Getting Data In

Community Activity

How do I count how many times a value of one field appears in other fields in another CSV/lookup? Hi, consider the below CSV files: quickscan.csv ip mac 11.11.11.11 ab:cd:ef:gh 22.22.22.222... by russell120 Communicator in Getting Data In 11-06-2018 0 6	0	6
splitting data coming from Universal forwarder to external syslog We are forwarding data coming from our universal forwarders to an external Syslog server. Our current Dataflow Arch... by ssyed2009 New Member in Getting Data In 11-06-2018 0 0	0	0
Making a JSON string for SimData's Event Template I am trying to make events with SimData that use the json format. The problem comes when I need to make the "template... by colbym1 Engager in Getting Data In 11-06-2018 0 1	0	1
What's the best practice when enabling collectD with a large group of servers to an existing Http Event Collector? All, I have 4 reference servers behind a load balancer receiving less than 20gigs a day from an application source.... by daniel333 Builder in Getting Data In 11-06-2018 0 3	0	3
Can you answer my fundamental question about the date time picker? I have a fundamental question regarding dealing with multiple dates per log message. Below is a typical log that I've... by mumblingsages Path Finder in Getting Data In 11-06-2018 0 1	0	1
Heavy Forwarder stopped sending data Hello, Let's say we have Heavy Forwarder forwarding logs to groups A (Which consists of two IDX) and group B (One HF... by 3DGjos Communicator in Getting Data In 11-06-2018 1 5	1	5
Getting wrong timestamp in GC logs Hello, we have configured to pick time stamp from the logs itself but in some cases time stamp is not present. In th... by AKG1_old1 Builder in Getting Data In 11-06-2018 0 2	0	2
How do I put multiple indexers on the same machine, what ports do i need to change? Hi I have one machine with Splunk installed. So the search head and one indexer are set to default. I need to make 3... by robertlynch2020 Influencer in Getting Data In 11-06-2018 0 19	0	19
Exporting only dedup'd entries? Hi All, I've searched quite a lot but cant find a good method to get this workflow to work. I've got a python scrip... by Davvvem Engager in Getting Data In 11-06-2018 0 1	0	1
How to configure IP range in inputs.conf on heavy forwarder I have logs coming to a heavy forwarder being stored under directories based on IPs (i.e. " /var/log/remote/192.168.1... by nzarzyckivs Explorer in Getting Data In 11-06-2018 2 4	2	4
Add capacity to indexer cluster Hello guys, we have 3 'hardware' indexers in a clustered environment (RAID), all physical disk slots are full , repl... by splunkreal Influencer in Getting Data In 11-06-2018 0 4	0	4
Can you help me with my monitoring Windows servers query? I want to monitor Windows Servers — more specifically, application/security/system logs. Once I install the Universa... by juanlazarosanch New Member in Getting Data In 11-05-2018 0 0	0	0
Can you help me find a more detailed explanation on the Splunk modular input manager UI XML than exists in Splunk Documentation? Hi, Where is the documentation for customizing modular input manager UI? I understand there are some examples but ... by kundeng Path Finder in Getting Data In 11-05-2018 0 3	0	3
How do I parse JSON events from a custom generating command that queries an API? Hi, I have an external API that I want to be able to let my users explore with Splunk. This API returns a list of d... by yogevyuval Explorer in Getting Data In 11-05-2018 0 2	0	2
How can I event break a catalina.out log with two different time stamps ? Hello, my developers want to read a catalina.out log file. It contains events with two distinct time stamp formats.... by pretzel2 Path Finder in Getting Data In 11-05-2018 0 6	0	6
Which index and sourcetype to choose for the following KPI data? Hello, I have the KPI Data in the file and it is organized as follows (header line and the csv KPIs): host;port;tim... by damucka Builder in Getting Data In 11-05-2018 1 0	1	0
Why am I unable to collect basic syslog from APC UPS after creating a TCP input in Splunk Web with the sourcetype as 'syslog'? I am a new user to Splunk, and while I thought I had the basics down, I am getting stumped by this... Logged into ou... by nking4930 New Member in Getting Data In 11-05-2018 0 2	0	2
Can you help me build a query that shows time stamp for each user > session? This query gives me the time stamp once for each user, but not each time the user gets a session. index="*" sourcet... by bluemarvel Path Finder in Getting Data In 11-04-2018 0 3	0	3
Is it possible to do a sequential double override of index and sourcetype coming from 1 source? Previous related question: What adverse results can occur if using an override index and override sourcetype at the s... by Log_wrangler Builder in Getting Data In 11-02-2018 0 3	0	3
Is it possible to create a service account just to authenticate to Splunk API for conf editing? I am reading thru users, roles, and permissions documentation but not sure how to set this up. Ideally I want an acc... by Log_wrangler Builder in Getting Data In 11-02-2018 0 1	0	1
What adverse results can occur if using an override index and override sourcetype at the same time? Just wanted to poll the community as I am currently testing this. Fyi - a UF on a SYSLOG-NG is not possible at the m... by Log_wrangler Builder in Getting Data In 11-02-2018 0 4	0	4
Can you help me with the following health check error for 2 search heads?: "Error 00000080" I'm receiving the following error message for health check failures for 2 search heads: Error [00000080] Instance na... by wendtb Path Finder in Getting Data In 11-02-2018 0 1	0	1
Can you help me create a dashboard based on a number of Windows events? I'm trying to create a dashboard based on a number of Windows events and I have been banging my head up against this ... by gopenshaw Explorer in Getting Data In 11-02-2018 0 4	0	4
After setting up forwarders and trying to set a new data source in Splunk Cloud, why am I receiving the following error: "UDP port 514 is not available" Hi, i'm using Splunk Cloud edition. I've set up the forwarders in a new Windows 2012 R2 freshly installed. So, whe... by infosoftcomet New Member in Getting Data In 11-02-2018 0 5	0	5
Problem with Proofpoint Integration, anyone can help me? I am having a problem while testing Proofpoint connectivity with splunk, I am getting this ssl=falseon the metrics.lo... by titoluna07 Explorer in Getting Data In 11-02-2018 0 0	0	0

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

Getting Data In

How do I count how many times a value of one field appears in other fields in another CSV/lookup?

splitting data coming from Universal forwarder to external syslog

Making a JSON string for SimData's Event Template

What's the best practice when enabling collectD with a large group of servers to an existing Http Event Collector?

Can you answer my fundamental question about the date time picker?

Heavy Forwarder stopped sending data

Getting wrong timestamp in GC logs

How do I put multiple indexers on the same machine, what ports do i need to change?

Exporting only dedup'd entries?

How to configure IP range in inputs.conf on heavy forwarder

Add capacity to indexer cluster

Can you help me with my monitoring Windows servers query?

Can you help me find a more detailed explanation on the Splunk modular input manager UI XML than exists in Splunk Documentation?

How do I parse JSON events from a custom generating command that queries an API?

How can I event break a catalina.out log with two different time stamps ?

Which index and sourcetype to choose for the following KPI data?

Why am I unable to collect basic syslog from APC UPS after creating a TCP input in Splunk Web with the sourcetype as 'syslog'?

Can you help me build a query that shows time stamp for each user > session?

Is it possible to do a sequential double override of index and sourcetype coming from 1 source?

Is it possible to create a service account just to authenticate to Splunk API for conf editing?

What adverse results can occur if using an override index and override sourcetype at the same time?

Can you help me with the following health check error for 2 search heads?: "Error 00000080"

Can you help me create a dashboard based on a number of Windows events?

After setting up forwarders and trying to set a new data source in Splunk Cloud, why am I receiving the following error: "UDP port 514 is not available"

Problem with Proofpoint Integration, anyone can help me?

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation