Getting Data In

Discussions

Thread Info

Can you help me configure my universal forwarder (UF) to relay data to another UF?

So something interesting I found out: you can configure universal forwarder relaying. Basically one universal forw...

by New Member in

Are any Fluentd apps Splunk vetted/supported? Or is there a preferred cloud-native solution for logging Kubernetes logs?

We’re looking to get our Kubernetes logs into Splunk and it appears the best (most cloud native) way to do that is to...

by Path Finder in

I have some data, if the message contains a word which is in a csv file, then results should show in a table. How should I edit my search?

I have some data, if the message contains a word which is in a csv file, then results should show in a table. How sho...

by Communicator in

Without have access to the universal forwarder, can I check whether it is sending data to the heavy forwarder?

Hi All, I am relatively new to Splunk, In my environment we are using deployment server to manage the deployment a...

by New Member in

In Splunk Enterprise, Is it possible to upgrade Splunk universal forwarder from 6.2 to 7.2 in one step?

Hello, is it possible to Upgrade the universal forwarder in one Step from 6.2 to 7.1 or is a intermediate step (Up...

by Explorer in

Change sourcetype via field extraction and transforms

Hi there, One of UF is configured to send logs to sourcetype testData. I'd like to push some of those logs matchin...

by Explorer in

REST /services/data/indexes gives me the wrong numbers. How do I fix that?

I have a report running the following search: | REST /services/data/indexes | WHERE substr(title,1,1)!="_" | dedup...

by Explorer in

How do I ingest Cisco Advanced Malware Protection (AMP) for endpoint logs into Splunk?

Hello, Is there an Add-on using API to ingest Cisco AMP logs into Splunk. I tried using streamer, but it's not pul...

by Builder in

How do I use HTTP Event Collector without a MINT project?

Hi all, We're using Splunk enterprise and the HTTP Event Collector. Now I was wondering if we could use the Mint m...

by New Member in

I have data that is not always confined to one day, but my reports should report over whole days.

I have data that is not always confined to one day, but my reports should report over whole days. Not sure how to ...

by Engager in

Can you help me with a question about extracting timestamps?

I have below timestamps in my events 2018-09-14-19.50.21.057230 2018-09-14-19.51.10.675968 I only want to extr...

by New Member in

At what point in the batch Input process is a file deleted?

I am doing some testing on batch inputs and trying to find out when the batch input deletes a file. Does it immediate...

by Explorer in

In search results, why is API ignoring the count parameter?

I'm using API call to retrieve results of the job search/jobs/{search_id}/results. I'm running the following comma...

by New Member in

Using only set of data with latest timestamp

I have a data that comes from Splunk DB Connect in batch, this comes multiple times a day, But I only want to use lat...

by Path Finder in

How do I pull a log file directly in as a metric?

All, I am playing with metricbeat and I am happy camper with it. I was wondering if there was a way to pull the m...

by Builder in

Can you help me come up with a brutal but clever Date and Time Parsing?

I'm working with a date and time field that's causing a headache. I need to parse it to epoch but using strptime(MyIn...

by Builder in

Can you configure a heavy forwarder to route raw data to a local file?

I need a capture some raw data before it is indexed and sent to a 3rd party application (via tcp_routing and transfor...

by Builder in

With a [syslog] output to 3rd party using TCP, why does TCP stop talking to index cluster when 3rd party is not contactable?

Hello, I am sending some source types to a 3rd party via SYSLOG as the output as TCP not UDP. All works fine unti...

by Path Finder in

Converting Windows Event Log to rsyslog format

I am trying to aggregate our windows and Linux logs from universal forwarders to a heavy forwarder, finally, to our i...

by New Member in

Parser Error in HttpEventCollector

Hi Team, We are using httpevent collector to extract the data from boomerang.js. In recent days, we are receiving ...

by Explorer in

When trying to run a PowerShell script with New-PSDrive and PSCredentials, why am I getting the following error?: "A specified logon session does not exist. It may already have been terminated"

I have Windows Server 2008 R2 SP1. I'm able to run a ps1 script with Get-Process just fine. But, when I try to ...

by Path Finder in

Is there a way to search for the time elapsed as an event traverses between different source types?

Hi ALL, So i'm working for a manufacturing company and have managed to index all logs (good Start). I have an orde...

by Path Finder in

Is there a way to have Splunk take in data and come up with points based on the data by itself(without us having to tell Splunk what is required)?

Is there any module or solution within Splunk that can take in any form of data and come up with points based on the ...

by Builder in

How can I clean up "$splunk_home/var/run/searchpeers" on indexer?

Is there a process to clean up $splunk_home/var/run/searchpeers directory on my indexers? I see *.delta files there f...

by Path Finder in

Prop & Transform a Sourcetype & a Sentenc

I have a Prop & Transform file. In it, I'm trying to parse a specific field and label it as a source type. I had it w...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Can you help me configure my universal forwarder (UF) to relay data to another UF?

Are any Fluentd apps Splunk vetted/supported? Or is there a preferred cloud-native solution for logging Kubernetes logs?

I have some data, if the message contains a word which is in a csv file, then results should show in a table. How should I edit my search?

Without have access to the universal forwarder, can I check whether it is sending data to the heavy forwarder?

In Splunk Enterprise, Is it possible to upgrade Splunk universal forwarder from 6.2 to 7.2 in one step?

Change sourcetype via field extraction and transforms

REST /services/data/indexes gives me the wrong numbers. How do I fix that?

How do I ingest Cisco Advanced Malware Protection (AMP) for endpoint logs into Splunk?

How do I use HTTP Event Collector without a MINT project?

I have data that is not always confined to one day, but my reports should report over whole days.

Can you help me with a question about extracting timestamps?

At what point in the batch Input process is a file deleted?

In search results, why is API ignoring the count parameter?

Using only set of data with latest timestamp

How do I pull a log file directly in as a metric?

Can you help me come up with a brutal but clever Date and Time Parsing?

Can you configure a heavy forwarder to route raw data to a local file?

With a [syslog] output to 3rd party using TCP, why does TCP stop talking to index cluster when 3rd party is not contactable?

Converting Windows Event Log to rsyslog format

Parser Error in HttpEventCollector

When trying to run a PowerShell script with New-PSDrive and PSCredentials, why am I getting the following error?: "A specified logon session does not exist. It may already have been terminated"

Is there a way to search for the time elapsed as an event traverses between different source types?

Is there a way to have Splunk take in data and come up with points based on the data by itself(without us having to tell Splunk what is required)?

How can I clean up "$splunk_home/var/run/searchpeers" on indexer?

Prop & Transform a Sourcetype & a Sentenc

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

RegEx data after curly brackets

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction