Getting Data In

Community Activity

Can you retrieve the /results/ endpoint using \|REST instead of a curl? Hi all, Before I dive into the issue, I'd like to explain the goal: I have a search that returns some fields includ... by jadamsplunk Path Finder in Getting Data In 01-07-2019 0 1	0	1
How do you alert on a date change in Windows Security Logs? Hello, I am looking to create an alert when a date change of more than a minute in Windows Security Logs. in my lo... by zmmt New Member in Getting Data In 01-07-2019 0 2	0	2
PCI Compliance: What app should I use to monitor Azure data logs? We are currently working on PCI Compliance project and need to monitor the Azure Data Logs. What app would you recomm... by amulay26 Path Finder in Getting Data In 01-07-2019 0 6	0	6
Best way to index Microsoft Azure logs? Hi What is the best practice to ingest windows events logs from Azure servers? Do we have to install Splunk Forwarde... by kiran331 Builder in Getting Data In 01-07-2019 0 3	0	3
How do I stream Metrics to Azure Event Hub to be pulled By HF? I'm using an HF to pull log/metric data from Azure event Hub. I know how to stream Activity log/diagnostic logs to A... by Koko12345678 Explorer in Getting Data In 01-07-2019 0 1	0	1
How to sync log files with AWS S3 AND send to Splunk Indexer using Splunk forwarder? Hi, Logs Location :Windows machines. C:\Logs I'm syncing our application Logs folder (containing text data, extensio... by koppolu17 Explorer in Getting Data In 01-07-2019 0 1	0	1
"Received event for unconfigured/disabled/deleted Hi All, "Received event for unconfigured/disabled/deleted " Facing the above message from number of host with differ... by rakeshksingh New Member in Getting Data In 01-07-2019 0 4	0	4
Is there a way to disable splunk btool check upon start of a forwarder? Apparently all splunk components run the splunk btool check upon a component restart. Is there a way to disable it es... by ddrillic Ultra Champion in Getting Data In 01-07-2019 0 3	0	3
How do you recursively search an Active Directory Global Groups from a CSV (or lookup table) file? Hi, I'm currently using this command to search the entire domain for Group memberships. It only gives me user object... by ajdyer2000 Path Finder in Getting Data In 01-07-2019 0 1	0	1
help for linking my request with a token hi i use the request below and I want to link it with a token my token is called "tok_filterhost" and I add host=$tok... by jip31 Motivator in Getting Data In 01-06-2019 0 5	0	5
Does splunk clean all remove server names? We are trying to put our Splunk Indexer on a Windows system image. Based on the documentation, stopping the Splunk ... by kenoski Path Finder in Getting Data In 01-06-2019 0 6	0	6
Controlling dispatch directory growth Hi, We have a continual issue in our environment with the $SPLUNK_HOME/var/run/dispatch directory growing out of con... by mark Path Finder in Getting Data In 01-06-2019 5 3	5	3
Discard one or more fields of a specific event without losing the rest of the fields of this event? Hi All, Please, how to discard one or more fields of a specific event without losing the rest of the fields of this ... by jfeitosa_real Path Finder in Getting Data In 01-04-2019 0 4	0	4
How do you Filter events from Json? Below is my JSON. I want to display all events where responseTime >11. Please assist. log: { [-] act... by ppanchal Path Finder in Getting Data In 01-04-2019 1 3	1	3
Is the REST API incomplete with respect to Deployment steps I went through the Splunk REST API documentation at http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTde... by perichandra Explorer in Getting Data In 01-04-2019 0 7	0	7
How to POST Saved Search XML/JSON Definition to REST API I can GET the definition of a saved search (report) from our dev server with a call like curl -k -u me:word https://... by RikH Engager in Getting Data In 01-03-2019 4 3	4	3
Why are the Index and SourceType names in our Active Directory forests not matching? We have two Active Directory forests in our enterprise with Universal Forwarders installed on all of our domain contr... by johannterc New Member in Getting Data In 01-03-2019 0 3	0	3
scripted input cron schedule I defined a scripted input: [script://$SPLUNK_HOME/etc/apps/ccbn/bin/get_domain_by_date] disabled = true host = dbse... by jskopis5668 Explorer in Getting Data In 01-03-2019 3 4	3	4
Why is my table field from JSON not working on all fields? We are working with the following JSON generated by a dcos/marathon api: When I run: index=dcos sourcetype="dcos:... by sboogaar Path Finder in Getting Data In 01-03-2019 0 9	0	9
How to index and use unstructured huge volume of data - Splunk HWF and SH cluster? Hi All, We are working on a clustered environment where splunk is fetching logs from various servers. In the source ... by jincy_18 Path Finder in Getting Data In 01-02-2019 0 1	0	1
How do I limit what kind of events go into Splunk to avoid daily license limit? Hi everyone, As the title suggests I was wondering if I can filter the logs that go into Splunk to avoid the daily v... by rung8 New Member in Getting Data In 01-02-2019 0 3	0	3
Why are my Windows security logs not coming from forwarders? What could be the possible reason that Windows security logs are not coming from the forwarders? How do I troublesho... by muizash Path Finder in Getting Data In 01-02-2019 0 1	0	1
How to extract the date from a filename at index-time to use as _time? I want to extract the year, month and day from the file name. The file name format is: aa_1_20180701.csv OR aa_2_2018... by WXY Path Finder in Getting Data In 01-02-2019 0 5	0	5
How do I run a shell script in a universal forwarder? I have a problem here. My shell script is not giving the complete output in the Splunk search head . What is the comm... by raj_mpl Path Finder in Getting Data In 01-02-2019 0 2	0	2
How to remove "missing" forwarders from the Distributed Management Console? When a server is decommissioned in our environment, it's brought offline, severing the communication with Splunk. The... by coltwanger Contributor in Getting Data In 01-02-2019 0 3	0	3