Getting Data In

Community Activity

How to remove header of a log? as I edit props.conf & transforms.conf to remove header of log , but it didn't work here is my config: props.conf [... by sabaKhadivi Path Finder in Getting Data In 03-16-2019 0 14	0	14
where is not working with JSON extracted with spath Hello there, I have the next JSON: { "idDeclaracion": "abc123", "prospecto": { "id": "1111", "edad": 24... by ivykp New Member in Getting Data In 03-15-2019 0 1	0	1
What are the basic troubleshooting steps in case of universal forwarder and heavy forwarder not forwarding data to Splunk? Most of the time, we are seeing that the Splunk universal forwarder or heavy forwarder is failing to forward data to ... by dkolekar_splunk Splunk Employee in Getting Data In 03-15-2019 3 5	3	5
how to push log4j data into splunk i have .log file generate by using log4j. now my task is to pass this .log file into splunk dashboard. can anyone exp... by nappana New Member in Getting Data In 03-15-2019 0 1	0	1
How to add new SSL input to heavy forwarder? Hi all, I am trying to add PAN traps logs into splunk. It is syslog and traps sends the log on SSL. I got the SSL ce... by graju89 Path Finder in Getting Data In 03-15-2019 0 3	0	3
index.conf wildcards don't seem to work I have set up the Universal Forwarder on a few machines with iis web servers. iis splits the logs into separate folde... by kmower Communicator in Getting Data In 03-15-2019 0 2	0	2
Retrieving Windows Event logs with hyphens in the name Hi Splunkers. I am trying to retrieve Windows event logs from and endpoint using a universal forwarder. Having proble... by torowa Path Finder in Getting Data In 03-15-2019 0 6	0	6
How to get a list of all hosts, which have NOT sent an event to Splunk in the last 3 days? This is the sample of the event field, start from EID are the data ingest from app, how can I get the output in last ... by francly Explorer in Getting Data In 03-15-2019 0 10	0	10
Why are the forwarders not sending anything other than _internal/metrics data? My home lab setup involves a handful of VMs sending data to an all-in-one instance of splunk. I had initially started... by jdsl Loves-to-Learn in Getting Data In 03-15-2019 0 5	0	5
How to save search result into a pdf and csv? Hi All, How to save the following result into pdf and csv format in my local pc stats count(eval(Column2="Success"... by uppukumar Explorer in Getting Data In 03-14-2019 0 2	0	2
Not getting logs from ADAuditplus using Splunk HTTP As per the documentation, I have generated a new token in Splunk and configured ADAuditplus using the token. However,... by damode Motivator in Getting Data In 03-14-2019 0 0	0	0
Globally change universal forwarder password I have the UF deployed on around 2000 windows clients. Both server and workstation editions. What would be the best w... by antlefebvre Communicator in Getting Data In 03-14-2019 5 7	5	7
Instruct Splunk PHP SDK to connect via HTTP not HTTPS I am having an issue connecting to a Splunk search head with the Splunk PHP SDK: http://x.x.x.x I get the error belo... by EricLloyd79 Builder in Getting Data In 03-14-2019 0 0	0	0
Forward data Hello splunkers I have indexer clustering environment with 1 master, 2 indexers (peer nodes) and 1 searchead I want... by rjfv8205 Path Finder in Getting Data In 03-14-2019 0 6	0	6
How to establish secure connection between Universal Forwarders and Heavy Forwarders in a distributed environment? Hi, Good day! We have distributed Splunk Enterprise setup, we are trying to establish secure SSL communication betw... by hartley Explorer in Getting Data In 03-14-2019 0 3	0	3
How to make "_indextime" as the time format for the event? hi I've got some data in below format SI01,2019-03-14,00:01:00,line1,somedata SI02,2019-03-14,00:02:00,line2,somedat... by koshyk Super Champion in Getting Data In 03-14-2019 0 3	0	3
Why is Splunk enterprise unable to read logs from specific directories? How can i read logs from specific directories from one of the AWS windows instance(let's call is Instance1) to other... by partix2 New Member in Getting Data In 03-14-2019 0 1	0	1
Scripted input is done many times regardless of interval setting. My environment : Splunk Indexer : 7.2.3 on Linux7 Splunk Deployment Server : 7.2.3 on Linux7 Universal Forwarder : 7... by yutaka1005 Builder in Getting Data In 03-13-2019 0 3	0	3
How do you set a human readable time format as earliest time? Hello, I have one table that produces start time and end time in "%d-%m-%Y %H:%M:%S" (09-01-2019 07:44:05) format. ... by AKG1_old1 Builder in Getting Data In 03-13-2019 0 6	0	6
need to help extract the timestamp value from eventlast seen field from aws. Hi Folks, we have ingested the aws logs using aws add on and able to see the logs. now we are trying to extract the ... by lksridhar Explorer in Getting Data In 03-13-2019 0 8	0	8
How to change the value of host field when receiving some devices log from one host? if I received 20 devices log from a single syslog server , how can I seperate host field to those 20 source of logs ... by sabaKhadivi Path Finder in Getting Data In 03-13-2019 0 2	0	2
Universal Forwarder on FreeBSD ARM (Netgate3100 - pfSense) Hi All, I would like to install an UF on an appliance pfSense (netgate3100). It's a FreeBSD running on ARM. In the... by berlierb New Member in Getting Data In 03-13-2019 0 1	0	1
How to isolate the indexer and search head from the same server box and move one of them to a different box? In our small Splunk environment, we have the search head and the indexer on the same server box. Due to performance i... by pdantuuri0411 Explorer in Getting Data In 03-13-2019 0 3	0	3
File system monitoring of text files that are overwritten The beginning and the end of the file are often the same, but we changed the data in the middle of the file, how do w... by Michael_Schyma1 Contributor in Getting Data In 03-13-2019 2 2	2	2
Scripted input not creating last event file I'm trying to create a script within a custom add-on that runs daily to pull data from an API endpoint. One of the ar... by wyattfg Engager in Getting Data In 03-13-2019 0 1	0	1