Getting Data In

Community Activity

Can you reload new inputs.conf stanzas on a UF without restarting the Daemon? I noticed you can reload the inputs stanzas on a forwarder via this API endpoint: /services/data/inputs/monitor/_rel... by thisissplunk Builder in Getting Data In 04-16-2019 0 2	0	2
How to use env variables usage in inputs.conf? Hello, I would like to use the Unix/Windows env variables in my inputs.conf, e.g. like below: ... ### App server # ... by damucka Builder in Getting Data In 04-16-2019 0 1	0	1
how to create a table to show port status of Cisco switch? Cisco has been configured and sent syslog to Splunk as follows: I would like a table to show port status of Cisco s... by splunkbeginner Engager in Getting Data In 04-16-2019 0 8	0	8
timeparsing issue for sourcetype I have data like below:- Log file created at: 2019/03/24 17:56:14 Running on machine: F8976GMac Log line format: [IW... by juhisaxena28 Explorer in Getting Data In 04-15-2019 0 5	0	5
What Windows Event Codes track WMI activity We are wondering if there is any Windows Event that captures execution of WMI from a remote host. Since you can remo... by wbfoxii Communicator in Getting Data In 04-15-2019 0 6	0	6
Can you give me some advice on expanding my Splunk systems? Hi all, I want to check if anyone has any experience on expanding your Splunk system. The below is my situation. No... by quahfamili Path Finder in Getting Data In 04-15-2019 1 9	1	9
How can we read from a mongoDB table? Can we read from a mongoDB table? We need to do it from within Splunk - is it possible? Preferably it should end up i... by ddrillic Ultra Champion in Getting Data In 04-15-2019 0 2	0	2
How to print multiple JSON root elements? Hi, I've data like this { "container_id":"0fce97fd907a806802eab9b27965dd35dd82bbe142d128294b34b8a8a2e42f23", "conta... by amirrachman Engager in Getting Data In 04-15-2019 0 9	0	9
How to install splunk app for linux without installing the universal forwarder? Can I use splunk app for linux without installing universal forwarder on each linux host I need their logs? by sabaKhadivi Path Finder in Getting Data In 04-15-2019 0 3	0	3
Collecting Windows Events via A Forwarder but Groups are not being resolved Hello I am collecting Windows Events using Windows Events Forwarding. On the Windows Event Collector I have a univer... by davidwaugh Path Finder in Getting Data In 04-15-2019 0 1	0	1
How to use date in filename as the timestamp for each event? I need to index files that are summaries of data for a particular day. The data within the file is basically csv for... by lyndac Contributor in Getting Data In 04-15-2019 0 9	0	9
Configuring udp with multiple ipaddress Hi, I would like to configure my inputs.conf with udp on port 514. Like below: udp://[remote_server]:[port_number] ... by santosh_hb Explorer in Getting Data In 04-15-2019 0 5	0	5
How to feed syslog of another Cisco device to Splunk? There are two Cisco devices; I call them “1st IP” and “2nd IP” hereafter. I have managed to configured and send sysl... by splunkbeginner Engager in Getting Data In 04-15-2019 0 0	0	0
How to compare values in 2 fields and column that show Success/Failure? I have 2 fields as below Field1 Field2 abc abc def jkl ghi wxy jkl pqr wxy I have to... by shreyasathavale Communicator in Getting Data In 04-14-2019 0 3	0	3
OTX/ET Rules import into Splunk So I am running SecurityOnion 16.04 and using Suricata/Zeek. Suricata - ET Rules/Snort Rules Zeek - AlienVault OTX... by ddecker03 Loves-to-Learn Everything in Getting Data In 04-14-2019 0 0	0	0
How to setup a filter to drop specific events on the heavy forwarder? Hello, I'm trying to setup a filter to drop specific events that contain an event name from AWS. I've read through th... by arlombar1 Explorer in Getting Data In 04-13-2019 0 4	0	4
Extract JSON device information from a long string I have okta data. One of the fields - id - contains a whole string of data which includes the browser and the app an... by bbknowles Explorer in Getting Data In 04-13-2019 0 3	0	3
File monitoring in inputs.conf I want to configure an file in a directory which will be rolling over to new file within 2mins. I tried basic inputs.... by Boopalan New Member in Getting Data In 04-13-2019 0 2	0	2
What is the best practice for collecting Windows Event Logs? Windows event logs can be gathered both via WinEventLog in inputs.conf and also via WMI and event_log_file in wmi.con... by arechenberg Explorer in Getting Data In 04-12-2019 0 8	0	8
Can you help me with some Windows DNS log parsing issues? I am trying to ingest Windows DNS trace logs to Splunk. The Windows servers running the DNS service are running local... by mnamestnik Explorer in Getting Data In 04-12-2019 0 2	0	2
Splunk Blacklist not working on log files containing .info. Hi Splunk community, I have created a custom monitor that I hoped would "blacklist" and exclude from indexing all fi... by rorymcdonald060 Engager in Getting Data In 04-12-2019 0 0	0	0
TrendMicro ServerProtect Logs? Anyone have any luck getting TrendMicro ServerProtect logs? The logs appear to be stored in binary format. by ldnail_at_TI Path Finder in Getting Data In 04-12-2019 0 3	0	3
Unable to get the firewall data in splunk from syslogs server? How to troubleshoot this issue. Hi All, Currently got a request to ingest the newly configured Paloalto device data into splunk. Configured syslog-n... by Hemnaath Motivator in Getting Data In 04-11-2019 1 9	1	9
Has anyone encountered "Enabling dead letter queue is required for the SQS queue in this input" when creating an input for ELB Access Logs? When trying to create an input for ELB Access Logs --> SQS Based S3, I'm receiving a warning, "Enabling dead letter q... by rroman23 Engager in Getting Data In 04-11-2019 3 1	3	1
How is data handled with indexes.conf when the index is removed? Hello! I stumbled across something interesting today while removing a test indexer from a deployment server. It remo... by matthewssa Path Finder in Getting Data In 04-11-2019 1 1	1	1