Getting Data In

Community Activity

Controlling dispatch directory growth Hi, We have a continual issue in our environment with the $SPLUNK_HOME/var/run/dispatch directory growing out of con... by mark Path Finder in Getting Data In 01-06-2019 5 3	5	3
Discard one or more fields of a specific event without losing the rest of the fields of this event? Hi All, Please, how to discard one or more fields of a specific event without losing the rest of the fields of this ... by jfeitosa_real Path Finder in Getting Data In 01-04-2019 0 4	0	4
How do you Filter events from Json? Below is my JSON. I want to display all events where responseTime >11. Please assist. log: { [-] act... by ppanchal Path Finder in Getting Data In 01-04-2019 1 3	1	3
Is the REST API incomplete with respect to Deployment steps I went through the Splunk REST API documentation at http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTde... by perichandra Explorer in Getting Data In 01-04-2019 0 7	0	7
How to POST Saved Search XML/JSON Definition to REST API I can GET the definition of a saved search (report) from our dev server with a call like curl -k -u me:word https://... by RikH Engager in Getting Data In 01-03-2019 4 3	4	3
Why are the Index and SourceType names in our Active Directory forests not matching? We have two Active Directory forests in our enterprise with Universal Forwarders installed on all of our domain contr... by johannterc New Member in Getting Data In 01-03-2019 0 3	0	3
scripted input cron schedule I defined a scripted input: [script://$SPLUNK_HOME/etc/apps/ccbn/bin/get_domain_by_date] disabled = true host = dbse... by jskopis5668 Explorer in Getting Data In 01-03-2019 3 4	3	4
Why is my table field from JSON not working on all fields? We are working with the following JSON generated by a dcos/marathon api: When I run: index=dcos sourcetype="dcos:... by sboogaar Path Finder in Getting Data In 01-03-2019 0 9	0	9
How to index and use unstructured huge volume of data - Splunk HWF and SH cluster? Hi All, We are working on a clustered environment where splunk is fetching logs from various servers. In the source ... by jincy_18 Path Finder in Getting Data In 01-02-2019 0 1	0	1
How do I limit what kind of events go into Splunk to avoid daily license limit? Hi everyone, As the title suggests I was wondering if I can filter the logs that go into Splunk to avoid the daily v... by rung8 New Member in Getting Data In 01-02-2019 0 3	0	3
Why are my Windows security logs not coming from forwarders? What could be the possible reason that Windows security logs are not coming from the forwarders? How do I troublesho... by muizash Path Finder in Getting Data In 01-02-2019 0 1	0	1
How to extract the date from a filename at index-time to use as _time? I want to extract the year, month and day from the file name. The file name format is: aa_1_20180701.csv OR aa_2_2018... by WXY Path Finder in Getting Data In 01-02-2019 0 5	0	5
How do I run a shell script in a universal forwarder? I have a problem here. My shell script is not giving the complete output in the Splunk search head . What is the comm... by raj_mpl Path Finder in Getting Data In 01-02-2019 0 2	0	2
How to remove "missing" forwarders from the Distributed Management Console? When a server is decommissioned in our environment, it's brought offline, severing the communication with Splunk. The... by coltwanger Contributor in Getting Data In 01-02-2019 0 3	0	3
How read the data from splunk using search query using postman (not curl )get reuest. I want to know using postman how can find the result of below query sourcetype="httpevent" 69272d19-53a9-4539-b149-9... by kadamshridhar01 New Member in Getting Data In 01-01-2019 0 3	0	3
How to exclude a sourcetype from being indexed? I have a forwarder on 3 different servers which grabs all the data coming from those servers. There is 1 specific sou... by skoelpin SplunkTrust in Getting Data In 12-30-2018 0 8	0	8
indexes.conf - volume definitions: Mebi Or Megabytes? Hello Ninjas, Does anybody have an idea of how to properly define a volume of 5TB of total storage in indexes.conf? ... by claudio_manig Communicator in Getting Data In 12-28-2018 0 1	0	1
Splunk Forwarder logs to Splunk Indexer Do SplunkForwarder forward the metrics.log to the Splunk indexer automatically? I can see the splunkd.log files but n... by ssankeneni Communicator in Getting Data In 12-28-2018 0 4	0	4
Why don't I have access to source=metrics.logs at certain hours? In standalone environment why my splunk enterprise don't have "source=metrics.logs " at certain hours. by aab5272 Engager in Getting Data In 12-28-2018 0 2	0	2
How to enable and disable Rest End Point? Hi Experts I am trying to disable an alert using below rest API example provided in the documentation. It returns bac... by vaibhavagg2006 Communicator in Getting Data In 12-28-2018 0 19	0	19
How to disable PerfMON stats from remote windows Universal Forwarder? Hi All, I have a single instance Splunk 7.1.2 on Windows platform. I am getting lot of events related to Perfmon... by neerajshah81 Path Finder in Getting Data In 12-28-2018 0 20	0	20
Can you help me with communication and distribution of information from the universal forwarder to Indexer (cluster)? Good Morning, We have the following concern. We currently have several universal forwarders sending information to t... by efaundez Path Finder in Getting Data In 12-28-2018 0 1	0	1
How to configure SEDCMD in props.conf? Hi guys, I am having a really hard time figuring out how to get the sedcmd to work in props.conf. I'd appreciate any... by jpena323 Explorer in Getting Data In 12-28-2018 2 5	2	5
How do you filter windows logs by level? Is there any way to get only critical and error logs from Windows? I mean, Windows generates logs using different le... by crsupportddc Explorer in Getting Data In 12-28-2018 0 3	0	3
Comparing two huge csv files I have two csv files of email adresses that I want to compare by listing email adresses only available in one (and re... by salpaysog Explorer in Getting Data In 12-28-2018 0 2	0	2