Getting Data In

Community Activity

Has anyone encountered "Enabling dead letter queue is required for the SQS queue in this input" when creating an input for ELB Access Logs? When trying to create an input for ELB Access Logs --> SQS Based S3, I'm receiving a warning, "Enabling dead letter q... by rroman23 Engager in Getting Data In 04-11-2019 3 1	3	1
How is data handled with indexes.conf when the index is removed? Hello! I stumbled across something interesting today while removing a test indexer from a deployment server. It remo... by matthewssa Path Finder in Getting Data In 04-11-2019 1 1	1	1
Why can't I add a stylesheet and script to my simple xml dashboard? I have a simple XML dashboard that is calling two stylesheets and two scripts: <form stylesheet="styleA.css, styleB.... by matstap Communicator in Getting Data In 04-11-2019 0 2	0	2
splunk doesnt return all the results using rest api I'm retrieving data from Splunk using rest API via production port 8980, on the GUI I can see 770 events when I retri... by ikenahim New Member in Getting Data In 04-11-2019 0 1	0	1
Importing validated JSON (RFC 4627) does not split events Hi, we have a service which is showing details for he latest last 10 executed jobs in a JSON (RFC 4627) format. I alr... by timodellai New Member in Getting Data In 04-11-2019 0 1	0	1
Multiple wildcards for file path in inputs.conf I need to monitor a file under multiple similar paths, the full path can be dynamic so putting absolute path is not a... by budimaos Engager in Getting Data In 04-10-2019 0 0	0	0
What is the best way to ingest 300gb csv to splunk? I tried ingesting it using add oneshot then midway through it, splunk suddenly stops. Aside from splitting the file,... by rajyah Communicator in Getting Data In 04-10-2019 1 3	1	3
How to check if the indexer has indexed my data or not ? I recently did a splunk confugiration. When I do a "splunk list monitor" on the forwarder , I see the logs are gettin... by joydeep741 Path Finder in Getting Data In 04-10-2019 0 5	0	5
How to exclude specific time ranges in search results I have a datasource which contains availability statistics from an application. I also have a predetermined maintenan... by jedatt01 Builder in Getting Data In 04-10-2019 4 4	4	4
How do I configure Splunk to filter out events I don’t want to index? A lot of the Windows Security Events we see in Splunk, come from system-users that we're not interested in. I know th... by mctester Communicator in Getting Data In 04-10-2019 4 3	4	3
Metrics Index - How to get metric_searchtime field value in search result I uploaded a csv file in metric index. I can see index's data there is no issue in that. My query is: I want to get ... by shadabgaur New Member in Getting Data In 04-10-2019 0 3	0	3
Rest API Modular Input: Exception performing request: I try to use the REST API to pull down data from Instagram. Everything seems to be ok, we can receive data, but only ... by swaro_ck Path Finder in Getting Data In 04-10-2019 2 5	2	5
How do you manage inputs.conf? We have more than 100 applications in our deployment. Sometimes a log path/name is changed or added on the server sid... by alanzchan Path Finder in Getting Data In 04-10-2019 0 5	0	5
Latest App installed on UF Hi, Greetings! Please help me with below queries When was the latest app installed on a UF with time and app nameW... by EHariharan Explorer in Getting Data In 04-10-2019 0 0	0	0
Input gzipped csv files Hey Guys, I found a few answers regarding my question but I'm still not sure how to handle this situation. I want to... by hypePG Path Finder in Getting Data In 04-10-2019 0 2	0	2
Blacklisting EventCode=5156 with Source_Port=8 I am trying to blacklist Windows Security event ID 5156 with source port number 8, but does not seem working. Could ... by nathanpyun Explorer in Getting Data In 04-09-2019 1 7	1	7
How does _TCP_ROUTING work in inputs.conf? We soon will be required to send our Windows Event Security logs to a separate Splunk sever owned by our organization... by JarrettM Path Finder in Getting Data In 04-09-2019 0 8	0	8
Python Keeping a Rolling Window of Events For our solution, we need to index a number of events, but delete the events when they get too old. In our implement... by trenin Explorer in Getting Data In 04-09-2019 0 0	0	0
Split a nested json array with key/value pairs at index time I am searching for a way to split an json array at index time with key value pairs. Raw Data: {"Source":"192.16.0.... by loeweps Explorer in Getting Data In 04-09-2019 0 6	0	6
REST API POST - Saved Search Email Message parameter There doesn't seem to be a parameter for actually setting a body message for an email when a saved search alert is tr... by olitod New Member in Getting Data In 04-09-2019 0 0	0	0
JSON is truncated as soon a timestamp is found I'm trying to read a json file generated by a ps1 script on Windows, but the UF keep truncating the json as soon it f... by nicolociraci New Member in Getting Data In 04-09-2019 0 0	0	0
onboarding issues I have a scenario here The data is being onboarded from one particular set of forwarders with ip 172.30.xx.xxx and ... by bobba40 New Member in Getting Data In 04-09-2019 0 19	0	19
Count events which has defined a path in JSON Hello there, I have the next JSON which would be my event: {"severity":"PROCESS","marker":"EML[ EMLMOD ]","logger":... by ivykp New Member in Getting Data In 04-08-2019 0 1	0	1
spath error parsing data Hi , I have this issue when try to parse with json. For example i evaluate a field (for example) a_configuration : i... by Marco_Andreis New Member in Getting Data In 04-08-2019 0 3	0	3
How do I create the same HTTP event collector token for multiple indexers? I have three stand alone indexers in a round robin and want them to accept HTTP events via the HTTP Event Collector. ... by johnpof Path Finder in Getting Data In 04-08-2019 1 15	1	15