Getting Data In

Discussions

Thread Info

What do we need to write in TIME_FORMAT in props.conft to extract a timestamp?

How do you extract a timestamp in an event like this "2018-12-05T00:31:03.711Z"? Like, what do we need to write in...

by Motivator in

Can I run the btool command on a universal forwarder without running shell or powershell script?

I would like to run a scheduled Splunk btool command using scripted input to index configs every few hours. I cannot ...

by Contributor in

Can you help me set up our heavy forwarder for the following event filtering necessities?

Hello, Can someone please direct me to the Splunk docs tutorial, or any video, that would show me how to use the h...

by New Member in

Why can't I blacklist Windows Security EventCode 5152 in inputs.conf?

Hello, I am trying to blacklist EventCode 5152 in inputs.conf. I have tried putting it in a different order in the...

by Explorer in

How do you filter results after using the tostring "duration"?

I used the answer from this thread to create my query, but I can't figure out how to narrow them down. https://answer...

by Explorer in

Why is my regex in transforms.conf for source in props.conf not working for one of three Indexers?

I'm trying to use a regex in a transforms.conf file on the Indexer to prevent indexing of informational and debug mes...

by Path Finder in

How can I split my data to show the average based on column values?

I am using the following query to split my data to show the average, min, and max based on the fields. But, I seem to...

by Path Finder in

How does the deployment client decide which ipv4 address (of possibly multiple) to present when phoning home?

The other day I came across universal forwarder based deployment client which was not receiving deployment server app...

by Builder in

File can't be indexed

Hi Team, I have on file (is the picture) that are unable to catch and index i have this configuration i...

by Explorer in

How do I make my heavy forwarder, which is already configured, into a deployment server?

I have a Splunk Cloud instance and a heavy forwarder that sends in all my data into my cloud instance. I will now be ...

by Engager in

custom fields are not returned in search/jobs end point

Hi, The custom fields set in search/jobs POST are not returned in search/jobs GET. In earlier versions of splunk t...

by Influencer in

Can you help me get multiple fields from a single field in JSON?

The text field in my event contains A LOT of data. json snipped : {"Date":"2018-12-05T12:04:04.71","ID":"000000...

by Engager in

Why am I getting the following error from the LineBreakingProcessor: "Truncating line because limit of 10000 bytes has been exceeded?"

Hi Team, I am using Splunk 7.1.1 and i have been getting this error constantly LineBreakingProcessor - Truncat...

by Engager in

override source field to a common source using transform.conf and props.conf

Hi I want to have a common source field for all my syslog. I have centralized syslog server where I am running spl...

by Engager in

How can I take multiple fields and time values and combine them into one?

Suppose I have 4 fields fields= "jobtype" values= A,B fields= "status" values=1,2,3,4,5,6 fields= "Time1" values=...

by New Member in

How to send few values from jenkins pipeline to splunk and report it

Hi, Thanks in advance for your help. I am new to splunk and working on building few reports in splunk from Jenk...

by Explorer in

Why is my bash scripted input failing on Ubuntu while it's OK on other distros?

Hello, I have an issue with a scripted input. I have 2 Linux on Amazon Web Services (AWS) : 1 based one AWS ...

by Communicator in

Can you help me create a search that would monitor activity to our login page from a single URL?

Hi Team, I hope that we are all well? I'm working on a search to assist in monitoring one of our web portals. W...

by Communicator in

How to use the universal forwarder to parse log files with a key value pair format and forward to splunk cloud

Hello, I'm trying to parse log entries that look like so EventTime=2018-12-07 10:06:31,Hostname=WIN-UE7JIIAK3I...

by New Member in

Why is host override in inputs.conf not working when it's IP?

I have remote servers dropping logs to a syslog server where I have a Splunk forwarder configured to push it to Splun...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

What do we need to write in TIME_FORMAT in props.conft to extract a timestamp?

Can I run the btool command on a universal forwarder without running shell or powershell script?

Can you help me set up our heavy forwarder for the following event filtering necessities?

Why can't I blacklist Windows Security EventCode 5152 in inputs.conf?

How do you filter results after using the tostring "duration"?

Why is my regex in transforms.conf for source in props.conf not working for one of three Indexers?

How can I split my data to show the average based on column values?

How does the deployment client decide which ipv4 address (of possibly multiple) to present when phoning home?

File can't be indexed

How do I make my heavy forwarder, which is already configured, into a deployment server?

custom fields are not returned in search/jobs end point

Can you help me get multiple fields from a single field in JSON?

Why am I getting the following error from the LineBreakingProcessor: "Truncating line because limit of 10000 bytes has been exceeded?"

override source field to a common source using transform.conf and props.conf

How can I take multiple fields and time values and combine them into one?

How to send few values from jenkins pipeline to splunk and report it

Why is my bash scripted input failing on Ubuntu while it's OK on other distros?

Can you help me create a search that would monitor activity to our login page from a single URL?

How to use the universal forwarder to parse log files with a key value pair format and forward to splunk cloud

Why is host override in inputs.conf not working when it's IP?

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

SQS-Based-S3 Input for Cloudtrail black list event...

Splunk OTEL Forwarder- Is there a values.yaml file...

How to highlight the data in the Map for regions E...

Dashboard Studio - Adding a drop down to filter re...

Splunk Cloud: HEC is not receiving data from cribl...