by w199284 Explorer in Getting Data In 07-20-2019 0 2	0	2
Monitor Windows IIS Log File I am not sure where I have gone wrong but I am trying to take in logs from a number of IIS web servers. The log file... by willadams Contributor in Getting Data In 07-19-2019 0 3	0	3
Why splunk can directly read and parse the csv file uploaded? Why splunk can directly read and parse the csv file uploaded? Is it possible for me to see the config file doing this... by chendw98 New Member in Getting Data In 07-19-2019 0 3	0	3
Is it possible to initiate a curl command from a dashboard? Hi all, I created a job in Rundeck that lets you select a Splunk app and a time period, then enables/disables the app... by bobcatluke Explorer in Getting Data In 07-19-2019 0 1	0	1
Is Splunk's "syslog-host" REGEX in $SPLUNK_HOME/etc/system/default/transforms.conf broken? In $SPLUNK_HOME/etc/system/default/ we find this troublesome configuration in transforms.conf: [syslog-host] DEST_KE... by woodcock Esteemed Legend in Getting Data In 07-19-2019 0 2	0	2
How can I test that a heavy forwarder on a limited subset of endpoints? Is there a way to modify a .conf file or a setting on an individual endpoint to only send data to a single heavy forw... by wfmseanm New Member in Getting Data In 07-19-2019 0 1	0	1
Need help in getting wineventlogs to go to a new index rather than the main index I set up a new index for one of my groups. In it they want to store their servers wineventlogs. I am unable to succe... by nls7010 Path Finder in Getting Data In 07-19-2019 0 13	0	13
Splunk event sourcetype overide and send event back to parsing queue I have a situation where I have to parse the data, especially timestamp extraction based on the keyword in the messag... by ankithreddy777 Contributor in Getting Data In 07-19-2019 0 6	0	6
Script command : Error in 'script' command: The external search command Error Hi I'm having issues while running script command within the search. I've tried running something like .. \| saveds... by koshyk Super Champion in Getting Data In 07-19-2019 1 7	1	7
How do I know the title of my system index I have read through the documentation and still feel that I am missing something with creating an index summary. I wa... by aohls Contributor in Getting Data In 07-19-2019 0 6	0	6
Need a help with posting data using Rest API's from one Splunk to another Hello, I have my own Splunk where I installed SPLUNK ES and I just got the Search head access from somebody's SPLU... by satyaallaparthi Communicator in Getting Data In 07-19-2019 0 9	0	9
index based on first three characters of hostname Hello, I am trying to implement setting a specific index based on part of the hostname. For ALL of my data that I ... by dglass0215 Path Finder in Getting Data In 07-19-2019 0 6	0	6
Index only first Occurrence of string in events I want to know if below things are possible in splunk and if YES then How it can be achieved- 1. Below is sample even... by ips_mandar Builder in Getting Data In 07-19-2019 0 5	0	5
using source in props.conf to break the below event based on realm . I am trying to break the event based on the realm in the below example. My sourcetype "Iam_logs" is defined globally ... by Sujithkumarkb Observer in Getting Data In 07-19-2019 0 1	0	1
HTTP Event Collector on Heavy forwared I want to configure HTTP Event collector on one of the Heavy forwarder. initially i create the app with named splunk... by riqbal47010 Path Finder in Getting Data In 07-19-2019 0 3	0	3