Getting Data In

Community Activity

strangely Behaviuor with Sourcetype I have installed a universal Forwarder on Microsoft Exchange Server and it had starting to send the data from the log... by anasshsa Engager in Getting Data In 04-26-2019 0 2	0	2
Splunk indexing data incorrect I'm having trouble indexing my logs. After investigations, I noticed that the splunk started indexing the data with t... by LeandroKopke Explorer in Getting Data In 04-26-2019 0 1	0	1
host is not being extracted from linux_secure Hi there, We are forwarding all of our /var/log/secure logs to a syslog server "syslogserver.local " and from there ... by arsalanj Path Finder in Getting Data In 04-26-2019 0 3	0	3
Need to ingest structured data Hi Team, I need to ingest the structure data but the file is not in csv format. however data inside it is structured... by csharm21 Loves-to-Learn in Getting Data In 04-26-2019 0 3	0	3
how to get a dropdown filter value based on other value selected in other dropdown filter for example , i have country field drop down and city field dropdown like below , country City IND Chenn... by dtccsundar Path Finder in Getting Data In 04-26-2019 0 1	0	1
What happens when we restart universal forwarder as root user ? Hi All, So , What happens when I restart universal forwarder as root user on Linux . And Previously if done so what ... by raj_mpl Path Finder in Getting Data In 04-26-2019 0 4	0	4
Log data of a particular sourcetype from one of the forwarder is missing in splunk Hi All, In UF installed server ,we have monitor stanza to read the .log file from a particular source named it as on... by raj_mpl Path Finder in Getting Data In 04-26-2019 0 5	0	5
Migrating splunk folder to another LVM file system I am in need of migrating the splunk folder(/opt/splunk/var/lib/splunk) to another LVM as the current file system is ... by chandu245 Explorer in Getting Data In 04-25-2019 0 3	0	3
Block size on "unsupported file system" I'm looking at using an unsupported Fuse filesystem. Yes I understand the caveats to support. In testing we're seein... by cpharvey Explorer in Getting Data In 04-25-2019 0 1	0	1
Multiple events - datetime field Hello, I am trying to find out how to calculate the duration between a device returning from a "DOWN" state. My searc... by eholz1 Builder in Getting Data In 04-25-2019 0 6	0	6
REST API search issue in Postman I have the Authorization figured working, but every time I run a search, I get the following error: (NOTE the AAA/BBB... by gartnerj Explorer in Getting Data In 04-25-2019 0 0	0	0
How to edit my index to change the cold path? We just got done adding another 6T to our Splunk server. We'd planned to create another directory under $SPLUNK_DB, ... by stcrispan Communicator in Getting Data In 04-25-2019 0 2	0	2
Does TRANSFORMS applies on Heavy Forwarder or on Indexer? Let me know the correct scenario for heavy forwarder if I'm using only forwarding and not indexing and forwarding? H... by VatsalJagani SplunkTrust in Getting Data In 04-25-2019 0 3	0	3
What is the best and fastest way to transport .log files by syslog? Hi we are trying to transport several .log files to a Forwarder by syslog. We used some bash scripts to do so, but i... by yangban Explorer in Getting Data In 04-25-2019 0 2	0	2
Why is indexed extraction not happening when the data comes via the UF? Hi, We have a quite a "piggy backed" data coming from a system and extracting as [mysourcetype] SHOULD_LINEMERGE=... by koshyk Super Champion in Getting Data In 04-25-2019 0 2	0	2
Splunk universal forwarder not able to send logs to Indexers HI Team, I have installed Splunk enterprise Indexers version 7.16 and Splunk UFD version 7.2.5 but I am seeing belo... by pkumar9610 Explorer in Getting Data In 04-25-2019 0 2	0	2
How to restart Universal Forwarder via the deployment server? Hi Splunker Is There way to do restart for splunk agent via the deployment server by use a particular app or configu... by aalhabbash1 Path Finder in Getting Data In 04-25-2019 0 1	0	1
How to create a new index? I am collecting the log files from my syslog server and defined the index for the source path but it is still sending... by sherrysafdar Explorer in Getting Data In 04-24-2019 0 9	0	9
Splunk integration with statuspage Hi All, I have requirement to show some of the dashboard metrics like service availability in status page. Wanted t... by kpavan Path Finder in Getting Data In 04-24-2019 1 0	1	0
How can I get/aggregate the current/latest values for all unique combination of metrics name + dims ? In Prometheus, I can get "all time series at current time" in Console, how can we achieve the same in Splunk Metrics ... by imgarytan Path Finder in Getting Data In 04-24-2019 0 1	0	1
Optimising redirection of an index I am redirecting an index however, I would like to possibly increase performance. My props.conf looks like this: [h... by m91886 New Member in Getting Data In 04-24-2019 0 5	0	5
Is there a way to control on which indexers an index resides in an indexer clustering environment? Hi I'm wondering if there is a way to control on which indexers an index resides E.g. there are 5 Indexers (+all th... by mathiask Communicator in Getting Data In 04-24-2019 0 4	0	4
REST API Reference Manual is partially incomplete If possible could all the necessary parameters be provided? I have discovered upon using the API myself that some of ... by olitod New Member in Getting Data In 04-24-2019 0 0	0	0
Why am I getting error "Couldn't determine $SPLUNK_HOME" trying to install universal forwarder credentials on Sandbox? I am trying to install the forwarder credentials on my sandbox and when I follow step 4 and put in my credentials ie:... by appzen Path Finder in Getting Data In 04-24-2019 0 3	0	3
Log merging Hello, I am trying to merge two lines logs, but no luck with it Splunk Enterprise 7.1.2 here is sample {"log":"Apr 0... by pgelnar_hci New Member in Getting Data In 04-24-2019 0 9	0	9