Getting Data In

Ask a Question

Discussions

Thread Info

How to insert a dynamic dropdown using CSV as a lookup?

Hi, I want to insert a dynamic dropdown for the dashboard I have. Please find below the use case that I have which...

by Explorer in

Why are the JSON event lines missing?

the line format is : {"tim":"2018-07-12 15:23:16","pre":"ayisha.udam","fir":"Ayisha","las":"UDAM","pe1":false} ...

by Path Finder in

Transforms in props.conf?

Whats the difference between calling one transforms and two transforms in a props.conf file? 1 transform: TRANSFOR...

by Explorer in

Automatic Sourcetype Tagging on Syslog Server

Hi everyone, In my environment, we are collecting logs from several types of devices on a syslog server, then forw...

by Path Finder in

How to remove hh:mm:ss from a date/time field to be displayed in mm/dd/yyyy format?

So my original data looks like this: AUDIT_CREATED_TS 7/17/2018 1:15:30 AM 7/17/2018 1:10:30 AM 7/17/2018 1:05:41 AM ...

by New Member in

How to setup forwarder details in inputs.conf?

I have existing Universal Forwarder setup for our prod Splunk Enterprise instance. Now, I am trying to setup a dev Sp...

by Engager in

How to change permissions for a job through the REST API/Python SDK?

I am doing some automation in which I am running some searches through the API, and if any results are found, it emai...

by Path Finder in

what could be the possible error of not getting logs if inputs.conf ,outputs.conf are ok,file permission is also there,Splunkd is also running and no error found in internal logs?

Help regarding Troubleshooting log i.e if unable to find the reason of not getting my logs..

by New Member in

Debug timestamp issue for data coming from UDP port in Cloud Splunk.

I have an index whose data is being fetched from UDP port. Index is experiencing latency [lag in events] and we suspe...

by Explorer in

Incomplete field value

Hi, I am passing a log file . The field values for message field is incomplete. Also the Message field has many patte...

by New Member in

How to use mstats with post-processing

Hello, I'm facing a strong issue with using a mstats command, working in a post-processing components on a dynamic...

by New Member in

Can splunk read data from unix stream socket?

Is it possible to get data in splunk from unix stream socket? Not tcp\udp socket, but socket like this - https://en.w...

by Path Finder in

SEDCMD vs TRANSFORMS?

1) When to use SEDCMD? 2) When to use transforms and props for data masking? 3) Which is better?

by Explorer in

How can I propagate date+hour to each next event in the log?

Hi. I am a newborn splunk user. Logs come in the following format --Format-- @@dd/mm/yyyy_HH MMSS.msecond|Message... ...

by Engager in

How to get the xml data into splunk from the https url

i have the https url and how to pull the xml data using the url from Splunk. Below is the sample url https://1...

by Path Finder in

Is there a REST API call to rebuild the forwarder asset table?

Is there an API call that can rebuild the forwarder asset table as opposed to going into the Distributed Management C...

by New Member in

change host name in nmon_data

Hello I want to change host name in TA-nmon and I have set the value of override_sys_hostname in /dbdata1/splunkforwa...

by New Member in

How can I get member users groups from Microsoft Azure AD?

Hi Splunkers I am working with Azure AD and Splunk Cloud and I need to get information about member's group like w...

by Communicator in

Will Splunk run a modular input using system Python on a Universal Forwarder

If I have a modular input written in Python, will Splunk attempt to execute it on a Universal Forwarder if the host h...

by Champion in

How to check if indexer is writing cold to frozen?

I have an ec2 splunk instance writing frozen data to an s3 bucket (via s3fs). Where would I find in the splunk log...

by Builder in

Trouble extracting time in JSON

I have a JSON log file that I'm attempting to ingest (Splunk v6.6.5). The events parse correctly, but the epoch time ...

by Path Finder in

use transforms.conf or props.conf to convert multi line event to single event on forwarder level to send external to Splunk

I would like to convert an event similar to the one below to be a single event when sending it out to an external Sys...

by New Member in

Accepted time is suspiciously far away from the previous event's time

I'm ingesting logs that have both event timestamps as well as timestamps within the contents of the logs. My props.co...

by Path Finder in

How to fix splunk replication

Hi guys. In my splunk cluster i've distributed search indexers. On one of them I've this message. What can I fix t...

by Explorer in

How to figure out what an instance is considered if I am on the deployment server, client, search head, forwarder, or indexer?

Hi there, I'm fairly new to Splunk and I am still a bit confused as to how I can tell what an instance is considered....

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to insert a dynamic dropdown using CSV as a lookup?

Why are the JSON event lines missing?

Transforms in props.conf?

Automatic Sourcetype Tagging on Syslog Server

How to remove hh:mm:ss from a date/time field to be displayed in mm/dd/yyyy format?

How to setup forwarder details in inputs.conf?

How to change permissions for a job through the REST API/Python SDK?

what could be the possible error of not getting logs if inputs.conf ,outputs.conf are ok,file permission is also there,Splunkd is also running and no error found in internal logs?

Debug timestamp issue for data coming from UDP port in Cloud Splunk.

Incomplete field value

How to use mstats with post-processing

Can splunk read data from unix stream socket?

SEDCMD vs TRANSFORMS?

How can I propagate date+hour to each next event in the log?

How to get the xml data into splunk from the https url

Is there a REST API call to rebuild the forwarder asset table?

change host name in nmon_data

How can I get member users groups from Microsoft Azure AD?

Will Splunk run a modular input using system Python on a Universal Forwarder

How to check if indexer is writing cold to frozen?

Trouble extracting time in JSON

use transforms.conf or props.conf to convert multi line event to single event on forwarder level to send external to Splunk

Accepted time is suspiciously far away from the previous event's time

How to fix splunk replication

How to figure out what an instance is considered if I am on the deployment server, client, search head, forwarder, or indexer?

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures