Getting Data In

Community Activity

Why is my SEDCMD props.conf file not working? I have created a props.conf file under etc/system/local/props.conf The content is [default] SEDCMD-ipi2 = y/e/g/g ... by cbou Explorer in Getting Data In 04-04-2019 2 18	2	18
issues with SEDCMD I have the below file being indexed in spunk, { "records": [ { <event}} and I would like to get ... by rusty009 Path Finder in Getting Data In 04-04-2019 0 4	0	4
Can someone help us with our HTTP event collector 400 error? Hi all, Does anybody know which is the file logs where we could check if the syntax of a HTTP post request is corre... by sito82viso New Member in Getting Data In 04-04-2019 0 6	0	6
fully reindexing a file every time the datestamp changes I've a few different automated pulls of data into directories of files I want splunk to index. These files get compl... by mjones414 Contributor in Getting Data In 04-04-2019 1 15	1	15
How to prevent extremely old data from cooling / freezing Hello, I'm using Enron emails as test data for a training project, and I'm setting the timestamp to match the sent da... by jocobknight Explorer in Getting Data In 04-04-2019 0 4	0	4
How To Restart A Windows-based Service From A Triggered Alert - Run A Script Hi, I have created a Splunk alert that will be triggered when a Windows-based service is down (ie. Print Spooler). F... by bennykhoo New Member in Getting Data In 04-04-2019 0 1	0	1
Does TZ setting account for daylight savings time changes? Does anyone know if the TZ setting "US/Central" accounts for daylight savings time changes (e.g. TZ=US/Central)? by ddrillic Ultra Champion in Getting Data In 04-04-2019 0 4	0	4
AD FS - event ID 1102 Hello, I have encountered a problem with AD FS events that has the ID 1102. They are getting the action "cleared", ... by astatrial Contributor in Getting Data In 04-04-2019 0 3	0	3
Will Outputs.conf reflect the timestamp parameters? Hello Splunkers, I have outputs.conf in my Universal Forwarder at \etc\system\local\ , I am monitoring some log file... by sarvesh_11 Communicator in Getting Data In 04-04-2019 0 1	0	1
Issue with monitoring one specific log file Hi, I am monitoring multiple files/directory under different sourcetype. For one specific log file I am getting wie... by AKG1_old1 Builder in Getting Data In 04-04-2019 0 7	0	7
Why am I unable to set sourcetype in props.conf? I have a syslog feed sending me firewall data from a linux system. It calls that sourcetype syslog, of course. I'm f... by Michael Contributor in Getting Data In 04-04-2019 0 8	0	8
How does Splunk connect to the Universal forwarders — using IP or HostNames? Can anyone clarify if Splunk Deployment server and Indexer connects to Universal forwarder using hostname or IP addre... by arrangineni Path Finder in Getting Data In 04-03-2019 0 2	0	2
How to filter out data after specific event? Hi, I'm trying to filter out data after a specific event occurs. I want to drop all of the search data to display... by haph Path Finder in Getting Data In 04-03-2019 0 2	0	2
Syslog data to new Splunk instance I've recently inherited an old Splunk installation, and I'm in the process of migrating it over to a new updated inst... by bobmc859 New Member in Getting Data In 04-03-2019 0 13	0	13
Splunk build (SPLUNK_BUILD) for 7.1.2. I I'd need to run a custom docker build and it required the build hash to grab the release. Thanks. by wolstena New Member in Getting Data In 04-03-2019 0 0	0	0
Can anyone tell me where the "Destination app" can be set for a source type? Can anyone tell me where the "Destination app" can be set for a SourceType? When we try to change it in the GUI, we g... by RDAVISS Path Finder in Getting Data In 04-03-2019 0 0	0	0
Error while searching using the value from the input I have the following dynamic options for my "consumer" multiselect: index=$index$ \| fillnull value="not specified" ... by quintessence New Member in Getting Data In 04-03-2019 0 1	0	1
How to filter data by multiselect I'm trying to use multiselect for filtering my charts data: search "msg.mdc.headers.consumer{}"=$consumer$ , where... by quintessence New Member in Getting Data In 04-03-2019 0 1	0	1
Storing the SPLUNK logs on hard disks (different from C partition) Hi, I'v just installed the physical server and the SPLUNK application. Windows Server 2008 R2 (x64 - SPLUNK). On thi... by twieczorkowski Explorer in Getting Data In 04-03-2019 0 3	0	3
Line breaking not working with rolling log files Log file name : run_xxxxxxx_XXX_XXXXXX_XXX.log.04020830 This is the log file name and its suffix always ends with cu... by bishtk Communicator in Getting Data In 04-03-2019 0 3	0	3
Splunk mongod upgrade Our Security and Network team want to Upgrade Splunk MongoD due to vulnerability cases. in my own knowledge: Mongod a... by jadengoho Builder in Getting Data In 04-03-2019 0 1	0	1
Can you help me with an issue when adding a second indexer? one Search head / one indexer system — try to add a second indexer. After I added the second indexer, in the search ... by xindeNokia Path Finder in Getting Data In 04-02-2019 0 2	0	2
Is there an SPL command using REST to list the macros contained within a macro? Hello, I see that we can use SPL to get a list of arguments, "args", of a macro using the "rest" command. \| rest /se... by kdwsplunk Explorer in Getting Data In 04-02-2019 1 4	1	4
How do you configure props.conf for multiline events? Hi fellow Splunkers! Having issues configuring props.conf for sourcing data to Splunk. We have now spent a couple of... by emilbach New Member in Getting Data In 04-02-2019 0 8	0	8
DATETIME_CONFIG issue Im trying to base the timestamp in the logs on the current time using DATETIME_CONFIG = CURRENT in props.conf rather ... by Dark_Ichigo Builder in Getting Data In 04-02-2019 0 9	0	9