Getting Data In

Community Activity

Does the Universal forwarder collect historical windows event logs? I have installed the UF on a number of servers and I configured ti to monitor the winodws event logs (Application, Sy... by sjcoluccio67 Explorer in Getting Data In 06-06-2019 0 3	0	3
When installing Splunk UF to Solaris OS, error message: couldn't set locale correctly First time seeing this issue. Running: l locale -a l which whoami The result for this command would be as below... by 1000315118 New Member in Getting Data In 06-06-2019 0 2	0	2
Extract timestamp in Epoch (milliseconds) to date Hello, I am currently extracting a field from some event which looks like Start_Time_ms=1277221722297 My event has... by hiwell Explorer in Getting Data In 06-06-2019 3 8	3	8
How to forward logs by Index / SourceType, from Splunk to 3rd party? Is there a way to forward logs from Splunk to a 3rd Party collector by Index / SourceType? by jcolon68 Explorer in Getting Data In 06-06-2019 0 2	0	2
Splunk Cooked Data Hello, I am in the process of setting up a new TCP input to pull DNS/DHCP logs from a vendor product. This product ha... by arlombar Explorer in Getting Data In 06-06-2019 0 6	0	6
Filtering events from Docker Hello, we are successfully logging events from Docker hosts via Splunk adapter (HEC) into splunk. Problems arise wh... by JenWun New Member in Getting Data In 06-05-2019 0 2	0	2
When is old data deleted from indexes?How does frozenTimePeriodInSecs get applied Hi I have an index that has its frozenTimePeriodInSecs set to 90 days. When inspect that index with the rest command... by chris Motivator in Getting Data In 06-05-2019 0 7	0	7
Multiple Cloudwatch logs are coming into Splunk as one event I have set up logging AWS cloudwatch to Splunk using the firehose method from this Blog: https://www.splunk.com/blog... by bobmccoy Explorer in Getting Data In 06-05-2019 0 0	0	0
How to configure line breaks for status code I am creating a sourcetype but my lines are not breaking properly here is my stanza : {"TimeStampString":"6/5/2019 7... by ram254481493 Explorer in Getting Data In 06-05-2019 0 0	0	0
Is there a list that contains all the possible values for "eai:type" field in the REST endpoint: services/data/inputs/all Hi, When I go to :8089/services/data/inputs/all I get a list of all the inputs Splunk is listening to. In each input... by anton085 Path Finder in Getting Data In 06-05-2019 0 3	0	3
how Splunk can be utilized to provide monitoring for Cisco ASA Please help us for how Splunk can be utilized to provide monitoring for Cisco ASA. by sahils New Member in Getting Data In 06-05-2019 0 2	0	2
Linebreaking problem on a small amount of events Having an issue with a linebreak. Seems most events are breaking properly, but a small number are not. I think this ... by mightaswelby Explorer in Getting Data In 06-05-2019 0 3	0	3
Can we have conditional inputs by host? We would like to avoid having the granularity within severclass.conf and specify the hosts in inputs.conf. Can we ad... by ddrillic Ultra Champion in Getting Data In 06-05-2019 0 0	0	0
Defined field values showing no results, unless reloaded Hi, I have a totally weird situation. The field list on the left shows me the stuff I have defined. When I click on ... by afx Contributor in Getting Data In 06-05-2019 0 2	0	2
events with future timestamp Hello this is my event: Jun 19 12:31:44 : Info:copyconfig.cpp:319: copyConfig: copy configuration to /tmp/t5871.cf... by sarit_s Communicator in Getting Data In 06-05-2019 0 2	0	2
How to replace line breaks with delimiters? I'm trying to replicate other threads that show how to replace line breaks with delimiters. This search is not workin... by paulalbert11 Explorer in Getting Data In 06-05-2019 0 6	0	6
How do I configure to push application logs from cloud foundry platform to Splunk Enterprise? Hello Team, We are in the process of moving some of our applications from our Software as a Service (SaaS) environme... by divyamudundi Path Finder in Getting Data In 06-04-2019 1 1	1	1
Indexes Config: Relationship of maxTotalDataSizeMB to home and cold What is the industry practice for setting the home and cold sizes? If home + cold = maxTotalDataSizeMB, should we a.... by morethanyell Builder in Getting Data In 06-04-2019 0 4	0	4
How to merge data from 2 index with common field I have the following data in 2 different indexes that I want to merge based on the common email field. Index B is a ... by kiranpatil1985 New Member in Getting Data In 06-04-2019 0 1	0	1
How to index results from cURL? Hi, I'm at a dead end. I'm just playing around and wanting to index the JSON result of a cURL command. What do I do?... by morethanyell Builder in Getting Data In 06-04-2019 0 3	0	3
how to build custom app New Cloud user Want a basic custom search app to be moved from On-Premise system to SplunkCloud. by panderla Loves-to-Learn Lots in Getting Data In 06-04-2019 0 4	0	4
how to use comparison sign in a token filter hello I would like to know how to use comparison sign in a input text filter?? thanks by jip31 Motivator in Getting Data In 06-04-2019 0 3	0	3
Splunk DB Connect 3.1.1 - Stored procedure as input Hi, I am using DB Connect 3.1.1 to get data from a Microsoft SQL Server 2014 database. I am required to collect the ... by mas Path Finder in Getting Data In 06-04-2019 3 7	3	7
How do I specify a date+time from a log to be used for event breaking and time stamp purposes? Below is an example of a log I want to ingest. I want to end up with 8 events. The timestamp for each event should b... by williamcharlton Path Finder in Getting Data In 06-04-2019 0 2	0	2
Splunk indexer (also Search head) is using enormous amount of RAM. Hello, dear Splunk Ninjas! I've an issue with Search Head, it is using too much RAM. At first I thought that was our ... by damiko Communicator in Getting Data In 06-04-2019 0 11	0	11