Getting Data In

Community Activity

How to import exported windows eventlog to eventviewer for indexing? I have exported evt files on Windows. I would like to index it by splunk. I know splunk on windows can index their ow... by Takajian Builder in Getting Data In 11-28-2018 2 5	2	5
Introspecting scheme=WinEventLog: killing process, because executing it took too long I met an error to start collecting WinEventLog when starting Universal Forwarder 6.6.2 on Windows Server 2008R2(x64)... by thy666 Engager in Getting Data In 11-27-2018 1 1	1	1
Universal Forwarder Fishbucket growing. Hi All, The UF (6.6.2) on our AIX server has an issue where the fishbuckets are growing in size 3gb + even after set... by NHLaurent Explorer in Getting Data In 11-27-2018 1 2	1	2
Can you help me with my Line Breaker and event time setting issue? Hello, I have the source type SID_transports for the ingestion of the SAP ABAP transport logs. They are in the follo... by damucka Builder in Getting Data In 11-27-2018 0 3	0	3
Why are the events being cut off at 257 lines in xml data? Hi, I have xml data that can have up to 500+ lines but Splunk is truncating at 257 lines. I've been trying combinat... by mwcooley Explorer in Getting Data In 11-27-2018 0 11	0	11
Ingestion: Dividing 3 sections of data in TSV. Good day Splunkers! We have this case that in one TSV are 3 types or categories of data. The first and third sectio... by rajyah Communicator in Getting Data In 11-27-2018 0 9	0	9
help with time_prefix Hi, I'm using data preview to test some new feeds, and while the event breaking is fine, I'm getting a warning messa... by a212830 Champion in Getting Data In 11-27-2018 1 3	1	3
Why does Splunk automatically resets/removes selected filters? Hi all, I am having a minor problem which can be a bit annoying if it happens often. We run a few dashboards combine... by mpasplunk New Member in Getting Data In 11-27-2018 0 1	0	1
savedsearch not returing more than 10000 results I have changed action.email.maxresults for one of my savedsearch from 10000 to 100000 but that is not working and I d... by nilbak1 Communicator in Getting Data In 11-26-2018 0 9	0	9
Splunk Stream - DNS Logs All, I have enabled Splunk Stream on a single domain controller as a test to monitor the DNS traffic. It's largely ... by daniel333 Builder in Getting Data In 11-26-2018 0 0	0	0
How do you add a timestamp onto a log that has a second counter in the log? Hi, I have a log that has a second counter inside it, 1 2...11... 3601...etc . So data i have 1 Data XXYXX 2 Data X... by robertlynch2020 Influencer in Getting Data In 11-26-2018 0 4	0	4
How should I go about using one forwarder for all servers? Hi Splunk community, I want to have a single forwarder for every on-premise domain controller in my network, instead... by thijsvl Engager in Getting Data In 11-26-2018 0 2	0	2
Why do my inline eval statements work with spath, but do not as calculated fields in props.conf? Why does this work: index=dns sourcetype=stream:dns \| eval host_addresses=spath(_raw,"host_addr{}") \| eval hostnames... by jwalthour Communicator in Getting Data In 11-26-2018 0 1	0	1
Can you help me with my Splunk Universal Forwarder starting problem? Hello. I am troubleshooting a universal forwarder installed on a Windows system. I noticed that the SplunkForwarder s... by johann2017 Explorer in Getting Data In 11-26-2018 0 5	0	5
Can you help me with the following AppInspect failure in props.conf? Hi, In my props.conf file I have a lot of EVAL functions. Some of them have the same name. For example: EVAL-src_na... by shayhibah Path Finder in Getting Data In 11-26-2018 0 1	0	1
SNMP Modular Input Custom MIB files Hi I am facing a problem trying to get custom MIB files to work. I have already placed converted the mib file to .py ... by thaddeuslim Explorer in Getting Data In 11-25-2018 1 4	1	4
Overwriting _time in datamodel causing mismatch between _time and time picker Hello, I am overwriting _time in datamodel because there is no proper timestamp in logs. when I am trying to access ... by AKG1_old1 Builder in Getting Data In 11-25-2018 0 0	0	0
How to find KVStore status in internal logs Hi all, I have got a task where I have to find the KVStore status through Splunk internal logs. I neither have acces... by santosh_hb Explorer in Getting Data In 11-24-2018 0 3	0	3
What is the knowledge bundle deafult behavour? [Question was asked but i was incorrect in my understanding of a knowledge bundle] Hi I have one search head and 2 search nodes(non clustered). I have an app installed on the search head, but i had ... by robertlynch2020 Influencer in Getting Data In 11-24-2018 0 5	0	5
Do we need to have universal forwarder installed in host server when we are going for scripted inputs? Hi All, A straight question 1) If I want to get the database related log into splunk indexer using scripted inputs ... by raj_mpl Path Finder in Getting Data In 11-22-2018 0 4	0	4
How to Get a reproducible local environment to work from Docker instance and stop working directly on our AWS Dev instance? What are the differences between a local dev Splunk Enterprise instance and a Dev/QA/Production instance, if someone ... by lucasfbeinjamin Path Finder in Getting Data In 11-22-2018 0 1	0	1
How do you display empty results when eval did not find a result? Hello, I have built the following query "search query" earliest="11/22/2018:18:55:00" latest="11/22/2018:18:59:9" ... by edwardryan New Member in Getting Data In 11-22-2018 0 1	0	1
How can I change the owner of a macro using GUI in a Search head cluster environment ? (I have created a macro and changed the permissions to appropriate users, now I want to change the owner to some othe... by vsskishore Explorer in Getting Data In 11-22-2018 0 1	0	1
How do I set choice value if I need fields where value is greater than zero? I tried below: <input type="radio" token="duration.input" searchWhenChanged="true"> <label>Call Duration</label> ... by almar_cabato New Member in Getting Data In 11-22-2018 0 2	0	2
Problem with display anonymised values in splunk with SEDCMD : Hello community, I am trying to anonymise Data in Splunk, For that purpose I am using SEDCMD in splunk , The transfo... by virtuosoo Explorer in Getting Data In 11-22-2018 0 3	0	3