Getting Data In

Thread Info

Need help on TIME_FORMAT and TIME_PREFIX

I have a props.comf that is not working for TIME_FORMAT and TIME_PREFIX for the below log structure. Trying to break ...

by Explorer in

How can I override sourcetype and redirect to another index?

Hi Guys, I want to override sourcetype for all events before being indexed and redirect some of those events (those w...

by Explorer in

Why is my Remote File & Directory input not automatically inputting data?

I currently have a Remote File & Directory Data Input on the following log 'C:\Windows\System32\winevt\Logs\Microsoft...

by Engager in

How do you audit for who is disabling Data Input?

Recently, we found one data input for receiving syslog was stopped. We don't know if the service issue is auto sto...

by New Member in

How to have my JSON output data in separate rows and not a single one?

This is the output of my JSON data. I would want to see it in separate rows and not in a single row. When I do mvexpa...

by Path Finder in

The precise sourcetype setting when importing ESET logs

I currently use the ESET Remote Administrator. However, I can not divide log fields with sourcetype. Please tell me t...

by New Member in

Is it possible to generate the sourcetype based on the source?

We have hundreds of ldap servers ready to be splunked. We would like to generate the sourcetype based on the source. ...

by Ultra Champion in

Why is date not parsing correctly on my search head cluster?

I have 2 splunk environments a DEV and PROD. I am send events from same syslog source. I have this date parsing: T...

by Path Finder in

Proofpoint TAP modular input in the distributed environment.

How to install Proofpoint TAP modular input in the distributed environment. how to configure the inputs.conf files

by Explorer in

Can you make .conf changes with the rest API?

Has anyone used the rest API to successfully edit a conf file? I understand there are 3 methods GET, POST, DELETE...

by Builder in

how to host splunk distributed instance on microsoft Azure?

We are in the phase of deploying splunk on Microsoft azure. we would like to know what are the limitation if we deplo...

by New Member in

What have people's experiences been setting up Splunk in Azure?

Hi guys, just a general question asking about what people's experiences have been when setting up a clustered spl...

by Communicator in

How come when I send Syslog info via UDP to local universal forwarder, the host is always 127.0.0.1?

Hi all, I've just stumbled across this issue. I have a linux host running rsyslogd. When I forward my events to th...

by Explorer in

How to expand the values as separate events in my JSON data?

{ "results": [ { "statement_id": 0, "series": [ { ...

by Path Finder in

Upgrade to 7.1.2 from 6.5.1 - Universal Forwarder Upgrade

Hello Team, We are planning to upgrade Splunk Enterprise v6.5.1 to v7.1.2. I understand that we need to upgrade or...

by Contributor in

How do I line break after a particular word?

Hello Below is a sample one sample event which starts with ####### and ends with * All done!. How do I break the even...

by Builder in

Duplicate values but one key

Hi, I am running into an issue where I have keys and values which will show up once; upon expansion however it sho...

by Path Finder in

Need help on LINE_BREAKER,TIME_FORMAT and TIME_PREFIX

I have built a props.conf but when I upload the log file manually it works fine but when the app writes the log the l...

by Explorer in

Splunk DB Connect 3.1.1 - Why database input for MS SQL server query does not capture any data to the index?

i have setup a database input to connect to MS SQL server in Splunk DB connect 3.1.1. My database connection is worki...

by Loves-to-Learn Lots in

Can you collect data From DirecTV Receiver/Bridge with Splunk?

Hello Splunkers! I'm getting into the nitty-gritty of Splunk and trying to apply my own data. I came up with the i...

by Path Finder in

How to find what is causing us to go over our daily license quota with so few events indexed?

We recently obtained a Splunk Enterprise license with a 6GB/day limit. We installed approximately 20 Windows Forwa...

by Engager in

How do I Email results from Python script to users through REST API?

Hello Experts, I have created a machine learning model and am fetching data from Splunk to generate real-time pred...

by Engager in

customizing the indexes.conf to keep no cold data

Our requirement is that there is no cold data. Once the data comes in it will be keep warm for 90 days and then it wi...

by Communicator in

splunk detects _time right, but displays it wrong

Hi, I have an issue with the _time field in Splunk. An event like this gets into Splunk. While the date_hou...

by Motivator in

Do I have a possible KV extraction issue on the universal forwarder?

I have some json events that are fairly long (10K-20K characters). Most events come through fine, except for the fact...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

Need help on TIME_FORMAT and TIME_PREFIX

How can I override sourcetype and redirect to another index?

Why is my Remote File & Directory input not automatically inputting data?

How do you audit for who is disabling Data Input?

How to have my JSON output data in separate rows and not a single one?

The precise sourcetype setting when importing ESET logs

Is it possible to generate the sourcetype based on the source?

Why is date not parsing correctly on my search head cluster?

Proofpoint TAP modular input in the distributed environment.

Can you make .conf changes with the rest API?

how to host splunk distributed instance on microsoft Azure?

What have people's experiences been setting up Splunk in Azure?

How come when I send Syslog info via UDP to local universal forwarder, the host is always 127.0.0.1?

How to expand the values as separate events in my JSON data?

Upgrade to 7.1.2 from 6.5.1 - Universal Forwarder Upgrade

How do I line break after a particular word?

Duplicate values but one key

Need help on LINE_BREAKER,TIME_FORMAT and TIME_PREFIX

Splunk DB Connect 3.1.1 - Why database input for MS SQL server query does not capture any data to the index?

Can you collect data From DirecTV Receiver/Bridge with Splunk?

How to find what is causing us to go over our daily license quota with so few events indexed?

How do I Email results from Python script to users through REST API?

customizing the indexes.conf to keep no cold data

splunk detects _time right, but displays it wrong

Do I have a possible KV extraction issue on the universal forwarder?

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

update to Splunk Add-on for Infoblox?

CSAM Reports - 500 ERROR