Getting Data In

Community Activity

Collecting Windows Events via A Forwarder but Groups are not being resolved Hello I am collecting Windows Events using Windows Events Forwarding. On the Windows Event Collector I have a univer... by davidwaugh Path Finder in Getting Data In 04-15-2019 0 1	0	1
How to use date in filename as the timestamp for each event? I need to index files that are summaries of data for a particular day. The data within the file is basically csv for... by lyndac Contributor in Getting Data In 04-15-2019 0 9	0	9
Configuring udp with multiple ipaddress Hi, I would like to configure my inputs.conf with udp on port 514. Like below: udp://[remote_server]:[port_number] ... by santosh_hb Explorer in Getting Data In 04-15-2019 0 5	0	5
How to feed syslog of another Cisco device to Splunk? There are two Cisco devices; I call them “1st IP” and “2nd IP” hereafter. I have managed to configured and send sysl... by splunkbeginner Engager in Getting Data In 04-15-2019 0 0	0	0
How to compare values in 2 fields and column that show Success/Failure? I have 2 fields as below Field1 Field2 abc abc def jkl ghi wxy jkl pqr wxy I have to... by shreyasathavale Communicator in Getting Data In 04-14-2019 0 3	0	3
OTX/ET Rules import into Splunk So I am running SecurityOnion 16.04 and using Suricata/Zeek. Suricata - ET Rules/Snort Rules Zeek - AlienVault OTX... by ddecker03 Loves-to-Learn Everything in Getting Data In 04-14-2019 0 0	0	0
How to setup a filter to drop specific events on the heavy forwarder? Hello, I'm trying to setup a filter to drop specific events that contain an event name from AWS. I've read through th... by arlombar1 Explorer in Getting Data In 04-13-2019 0 4	0	4
Extract JSON device information from a long string I have okta data. One of the fields - id - contains a whole string of data which includes the browser and the app an... by bbknowles Explorer in Getting Data In 04-13-2019 0 3	0	3
File monitoring in inputs.conf I want to configure an file in a directory which will be rolling over to new file within 2mins. I tried basic inputs.... by Boopalan New Member in Getting Data In 04-13-2019 0 2	0	2
What is the best practice for collecting Windows Event Logs? Windows event logs can be gathered both via WinEventLog in inputs.conf and also via WMI and event_log_file in wmi.con... by arechenberg Explorer in Getting Data In 04-12-2019 0 8	0	8
Can you help me with some Windows DNS log parsing issues? I am trying to ingest Windows DNS trace logs to Splunk. The Windows servers running the DNS service are running local... by mnamestnik Explorer in Getting Data In 04-12-2019 0 2	0	2
Splunk Blacklist not working on log files containing .info. Hi Splunk community, I have created a custom monitor that I hoped would "blacklist" and exclude from indexing all fi... by rorymcdonald060 Engager in Getting Data In 04-12-2019 0 0	0	0
TrendMicro ServerProtect Logs? Anyone have any luck getting TrendMicro ServerProtect logs? The logs appear to be stored in binary format. by ldnail_at_TI Path Finder in Getting Data In 04-12-2019 0 3	0	3
Unable to get the firewall data in splunk from syslogs server? How to troubleshoot this issue. Hi All, Currently got a request to ingest the newly configured Paloalto device data into splunk. Configured syslog-n... by Hemnaath Motivator in Getting Data In 04-11-2019 1 9	1	9
Has anyone encountered "Enabling dead letter queue is required for the SQS queue in this input" when creating an input for ELB Access Logs? When trying to create an input for ELB Access Logs --> SQS Based S3, I'm receiving a warning, "Enabling dead letter q... by rroman23 Engager in Getting Data In 04-11-2019 3 1	3	1
How is data handled with indexes.conf when the index is removed? Hello! I stumbled across something interesting today while removing a test indexer from a deployment server. It remo... by matthewssa Path Finder in Getting Data In 04-11-2019 1 1	1	1
Why can't I add a stylesheet and script to my simple xml dashboard? I have a simple XML dashboard that is calling two stylesheets and two scripts: <form stylesheet="styleA.css, styleB.... by matstap Communicator in Getting Data In 04-11-2019 0 2	0	2
splunk doesnt return all the results using rest api I'm retrieving data from Splunk using rest API via production port 8980, on the GUI I can see 770 events when I retri... by ikenahim New Member in Getting Data In 04-11-2019 0 1	0	1
Importing validated JSON (RFC 4627) does not split events Hi, we have a service which is showing details for he latest last 10 executed jobs in a JSON (RFC 4627) format. I alr... by timodellai New Member in Getting Data In 04-11-2019 0 1	0	1
Multiple wildcards for file path in inputs.conf I need to monitor a file under multiple similar paths, the full path can be dynamic so putting absolute path is not a... by budimaos Engager in Getting Data In 04-10-2019 0 0	0	0
What is the best way to ingest 300gb csv to splunk? I tried ingesting it using add oneshot then midway through it, splunk suddenly stops. Aside from splitting the file,... by rajyah Communicator in Getting Data In 04-10-2019 1 3	1	3
How to check if the indexer has indexed my data or not ? I recently did a splunk confugiration. When I do a "splunk list monitor" on the forwarder , I see the logs are gettin... by joydeep741 Path Finder in Getting Data In 04-10-2019 0 5	0	5
How to exclude specific time ranges in search results I have a datasource which contains availability statistics from an application. I also have a predetermined maintenan... by jedatt01 Builder in Getting Data In 04-10-2019 4 4	4	4
How do I configure Splunk to filter out events I don’t want to index? A lot of the Windows Security Events we see in Splunk, come from system-users that we're not interested in. I know th... by mctester Communicator in Getting Data In 04-10-2019 4 3	4	3
Metrics Index - How to get metric_searchtime field value in search result I uploaded a csv file in metric index. I can see index's data there is no issue in that. My query is: I want to get ... by shadabgaur New Member in Getting Data In 04-10-2019 0 3	0	3