Getting Data In

Discussions

Thread Info

How do I fine tune a JSON extraction from inside a log file using the "add data" wizard?

Hello everyone, I have a Log file with JSON format in it like this : 12:48:12.3194 Info {"message":"Test ListOf...

by New Member in

Internally Signed Certificate Error

I am trying to configure our web interface to have a certificate for connections (i.e. https://fqdn:8000). I am runni...

by Contributor in

Tomcat 7.0 Logs on Windows Server 2012 R2

Hi, I'm pretty new to using the universal forwarder on Windows Servers. Our indexer Server is running on 7.2.0 and...

by New Member in

IIS Logs and Universal Forwarder?

Hi, I am trying to forward IIS logs from one of the server that has forwarder installed. I have below config setti...

by Explorer in

How do I compare the count of the same field from different sources?

Hi, Now I have a problem: I have a index data which has multiple sources and they have the same sourcetype. ...

by Path Finder in

Date_Time Stamp from when the file was created or modified

Hi Guys, I have a CSV file that is created periodically that I have been asked to bring into Splunk. The events i...

by Path Finder in

Can I replace a field at parsing stage with a hash (using sha2 for example)?

Hi answers! I would like to replace some information I get in Splunk. For example, I get some user names (user=karlo)...

by Explorer in

Regexp for transform.conf doesnt work

Splunk receive a log like this: Nov 15 13:02:10 172.20.20.3 test WARNING 1 "Invalid path" 178.217.60.3 0 10.18.7.9...

by New Member in

What app can generate the topology in the picture?

Hi, I wang to use splunk monitor my whole datacenter , i notice fllow introduce of infrastructure monitoring : ...

by Engager in

Why is eventtype not tagging 100% of events?

In an attempt to explain this right... We have set up multiple eventtypes to different occurrences. For exampl...

by New Member in

How come I can't get the Splunk blacklist subfolder to work?

hi, I am trying to blacklist a subfolder in a particular directory. The subfolder i am trying to blacklist is a...

by Explorer in

How to import exported windows eventlog to eventviewer for indexing?

I have exported evt files on Windows. I would like to index it by splunk. I know splunk on windows can index their ow...

by Builder in

Introspecting scheme=WinEventLog: killing process, because executing it took too long

I met an error to start collecting WinEventLog when starting Universal Forwarder 6.6.2 on Windows Server 2008R2(x64)....

by Engager in

Universal Forwarder Fishbucket growing.

Hi All, The UF (6.6.2) on our AIX server has an issue where the fishbuckets are growing in size 3gb + even after s...

by Explorer in

Can you help me with my Line Breaker and event time setting issue?

Hello, I have the source type SID_transports for the ingestion of the SAP ABAP transport logs. They are in the fol...

by Builder in

Why are the events being cut off at 257 lines in xml data?

Hi, I have xml data that can have up to 500+ lines but Splunk is truncating at 257 lines. I've been trying combina...

by Explorer in

Ingestion: Dividing 3 sections of data in TSV.

Good day Splunkers! We have this case that in one TSV are 3 types or categories of data. The first and third se...

by Communicator in

help with time_prefix

Hi, I'm using data preview to test some new feeds, and while the event breaking is fine, I'm getting a warning mes...

by Champion in

Why does Splunk automatically resets/removes selected filters?

Hi all, I am having a minor problem which can be a bit annoying if it happens often. We run a few dashboards combi...

by New Member in

savedsearch not returing more than 10000 results

I have changed action.email.maxresults for one of my savedsearch from 10000 to 100000 but that is not working and I d...

by Communicator in

Splunk Stream - DNS Logs

All, I have enabled Splunk Stream on a single domain controller as a test to monitor the DNS traffic. It's largel...

by Builder in

How do you add a timestamp onto a log that has a second counter in the log?

Hi, I have a log that has a second counter inside it, 1 2...11... 3601...etc . So data i have 1 Data XXYXX 2 Da...

by Influencer in

How should I go about using one forwarder for all servers?

Hi Splunk community, I want to have a single forwarder for every on-premise domain controller in my network, inste...

by Engager in

Why do my inline eval statements work with spath, but do not as calculated fields in props.conf?

Why does this work: index=dns sourcetype=stream:dns | eval host_addresses=spath(_raw,"host_addr{}") | eval hostnam...

by Communicator in

Can you help me with my Splunk Universal Forwarder starting problem?

Hello. I am troubleshooting a universal forwarder installed on a Windows system. I noticed that the SplunkForwarder s...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do I fine tune a JSON extraction from inside a log file using the "add data" wizard?

Internally Signed Certificate Error

Tomcat 7.0 Logs on Windows Server 2012 R2

IIS Logs and Universal Forwarder?

How do I compare the count of the same field from different sources?

Date_Time Stamp from when the file was created or modified

Can I replace a field at parsing stage with a hash (using sha2 for example)?

Regexp for transform.conf doesnt work

What app can generate the topology in the picture?

Why is eventtype not tagging 100% of events?

How come I can't get the Splunk blacklist subfolder to work?

How to import exported windows eventlog to eventviewer for indexing?

Introspecting scheme=WinEventLog: killing process, because executing it took too long

Universal Forwarder Fishbucket growing.

Can you help me with my Line Breaker and event time setting issue?

Why are the events being cut off at 257 lines in xml data?

Ingestion: Dividing 3 sections of data in TSV.

help with time_prefix

Why does Splunk automatically resets/removes selected filters?

savedsearch not returing more than 10000 results

Splunk Stream - DNS Logs

How do you add a timestamp onto a log that has a second counter in the log?

How should I go about using one forwarder for all servers?

Why do my inline eval statements work with spath, but do not as calculated fields in props.conf?

Can you help me with my Splunk Universal Forwarder starting problem?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...