Getting Data In

Discussions

Thread Info

How to troubleshoot why TIME_FORMAT is not being applied events at index time?

I've looked through many posts about TIME_FORMAT being ignored. None seemed to quite apply to me. This is a single in...

by Path Finder in

Why are events not routing to specific index based on host?

We have radius servers that need to be routed to a specific index. I have written the props.conf and transforms.conf ...

by Explorer in

How to forward an event of a certain source?

Hello everyone I work in a citrix service and I need to forward events for splunk enterprise My forwarder is on a ...

by New Member in

Are there any suggestions on a good data generator for inputting into a Splunk instance?

Splunk is the middleware on a Security Monitoring solution my firm just took over. Customer will not let us use live ...

by Explorer in

How to get all buckets with https://localhost:8089/services/cluster/master/buckets ?

I only get information about the first 31 buckets with the rest api: https://localhost:8089/services/cluster/master/b...

by New Member in

Missing of events and flooding of data in Heavy forwarder

i have 4 region of splunk server and the architecture is Uf(data from 20 location) ---> HF >>>>indexer .... search...

by Builder in

How do I get json_cols instead of json_rows in my reporting command?

Hey everyone, I'm currently writing a custom search command for some reporting and I'm struggling with the result ...

by New Member in

How to extract events from an input file ( xml format) that has no line breaks?

I have a log file that has contents similar to below. I would like the events separated based on the line break chara...

by Explorer in

How to get data from rackspace servers to AWS splunk

I want to pull or push data from rackspace servers, which already have forwarders and was pucshing data to splunk hos...

by New Member in

How can Splunk index a file without a file extension?

I have several servers with SQL logs that are in the format: sqlerror sqlerror.1 sqlerror.2 I have tried all ki...

by Communicator in

Is there a way to see how much data we are getting in from Active Directory, Exchange and Radius (size of the indexes/number of days the data goes back)?

Is there a way to see how much data we are getting in from Active Directory, Exchange and Radius (size of the indexes...

by Path Finder in

Is there a way to edit props or transforms to keep the UTC time but convert it to local CST time?

I have some logs rolling into splunk (via HF) in UTC time, and it is throwing off users' searching with CST (local ti...

by Builder in

Ignore data after CRLF

When running a search the _raw field returns results that typically end with the ] character. On a rare occasion the ...

by Explorer in

Splunk using rest api to fetch app name / id

Hello fellow Splunkers, I am using the following query to fetch the splunk app name in standalone search head - ...

by Path Finder in

Single log is getting split into two events.

I am not using props.conf. So I guess it is the default behavior. Below is the single log: 2018-07-19 13:30:40....

by New Member in

Why am i seeing indexing lag???

I have 11 indexing servers all with 16 cpu's RAID 10 configuration 1Gb full duplex no swap useage, and they all sit a...

by Path Finder in

Renaming fields from Perfmon CSV

Splunk v6.6.5 I have my Perfmon CSVs from my Domain Controllers imported into Splunk for a dashboard. When the CSV...

by New Member in

PowerShell Logging- Blacklist everything except Event Code 4104 & Level: Warning

We are attempting to ingest server powershell logging into Splunk. We found that ingest all the data was noisy and wa...

by New Member in

SPLUNK METRIC INDEXES props and transforms files

So i have written a script that outputs current switch ram and CPU usage and I wanted to include it to Splunk App to ...

by New Member in

Why am I getting heavy forwarder error "TcpInputConfig - SSL server certificate not found, or password is wrong..."?

I need to send data from a security appliance to a Splunk Heavy Forwarder on a listening port using TCP-TLS. Getting ...

by Explorer in

How can I add and parse the XML data into Splunk

I am getting an XML of below format <result> <attribute> <display_value/> <value/> </attribute> ...

by Path Finder in

Monitoring directory on a remote host

I am attempting to ingest data from a remote host (Linux) to my Search Head/Indexer host (Windows) via Splunk Web. I ...

by Explorer in

Splunk Log data Enrichment in notifications

I have logs loaded to splunk, I created few alerts to send the error email notifications till this it is working fine...

by New Member in

How to insert a dynamic dropdown using CSV as a lookup?

Hi, I want to insert a dynamic dropdown for the dashboard I have. Please find below the use case that I have which...

by Explorer in

Why are the JSON event lines missing?

the line format is : {"tim":"2018-07-12 15:23:16","pre":"ayisha.udam","fir":"Ayisha","las":"UDAM","pe1":false} ...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to troubleshoot why TIME_FORMAT is not being applied events at index time?

Why are events not routing to specific index based on host?

How to forward an event of a certain source?

Are there any suggestions on a good data generator for inputting into a Splunk instance?

How to get all buckets with https://localhost:8089/services/cluster/master/buckets ?

Missing of events and flooding of data in Heavy forwarder

How do I get json_cols instead of json_rows in my reporting command?

How to extract events from an input file ( xml format) that has no line breaks?

How to get data from rackspace servers to AWS splunk

How can Splunk index a file without a file extension?

Is there a way to see how much data we are getting in from Active Directory, Exchange and Radius (size of the indexes/number of days the data goes back)?

Is there a way to edit props or transforms to keep the UTC time but convert it to local CST time?

Ignore data after CRLF

Splunk using rest api to fetch app name / id

Single log is getting split into two events.

Why am i seeing indexing lag???

Renaming fields from Perfmon CSV

PowerShell Logging- Blacklist everything except Event Code 4104 & Level: Warning

SPLUNK METRIC INDEXES props and transforms files

Why am I getting heavy forwarder error "TcpInputConfig - SSL server certificate not found, or password is wrong..."?

How can I add and parse the XML data into Splunk

Monitoring directory on a remote host

Splunk Log data Enrichment in notifications

How to insert a dynamic dropdown using CSV as a lookup?

Why are the JSON event lines missing?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures