Getting Data In

Community Activity

How to parse and extract JSON log files in Splunk? I need to parse Tableau 8.2 JSON log files. Sample two rows of the log files is as below: {"ts":"2014-07-30T07:14:06... by nsawant Engager in Getting Data In 11-14-2018 1 17	1	17
Why am I unable to parse logs that are bigger than 10 KB in size? Hi All , We are using Splunk 6.6.6 version. Whenever we run a query with the log size of each event more than 10 KB ... by PCIIT New Member in Getting Data In 11-14-2018 0 10	0	10
Universal forwarder Windows installation (x86 and x64) fails when being pushed by GPO; missing next button? Testing this out on two separate machines in our environment as we need to get Splunk up and running on all server by... by evilsaint New Member in Getting Data In 11-14-2018 0 2	0	2
Parsing NetIQ DRA data from Windows Application Event Log I have some entries in WinEventLog://Application coming from NetIQ DRA. I couldn't find any add-ons for DRA on Splun... by PebbleHG Engager in Getting Data In 11-14-2018 0 0	0	0
How do you get the latest time entry from a datetime field value? I have one field value as a datetime field, and I want the data of only the latest time. How can I write this query? ... by darshana2511 New Member in Getting Data In 11-14-2018 0 2	0	2
Single Instance Splunk - How is CPU allocation prioritised between searches and indexing? Quick question as I am struggling to find answers in the Splunk documentation. How does Splunk prioritise CPU alloca... by luke222010 Engager in Getting Data In 11-14-2018 0 0	0	0
JdbcUrl for firebird parsed wrong? Hi, It seems that I can connect to a firebird database, but run into issue JDBC-446 http://tracker.firebirdsql.org/b... by graether Path Finder in Getting Data In 11-14-2018 0 4	0	4
Issue setting up Microsoft OMS Modular Inputs TA I'm trying to setup the TA, and have filled out all of the required fields (information taken from an azure subscript... by travis_lelle Explorer in Getting Data In 11-14-2018 1 13	1	13
Why is Splunk not respecting the TIME_FORMAT in props.conf? I have a log message which starts with a time stamp. Splunk is automatically extracting this and indexing the message... by gsmi New Member in Getting Data In 11-14-2018 0 2	0	2
Help with props.conf all, I was able to get the results I wanted in my search but I need to convert this into a props.conf config file. ... by daniel333 Builder in Getting Data In 11-14-2018 0 1	0	1
Is it really required to stop indexer services while adding another indexer? I have one machine which is acting as an indexer as well as a search head. So, i want to add another indexer. So what... by ramesh12345 Explorer in Getting Data In 11-14-2018 0 4	0	4
Why can't Splunk index some files in a directory? Hi I am trying to index a file from different subdirectory but Splunk is not indexing some of those files for some w... by edrivera3 Builder in Getting Data In 11-13-2018 0 13	0	13
Splunkcloud - Specify a different sourcetype for Generic S3 input ? Hello, We have iis log being stored in a S3 bucket in CSV format. My understanding is sourcetype for CSV will help p... by robot2051 New Member in Getting Data In 11-13-2018 0 1	0	1
How do you configure the inputs.conf with file size? Hi all, Is there any way that we can write an inputs.conf stanza with file size. I wanted to archive the files which... by vinaykata Path Finder in Getting Data In 11-13-2018 0 6	0	6
REST API twitter returns messages 420: Enhance your calm Hi all, We have RET API for a long time in our Splunk enviroment, but since last month of May, we are experiencing s... by daxacom New Member in Getting Data In 11-13-2018 0 3	0	3
Create new dimensions from collectd Hello I am trying to get metrics data into Splunk using collectd and metrics seems to be coming in fine. Want to add... by theouhuios Motivator in Getting Data In 11-13-2018 1 2	1	2
API call to return graph (visualization) Can someone help and point me to some documentation on how to use the REST API to run a search and stream graph (visu... by iamgame New Member in Getting Data In 11-13-2018 0 4	0	4
Powershell modular input, Get-Process, some processes do not forward to splunk, possibly large values I'm monitoring a number of processes on a dozen or so Windows hosts. I've not written a script, the input is simply... by cmorrall Engager in Getting Data In 11-13-2018 0 0	0	0
Extract a non-strp timstamp across multiple pipe delimiters Hi everyone, Given an event like the following, is there a way to get this to successfully parse as _time at index t... by jadamsplunk Path Finder in Getting Data In 11-13-2018 0 2	0	2
Split json array of objects into multiple events We have data structured in the following format: [ { "container_id": "1", "executor_id": "1", "framewo... by sboogaar Path Finder in Getting Data In 11-13-2018 0 3	0	3
Why isn't the receiver receiving files from universal forwarder? I have 2 Linux machines. I installed the universal forwarder on one of them and configured the inputs.conf and outp... by dinaabdelhakam Path Finder in Getting Data In 11-12-2018 0 6	0	6
Drilldown on text input i put in some data in a text input and press enter, can i link it to another dashboard upon pressing enter key ? basi... by jiaqya Builder in Getting Data In 11-12-2018 0 2	0	2
Can i use outputs.conf to send some data to one splunk environment and other data to another splunk environment? I work for a managed service provider. We use Splunk to monitor servers for our clients. One of our clients has built... by smcdonald20 Path Finder in Getting Data In 11-12-2018 0 2	0	2
In order customize my Docker image, how should I download and install Splunk Forwarder on *nix systems? I am trying to customize my Docker image (a Cassandra image) so it also has Splunk Forwarder with Cassandra add-on. C... by jigarashah New Member in Getting Data In 11-12-2018 0 6	0	6
How come [replicationBlacklist] is not working? We have a list of large lookup files that are not supposed to be included in the search bundles. Their configurations... by sylim_splunk Splunk Employee in Getting Data In 11-12-2018 1 1	1	1