Getting Data In

Community Activity

Splunk Infrastructure: Is it possible to have a staging environment search head that is tied to production indexers to feed staging data for accurate testing? Hello all, We are planning out the infrastructure for Splunk at my company and I have a quick question if something ... by chawagon03 Path Finder in Getting Data In 03-18-2019 2 18	2	18
When trying to Install a Splunk forwarder on Linux, why am I getting the following error: 'splunk: command not found' I am trying to install the Splunk forwarder (for Splunk Cloud) on an Ubuntu 16.04 server using the instructions on th... by jeffsuchomel Engager in Getting Data In 03-18-2019 0 2	0	2
How can I override an index name based on sourcetype? I want to override the index name of my events (assigned at the forwarder) with a new index name based on sourcetype. by rphillips_splk Splunk Employee in Getting Data In 03-17-2019 1 4	1	4
Replicate a subset of data to a third-party system for specific index Hi team i need to foward a copy data from specific index to third-party system, someone knows how i can do that re... by evinasco Communicator in Getting Data In 03-17-2019 0 3	0	3
logs from host is there any internal index which can tell me that this host is sending logs to how many indexes and which sourcetype... by rashid47010 Communicator in Getting Data In 03-17-2019 0 1	0	1
Why are our Splunk indexes not showing all log entries from server? We have a tomcat application generating logs on the server, which are then indexed and available in Splunk. For the p... by gsonal03 New Member in Getting Data In 03-16-2019 0 14	0	14
Issues with Ingesting Static File Hi Team, I've come across an odd problem, and I'm not sure where to start in troubleshooting. Once a week, on a Sun... by MikeElliott Communicator in Getting Data In 03-16-2019 0 4	0	4
What time is displayed in raw splunk logs I am trying to debug issues related to delay in splunk forwarding or indexing in a separate splunk query "https://ans... by gsonal03 New Member in Getting Data In 03-16-2019 0 3	0	3
Where is the Inputs.conf file located? Im new to Splunk so this question may seem a bit low level, but I couldn't find anything helpful. I read several tut... by cramery New Member in Getting Data In 03-16-2019 0 3	0	3
How to remove header of a log? as I edit props.conf & transforms.conf to remove header of log , but it didn't work here is my config: props.conf [... by sabaKhadivi Path Finder in Getting Data In 03-16-2019 0 14	0	14
where is not working with JSON extracted with spath Hello there, I have the next JSON: { "idDeclaracion": "abc123", "prospecto": { "id": "1111", "edad": 24... by ivykp New Member in Getting Data In 03-15-2019 0 1	0	1
What are the basic troubleshooting steps in case of universal forwarder and heavy forwarder not forwarding data to Splunk? Most of the time, we are seeing that the Splunk universal forwarder or heavy forwarder is failing to forward data to ... by dkolekar_splunk Splunk Employee in Getting Data In 03-15-2019 3 5	3	5
how to push log4j data into splunk i have .log file generate by using log4j. now my task is to pass this .log file into splunk dashboard. can anyone exp... by nappana New Member in Getting Data In 03-15-2019 0 1	0	1
How to add new SSL input to heavy forwarder? Hi all, I am trying to add PAN traps logs into splunk. It is syslog and traps sends the log on SSL. I got the SSL ce... by graju89 Path Finder in Getting Data In 03-15-2019 0 3	0	3
index.conf wildcards don't seem to work I have set up the Universal Forwarder on a few machines with iis web servers. iis splits the logs into separate folde... by kmower Communicator in Getting Data In 03-15-2019 0 2	0	2
Retrieving Windows Event logs with hyphens in the name Hi Splunkers. I am trying to retrieve Windows event logs from and endpoint using a universal forwarder. Having proble... by torowa Path Finder in Getting Data In 03-15-2019 0 6	0	6
How to get a list of all hosts, which have NOT sent an event to Splunk in the last 3 days? This is the sample of the event field, start from EID are the data ingest from app, how can I get the output in last ... by francly Explorer in Getting Data In 03-15-2019 0 10	0	10
Why are the forwarders not sending anything other than _internal/metrics data? My home lab setup involves a handful of VMs sending data to an all-in-one instance of splunk. I had initially started... by jdsl Loves-to-Learn in Getting Data In 03-15-2019 0 5	0	5
How to save search result into a pdf and csv? Hi All, How to save the following result into pdf and csv format in my local pc stats count(eval(Column2="Success"... by uppukumar Explorer in Getting Data In 03-14-2019 0 2	0	2
Not getting logs from ADAuditplus using Splunk HTTP As per the documentation, I have generated a new token in Splunk and configured ADAuditplus using the token. However,... by damode Motivator in Getting Data In 03-14-2019 0 0	0	0
Globally change universal forwarder password I have the UF deployed on around 2000 windows clients. Both server and workstation editions. What would be the best w... by antlefebvre Communicator in Getting Data In 03-14-2019 5 7	5	7
Instruct Splunk PHP SDK to connect via HTTP not HTTPS I am having an issue connecting to a Splunk search head with the Splunk PHP SDK: http://x.x.x.x I get the error belo... by EricLloyd79 Builder in Getting Data In 03-14-2019 0 0	0	0
Forward data Hello splunkers I have indexer clustering environment with 1 master, 2 indexers (peer nodes) and 1 searchead I want... by rjfv8205 Path Finder in Getting Data In 03-14-2019 0 6	0	6
How to establish secure connection between Universal Forwarders and Heavy Forwarders in a distributed environment? Hi, Good day! We have distributed Splunk Enterprise setup, we are trying to establish secure SSL communication betw... by hartley Explorer in Getting Data In 03-14-2019 0 3	0	3
How to make "_indextime" as the time format for the event? hi I've got some data in below format SI01,2019-03-14,00:01:00,line1,somedata SI02,2019-03-14,00:02:00,line2,somedat... by koshyk Super Champion in Getting Data In 03-14-2019 0 3	0	3