Getting Data In

Discussions

Thread Info

How to get secure syslog from keysecure/ safenetat appliance?

Hey splunksters, -Just curious if anyone has had success getting secure syslog over tcp-port 6514 . The safenet appl...

by Path Finder in

How to calculate difference between two time stamps

Hi, I have seen a few post on this subject, but none seem to fix my issue. I am trying to calculate the difference be...

by Engager in

Index time masking maintaining string length (continue)

Posting a new question similar to my query from post: https://community.splunk.com/t5/Getting-Data-In/Index-time-mask...

by Explorer in

Need to stop flodding of incidents in servicenow from splunk

I have below setting to generate incidents in Servicenow. This alert is schedule to trigger after every 5 min. But i...

by Explorer in

Index time masking maintaining string length

Hi, I want to do masking for logs at index time but the replaced value ("X" here) should be same character length a...

by Explorer in

Indexers SSL Problem

Hi guys. I'm trying to configure my two indexers to receive data with SSL. My inputs.conf configuration is: ...

by New Member in

How to get a list of all hosts installed with Universal Forwarder

I have a bunch of agents(hosts) in Appdynamics, I wanted to figure out that the Universal Forwarder is installed or n...

by New Member in

Alert for Hosts not Online

I'd like to know when a series of hosts go offline. What would be the best SPL to use with something like this? T...

by Communicator in

dynamic host name

My previous team has set a static host name in the input.conf. I am currently trying to make the IP as the host name....

by Explorer in

Sourcefile name changes at index time - intermittently

Hi All, I am currently ingesting plain text files with a filename format as follows - 4d618da0-48f0-430d-9c9f-10...

by Path Finder in

Frequency of kube:objects:pods sourcetype events

Hi all, Do you know, how to set up the frequency for the sourcetype="kube:objects:pods" events? Right now, in our s...

by Observer in

json extract field

i have one event entry like this indexed using props.conf entry like below. But this is not coming in json format ...

by Communicator in

All sourcetypes not getting thawed

I had to thaw data from index abc from 1 Dec 2019-30 Dec 2019 Steps performed: 1. Copied buckets into thaweddb f...

by Communicator in

CDP/LLDP data to Splunk

HelloI need to build network topology of my infrastructure.How can get cdp or lldp commands result to splunk.

by Loves-to-Learn in

Splunk workflow action "show Source" does not display logs in the format as original log file. is there a way?

Can we make the "show Source" option to display the log format same as the original log file?

by Loves-to-Learn Everything in

Log events are being merged for few cases

Hi I am facing a challenge with some of the splunk logs being merged as a one event. I have tried breaking them b...

by Engager in

Splunk event format not showing same as original log format on the source server

Hi Everyone, Can we make splunk to display the event in same format as the source log file? In other words can ...

by Loves-to-Learn Everything in

How to assign field to value?

Hi all, I am a new to Splunk and looking for some guidance. I have created a new sourcetype in my inputs.conf f...

by Loves-to-Learn in

How to Increase Message Ingestion Rate Using JMS Modular Input solace queue

Hi We're running JMS Modular Input (jmsta) on the Heavy Forwarder on Linux VM. We have 4 Heavy Forwarders with jmsta ...

by Engager in

syslog

How to know on which port my syslog data is coming from

by Communicator in

Getting Data In

Discussions

How to get secure syslog from keysecure/ safenetat appliance?

How to calculate difference between two time stamps

Index time masking maintaining string length (continue)

Need to stop flodding of incidents in servicenow from splunk

Index time masking maintaining string length

Indexers SSL Problem

How to get a list of all hosts installed with Universal Forwarder

Alert for Hosts not Online

dynamic host name

Sourcefile name changes at index time - intermittently

Frequency of kube:objects:pods sourcetype events

json extract field

All sourcetypes not getting thawed

CDP/LLDP data to Splunk

Splunk workflow action "show Source" does not display logs in the format as original log file. is there a way?

Log events are being merged for few cases

Splunk event format not showing same as original log format on the source server

How to assign field to value?

How to Increase Message Ingestion Rate Using JMS Modular Input solace queue

syslog

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >

Normalizing imported .evtx files with Splunk Windo...

Creating .Net WCF service and consuming it in Splu...

Crowdstrike Stream Stops Woking

Add data from forwarders requires copy of clustere...

Will upgrade to Splunk_TA_nix v8.2.0 still works w...