Getting Data In

Community Activity

Log data of a particular sourcetype from one of the forwarder is missing in splunk Hi All, In UF installed server ,we have monitor stanza to read the .log file from a particular source named it as on... by raj_mpl Path Finder in Getting Data In 04-26-2019 0 5	0	5
Migrating splunk folder to another LVM file system I am in need of migrating the splunk folder(/opt/splunk/var/lib/splunk) to another LVM as the current file system is ... by chandu245 Explorer in Getting Data In 04-25-2019 0 3	0	3
Block size on "unsupported file system" I'm looking at using an unsupported Fuse filesystem. Yes I understand the caveats to support. In testing we're seein... by cpharvey Explorer in Getting Data In 04-25-2019 0 1	0	1
Multiple events - datetime field Hello, I am trying to find out how to calculate the duration between a device returning from a "DOWN" state. My searc... by eholz1 Builder in Getting Data In 04-25-2019 0 6	0	6
REST API search issue in Postman I have the Authorization figured working, but every time I run a search, I get the following error: (NOTE the AAA/BBB... by gartnerj Explorer in Getting Data In 04-25-2019 0 0	0	0
How to edit my index to change the cold path? We just got done adding another 6T to our Splunk server. We'd planned to create another directory under $SPLUNK_DB, ... by stcrispan Communicator in Getting Data In 04-25-2019 0 2	0	2
Does TRANSFORMS applies on Heavy Forwarder or on Indexer? Let me know the correct scenario for heavy forwarder if I'm using only forwarding and not indexing and forwarding? H... by VatsalJagani SplunkTrust in Getting Data In 04-25-2019 0 3	0	3
What is the best and fastest way to transport .log files by syslog? Hi we are trying to transport several .log files to a Forwarder by syslog. We used some bash scripts to do so, but i... by yangban Explorer in Getting Data In 04-25-2019 0 2	0	2
Why is indexed extraction not happening when the data comes via the UF? Hi, We have a quite a "piggy backed" data coming from a system and extracting as [mysourcetype] SHOULD_LINEMERGE=... by koshyk Super Champion in Getting Data In 04-25-2019 0 2	0	2
Splunk universal forwarder not able to send logs to Indexers HI Team, I have installed Splunk enterprise Indexers version 7.16 and Splunk UFD version 7.2.5 but I am seeing belo... by pkumar9610 Explorer in Getting Data In 04-25-2019 0 2	0	2
How to restart Universal Forwarder via the deployment server? Hi Splunker Is There way to do restart for splunk agent via the deployment server by use a particular app or configu... by aalhabbash1 Path Finder in Getting Data In 04-25-2019 0 1	0	1
How to create a new index? I am collecting the log files from my syslog server and defined the index for the source path but it is still sending... by sherrysafdar Explorer in Getting Data In 04-24-2019 0 9	0	9
Splunk integration with statuspage Hi All, I have requirement to show some of the dashboard metrics like service availability in status page. Wanted t... by kpavan Path Finder in Getting Data In 04-24-2019 1 0	1	0
How can I get/aggregate the current/latest values for all unique combination of metrics name + dims ? In Prometheus, I can get "all time series at current time" in Console, how can we achieve the same in Splunk Metrics ... by imgarytan Path Finder in Getting Data In 04-24-2019 0 1	0	1
Optimising redirection of an index I am redirecting an index however, I would like to possibly increase performance. My props.conf looks like this: [h... by m91886 New Member in Getting Data In 04-24-2019 0 5	0	5
Is there a way to control on which indexers an index resides in an indexer clustering environment? Hi I'm wondering if there is a way to control on which indexers an index resides E.g. there are 5 Indexers (+all th... by mathiask Communicator in Getting Data In 04-24-2019 0 4	0	4
REST API Reference Manual is partially incomplete If possible could all the necessary parameters be provided? I have discovered upon using the API myself that some of ... by olitod New Member in Getting Data In 04-24-2019 0 0	0	0
Why am I getting error "Couldn't determine $SPLUNK_HOME" trying to install universal forwarder credentials on Sandbox? I am trying to install the forwarder credentials on my sandbox and when I follow step 4 and put in my credentials ie:... by appzen Path Finder in Getting Data In 04-24-2019 0 3	0	3
Log merging Hello, I am trying to merge two lines logs, but no luck with it Splunk Enterprise 7.1.2 here is sample {"log":"Apr 0... by pgelnar_hci New Member in Getting Data In 04-24-2019 0 9	0	9
Step by Step process to send JSON using HEC Hello experts, I am no expert in java / json. I am new to splunk and comfortable with reading log/text files using f... by nareshinsvu Builder in Getting Data In 04-24-2019 0 2	0	2
How to resolve error message after indexer went down: "too many tsidx files in bucket"? One indexer just went down. As it came up we see the following message for a couple of the indexers - throttled: idx... by ddrillic Ultra Champion in Getting Data In 04-23-2019 0 2	0	2
NEED HELP: splunk not able to received audit logs and/ or causing to stop logs flow from AD and Blaming enabled GPO audit policy in AD gpmc as a caused? NEED HELP: Is it true?, that the security blaming me of accidentally enabling the audit policy on user login in the A... by joel25 New Member in Getting Data In 04-23-2019 0 0	0	0
Can you organizing syslogs into different indexes via universal forwarder I have a tftp64 syslog service running on a windows box. Right now I have a few network appliances sending their sysl... by summitsplunk Communicator in Getting Data In 04-23-2019 0 1	0	1
ERROR JsonLineBreaker Hi all, I don’t know exactly how long this has been going on but I noticed today that the following error is being s... by anayar Engager in Getting Data In 04-23-2019 0 2	0	2
Setting SSL password in inputs.conf but does not get encrypted after restart Hi fellow splunkers, I recently noticed a configuration error. I wrongly distributed the "[SSL] password= "via clus... by horsefez Motivator in Getting Data In 04-23-2019 0 3	0	3