Getting Data In

Discussions

Thread Info

handling future dates from csv

hi, I have a csv file, having time field 'Start Time'. This field will have entries of current week dates as well as ...

by Communicator in

Minimise return records by filtering date field

Hi, I am running the below script successfully. However, I would like to now minimise the return results by only c...

by New Member in

i have column a,b,c and i want to delete only in b column where value is 2. remaining columns should have to be same. i tried with mvfilter but it makes empty all the columns. i want to delete/remove particular value and make the field empty

a b c 1 2 3 2 1 4 4 1 2 1 2 3

by Builder in

How to troubleshoot why Splunk suddently stopped indexing logs after 1-2 months?

I have splunk in domain mode set to look through 2 inputs over UNC path that are IIS logs. I have the inputs the same...

by New Member in

How can I route logs to a specific index based on host/source combo?

We currently have our perf and N1 environments combined and I need to route certain logs to certain indexes based on ...

by Path Finder in

Unable to obfuscate data in IIS logs using SEDCMD

Hi all, I need to strip cookie values from IIS events. The sourcetype is correctly set as "iis" and the following ...

by Path Finder in

Why my sourcetypes under universal forwarder not showing up in Splunk GUI?

We have a windows forwarder running on vm02, and forwarding data to vm01 which is the main Splunk Enterprise. we ...

by Communicator in

sedcmd incoming data based on host or index

Hi, I have a SEDCMD simalar to SEDCMD-remove-values = s/<Value>.+<\/Value>/removed-by-splunk/g which works...

by Explorer in

How can I list all views owned by a particular user?

I've tried the /servicesNS/userid/-/data/ui/views endpoint but maybe I'm not using it correctly. I have a known view ...

by Influencer in

Feed inputs as command line argument

Is it possible to provide inputs to Splunk through command line argument (similar to python for compiling)? Instead o...

by Engager in

Splunk Universal Forwarder is ignoring logs

OS: Windows Server 2008 R2 Enterprise Splunk Universal Forwarder version: 6.2.6 (build 274160) Hi, Good Day. Wo...

by Communicator in

forwarder creating multiline event from big file transferred via rsycn on slow channel

We have big file with events in each line of file. Every minute file transfers via rsync to forwarder with new events...

by Path Finder in

Setting Time on a "Time (Search) Panel" to a specifi range each time.

Basically I need time/date code to add within my Panel so that each tiem it opens, the Panel searches from 8AM the fo...

by Explorer in

Escape JSON data at index time

I'm trying to escape JSON data at index time because I can't do it from within the application that is generating the...

by Explorer in

Why am I unable to blacklist all content in a certain directory with my current inputs.conf?

I am trying to blacklist the following in the inputs.conf Currently I have this: [monitor:///var/log] disabled...

by Explorer in

WinEventLogs Cannot get Event Details

I am monitoring WinEventLogs for Direct Access Troubleshooting using stanzas like: [WinEventLog://Microsoft-Window...

by Builder in

heavy forwarder operation question

Hi, I'm trying to determine the best way to parse out data before it gets to my splunk indexer. It looks like a heavy...

by Path Finder in

Copy Field and remove duplicate

Hello All, I have a column list of records as below recordA recordB recordA RecordB RecordC RecordD and I w...

by Explorer in

Why is one search head no longer communicating with indexers? Getting error "failed_because_BUNDLE_DATA_TRANSMIT_FAILURE"

We have around 10 Search Heads and 13 Indexers. Since this morning, we are seeing the below errors and our SH is not ...

by Contributor in

Getting info from the details tab within Server 2008 event logs.

Does anyone know how to get the full output (including the details tab) or XML version of event logs out of Server 20...

by Contributor in

Getting Data In

Discussions

handling future dates from csv

Minimise return records by filtering date field

i have column a,b,c and i want to delete only in b column where value is 2. remaining columns should have to be same. i tried with mvfilter but it makes empty all the columns. i want to delete/remove particular value and make the field empty

How to troubleshoot why Splunk suddently stopped indexing logs after 1-2 months?

How can I route logs to a specific index based on host/source combo?

Unable to obfuscate data in IIS logs using SEDCMD

Why my sourcetypes under universal forwarder not showing up in Splunk GUI?

sedcmd incoming data based on host or index

How can I list all views owned by a particular user?

Feed inputs as command line argument

Splunk Universal Forwarder is ignoring logs

forwarder creating multiline event from big file transferred via rsycn on slow channel

Setting Time on a "Time (Search) Panel" to a specifi range each time.

Escape JSON data at index time

Why am I unable to blacklist all content in a certain directory with my current inputs.conf?

WinEventLogs Cannot get Event Details

heavy forwarder operation question

Copy Field and remove duplicate

Why is one search head no longer communicating with indexers? Getting error "failed_because_BUNDLE_DATA_TRANSMIT_FAILURE"

Getting info from the details tab within Server 2008 event logs.

How do I schedule a CSV Report?

Failed to reap viewstate

Extract-Display the Details Tab from windows event...

crushed logs master

Has anyone had props.conf and transforms.conf to w...