Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why am I getting the following error from the LineBreakingProcessor: "Truncating line because limit of 10000 bytes has been exceeded?"

Hi Team, I am using Splunk 7.1.1 and i have been getting this error constantly LineBreakingProcessor - Truncat...

by Engager in

override source field to a common source using transform.conf and props.conf

Hi I want to have a common source field for all my syslog. I have centralized syslog server where I am running spl...

by Engager in

How can I take multiple fields and time values and combine them into one?

Suppose I have 4 fields fields= "jobtype" values= A,B fields= "status" values=1,2,3,4,5,6 fields= "Time1" values=...

by New Member in

How to send few values from jenkins pipeline to splunk and report it

Hi, Thanks in advance for your help. I am new to splunk and working on building few reports in splunk from Jenk...

by Explorer in

Why is my bash scripted input failing on Ubuntu while it's OK on other distros?

Hello, I have an issue with a scripted input. I have 2 Linux on Amazon Web Services (AWS) : 1 based one AWS ...

by Communicator in

Can you help me create a search that would monitor activity to our login page from a single URL?

Hi Team, I hope that we are all well? I'm working on a search to assist in monitoring one of our web portals. W...

by Communicator in

How to use the universal forwarder to parse log files with a key value pair format and forward to splunk cloud

Hello, I'm trying to parse log entries that look like so EventTime=2018-12-07 10:06:31,Hostname=WIN-UE7JIIAK3I...

by New Member in

Why is host override in inputs.conf not working when it's IP?

I have remote servers dropping logs to a syslog server where I have a Splunk forwarder configured to push it to Splun...

by Engager in

How come replication isn't working on the Index cluster after a reboot?

We had to shut down one of the machines and create a new one. The cluster replication between the new and old ones do...

by Splunk Employee in

Why is the process bar getting stuck while uploading a second CSV file, while the first CSV was uploaded successfully?

I am trying to upload CSV file. I went through the following step. -setting>adddata>upload file>...while upload...

by Engager in

Can you help me figure out why our Windows Domain Controller is missing events?

We have a Windows Domain Controller(DC) that creates lots of security events. We are monitoring wineventlog://securit...

by New Member in

Why am I getting "ERROR BTreeCP - failed: failed to rename... Access is denied"

Has anybody ever had this error? If so, can you explain the meaning of it? Thanks 08-28-2016 22:03:18.924 -0400 ER...

by Explorer in

How to index Outlook365 inbox?

I have not seen any information or suggestions on how to index inbox messages from Outlook365. I understand it is jus...

by Explorer in

Can anyone help me configure props.conf and transforms.conf to parse the following timestamp?

Hi, I have a logfile which looks like this: 2018-12-06 02:53:18 * [13396] PASSED: ftp file X20181206025051227_X...

by Path Finder in

How to send different logs to different indexers from the same Universal Forwarder?

I have one universal forwarder (UF) that is sending production data to the production intermediate Forwarder (IF) and...

by Motivator in

How can I ingest Microsoft OneNote data from o365 into Splunk?

In an o365 environment, does anyone have experience with ingesting OneNote data into Splunk? We are using OneNote...

by Splunk Employee in

How do I change csv delimiter for standart splunk "export" button?

I have some dashboard panels I want to export using their native "Export" button ( I don't speak about outputcsv comm...

by New Member in

Is it possible in Splunk to monitor for the length of time a file has been in a directory?

It was an ask to monitor all .txt files in a directory and alert if any .txt file is in the directory for more than 5...

by Explorer in

CSV file not getting indexed in correct format through UF but parses correctly through WEB UI?

Has any one installed Splunk UF on Kali linux and faced any issues?.We have Splunk UF(7.1.1) installed on Kali linux ...

by Builder in

How do I extract a timestamp from an event with bracket characters?

Hello I am trying to extract a timestamp from this type of events. Here, 04 is the day of month and 12 is the mon...

by Explorer in

Getting Data In

Discussions

Why am I getting the following error from the LineBreakingProcessor: "Truncating line because limit of 10000 bytes has been exceeded?"

override source field to a common source using transform.conf and props.conf

How can I take multiple fields and time values and combine them into one?

How to send few values from jenkins pipeline to splunk and report it

Why is my bash scripted input failing on Ubuntu while it's OK on other distros?

Can you help me create a search that would monitor activity to our login page from a single URL?

How to use the universal forwarder to parse log files with a key value pair format and forward to splunk cloud

Why is host override in inputs.conf not working when it's IP?

How come replication isn't working on the Index cluster after a reboot?

Why is the process bar getting stuck while uploading a second CSV file, while the first CSV was uploaded successfully?

Can you help me figure out why our Windows Domain Controller is missing events?

Why am I getting "ERROR BTreeCP - failed: failed to rename... Access is denied"

How to index Outlook365 inbox?

Can anyone help me configure props.conf and transforms.conf to parse the following timestamp?

How to send different logs to different indexers from the same Universal Forwarder?

How can I ingest Microsoft OneNote data from o365 into Splunk?

How do I change csv delimiter for standart splunk "export" button?

Is it possible in Splunk to monitor for the length of time a file has been in a directory?

CSV file not getting indexed in correct format through UF but parses correctly through WEB UI?

How do I extract a timestamp from an event with bracket characters?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Any service to use GetMetricsData API from cloudwa...

Unable to add splunk universal forwarder as a side...

Blacklist Event IDs

How to handle huge payloads in splunk

Custom itsi_im_metrics / what is itsi_im_metrics_i...

Getting Data In

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>