Getting Data In

Community Activity

What is the best way to collect Windows Event Log data from 900+ computers? What is the best way to collect System and Security Windows Event Logs from my 900+ computers? Option1 Install the ... by fdarrigo Path Finder in Getting Data In 05-06-2019 0 8	0	8
linebreak on expression passed into log Trying to do a linebreak on "CIB" being passed into log. (I know, these logs are awful) Having problems breaking on... by fisuser1 Contributor in Getting Data In 05-06-2019 0 1	0	1
CISCO ASA add on is not extracting fields We recently upgraded the environment from 6.5 to 7.2 and ever since there is an upgradation in the environment we see... by swmishra_splunk Splunk Employee in Getting Data In 05-05-2019 0 1	0	1
Need help a parson json and extract in table format Hi , I have a json and i want to extract few details in table format . The json array is like [features{<!-- --> elements{<!-- -->... by usharaniallwyn New Member in Getting Data In 05-05-2019 0 1	0	1
Forwarding Azure App Service Logs do SPlunk I have an azure app service with CUSTOM text log files (stored locally in app service filesystem). How can I index th... by mochocki Explorer in Getting Data In 05-05-2019 0 7	0	7
Strict Time Retention Policy Hi, we want to implement a strict 120 day time retention policy for some indexes. So this config should be fine. ... by hiph151 Explorer in Getting Data In 05-03-2019 0 4	0	4
Time Calculation between two events in XML format Hi I have below logs where these two events appear multiple time along with other events <Message> <ID>0000000... by anilkashyap New Member in Getting Data In 05-03-2019 0 7	0	7
Why is the summary index backfill script failing to run and says timeout? Hi , i am running the script for summary indexing backfill , after running few times its getting failed says time out... by Prakash493 Communicator in Getting Data In 05-03-2019 0 3	0	3
Log file is no not shipping since being deleted I had deleted a rouge log file which had become too large and caused the root partition to fill up. The log file has... by claydb New Member in Getting Data In 05-03-2019 0 1	0	1
Roll buckets to warm and frozen at the same time. Our splunk system has the potential to grow significantly in the near future, so a veeam backup of the indexer VM wil... by oliverj Communicator in Getting Data In 05-03-2019 0 12	0	12
Why are new events not coming in when a new heavy forwarder is deployed to the architecture? Hi, We recently had to deploy a heavy forwarder into the Splunk architecture. Last time, the flow was from a source... by francisbebita Explorer in Getting Data In 05-03-2019 0 17	0	17
Do external REST API calls affect Splunk licensing? I am trying to import data from an external website into my splunk instance using the 'curl' command in splunk search... by rravindranath Engager in Getting Data In 05-02-2019 0 1	0	1
How do I configure Windows server to send event log my splunk indexer installed in Linux? Hi Splunkers, I am very new to Splunk and would like to monitor Windows servers, how do I configure the Windows boxe... by tomero2011 Engager in Getting Data In 05-02-2019 1 2	1	2
How do I send Windows data to Splunk? How do I send Windows data to Splunk? I have the app installed but can't figure out how to pull the data from the wi... by cgautreaux New Member in Getting Data In 05-02-2019 0 2	0	2
CSV multiple timestamp fallback Hi I have the following CSV format: cgrid,run_id,tor,origin_id,request_type,tenant,category,account,subject,destina... by anthonysomerset Path Finder in Getting Data In 05-02-2019 0 3	0	3
forwarding data by identified index I have a Splunk Enterprise, which collects 3 different indexed data, I need to forward only one of them, how can I do... by makhambayeva New Member in Getting Data In 05-01-2019 0 6	0	6
Can we change the installation drive without impacting forwarder configurations, saved alerts etc? Hello, I have installed Splunk on C drive of windows and now I would like move it to D drive because of space issues.... by johnsasikumar Path Finder in Getting Data In 05-01-2019 0 1	0	1
How do I extract more than 10,000 event data? How do I extract more than 10,000 event data? When I make csv file, I can make only10000 event data. How do I change... by MyTeam Engager in Getting Data In 05-01-2019 0 2	0	2
How to show raw data instead of formatted data? Hey Everyone, Bit of a weird question. I'm ingesting a large amount of JSON data into Splunk. However in the Searc... by TitanAE New Member in Getting Data In 05-01-2019 0 9	0	9
Modify json structure for sourcetype that has indexed_extractions=json We have a single Splunk instance with custom scripted input that pulls down json, and has indexed extractions. New f... by hortonew Builder in Getting Data In 04-30-2019 0 4	0	4
How to edit inputs.conf to exclude a field before indexing? I am using Windows Host Monitoring stanza in inputs.conf like ([WinHostMon://Service] interval = 10 disabled = 0 ty... by vikas_gopal Builder in Getting Data In 04-30-2019 0 3	0	3
Can case_sensitive_match be applied globally? Is there a "one-shot" way to make all current lookups case-insensitive and ensure future ones are, too? [default] ca... by cdoebert Path Finder in Getting Data In 04-30-2019 1 4	1	4
How to resolve error "BTree::Exception: Node::readLE failure" on a Splunk forwarder? One of our Splunk forwarders has stopped forwarding anything to the Indexer. End of /opt/splunkforwarder/var/log/spl... by rgsage Path Finder in Getting Data In 04-30-2019 0 8	0	8
Is there a way to replace _raw at search time with EXTRACT or REPORT? Hi all, Currently on 6.5.2, but hopefully upgrading to 7.x in the next few months. I have some data that is basical... by maciep Champion in Getting Data In 04-30-2019 1 11	1	11
compare 2 csv and display what is not in common Hello Guys, I Have 2 csv, LINUX.csv "Linux Computer" U-0050 U-0060 U-0065 U-0068 U-0070 DEFENDER.csv "All Comput... by pgbr7 Explorer in Getting Data In 04-30-2019 0 2	0	2