Getting Data In

Community Activity

How do you monitor a folder in Splunk for a specific index or source type? Hello, I'm new to Splunk. I'm using the Search and Reporting app only. I want to upload data using monitor, however... by maryamchar Explorer in Getting Data In 10-23-2018 0 5	0	5
Seeing all the forwarded data on indexer but universal forwarder is saying "configured but inactive" Hi splunkers , I have forwarded the data using universal forwarder to heavy forwarder and then to indexer , where i ... by kannu Communicator in Getting Data In 10-23-2018 0 9	0	9
Why does enable Splunk Forwarder on boot FreeBSD display ""Can't access "/etc/rc.conf": No such file or directory" error? Running a vm firewall which is running on FreeBSD. I installed the Splunk universal forwarder, and it can run just fi... by Willman42 Explorer in Getting Data In 10-22-2018 0 8	0	8
How do I go about filtering data with transform.conf? I am using universal forwarders installed on my domain controllers, and I am successfully filtering specific events (... by ksbuchanan Explorer in Getting Data In 10-22-2018 0 2	0	2
Microsoft Azure Active Directory Reporting Add-on for Splunk not retrieving all events. We have an issue with the Microsoft Azure Active Directory Reporting Add-on for Splunk where it's not retrieving all ... by GRMcCauley Explorer in Getting Data In 10-22-2018 0 0	0	0
SPLUNK_HOME in Docker image I have installed Splunk docker image in my imac and I am trying to locate indexes.conf file and I need help with loca... by vijayagowri Engager in Getting Data In 10-22-2018 1 0	1	0
dnslookup: How to change host (indextime) using dnslookup? We have few devices, which emit events as IP address. So based on a sourcetype, can we change the host (hostname) of... by koshyk Super Champion in Getting Data In 10-22-2018 0 2	0	2
Why is linebreaking not working for Microsoft DHCP failover auto config sync? Swinging back around to an issue that has me a bit confused. Microsoft DHCP Failover Auto Config Sync generates logs ... by joeburris New Member in Getting Data In 10-22-2018 0 1	0	1
How do I use the difference between multiple field values to create a new field in Splunk? I have an example lookup file below: Week Site_Visits Week1Oct 500 Week2Oct ... by russell120 Communicator in Getting Data In 10-22-2018 0 6	0	6
How to populate a new field with the differences of multiple CSVs against a single CSV? The SPL below returns a count from one field in multiple CSVs. At the end, a delta is calculated, comparing each coun... by russell120 Communicator in Getting Data In 10-22-2018 0 2	0	2
How do you Index a JSON file that was exported from another Splunk instance? Greetings all, I have several JSON files that were exported from a Splunk instance (using the front end GUI I belie... by fzuazo Path Finder in Getting Data In 10-22-2018 0 0	0	0
How do you build a chart from two date fields? On my current data I have two date fields: CommencementDate and CompletitionDate. I would like to build a chart where... by gcescatto New Member in Getting Data In 10-22-2018 0 2	0	2
Why is DNS lookup failing during indexing for 2 hosts? I just moved my Splunk indexer from one server to another. A few bumps in the road, but everything seems to be workin... by bdf0506 Path Finder in Getting Data In 10-22-2018 0 0	0	0
How do I split JSON array, twitter hashtags? i'm having a brain fart at the moment and trying to figure out how to get JUST the hashtags from all the posts. I kno... by moorvogi Path Finder in Getting Data In 10-22-2018 0 3	0	3
In inputs.conf whitelist, how do I create a regex expression for whitelisting files which contain a certain string? I need to whitelist files that contain a string in any case and in any place in the filename. And, they can either b... by coreyf311 Path Finder in Getting Data In 10-22-2018 0 3	0	3
time latency (Indextime and timestamp)? Hello, I'm trying to measure the time that data got ingested and the time it showed up on my search. I read that i ... by maryamchar Explorer in Getting Data In 10-22-2018 0 11	0	11
Can you suggest a format for a source type event break that doesn't truncate the following JSON logs? I have a JSON log that is getting truncated because of the event break pattern in the source type. I cloned the sourc... by pdantuuri0411 Explorer in Getting Data In 10-22-2018 0 7	0	7
Splunk 7.0.0: How to get metrics in from collectd Hi, How to add a tag(region) to a collectd based metric from a host? For example if we have 2 regions (us-east,us-... by sureshr7 Explorer in Getting Data In 10-22-2018 3 7	3	7
When building a modular input, how to index JSON data? Hi, I am building a modular input using Add-on Building and python. When I am trying to index JSON data I get this e... by apezuela Explorer in Getting Data In 10-22-2018 0 3	0	3
How do I test connectivity over a specific port in Windows? My forwarder is unable to establish a connection over port 9997 to my indexer. I am running Windows, and I do not ha... by jpondrom_splunk Splunk Employee in Getting Data In 10-22-2018 3 3	3	3
Splunk stopped indexing local log after SSL setup Hi Guys, I run standalone Splunk Version: 7.2.0 deployment for a college project on Ubuntu 14.04 (amd64). I have sin... by mthq Engager in Getting Data In 10-21-2018 1 1	1	1
Why has Splunk stopped indexing all log files? I've recently started using Splunk and it was working fine but at some point seems to have stopped indexing any logs.... by cboard Explorer in Getting Data In 10-21-2018 0 4	0	4
Extract Json and Build a plot I am looking to extract values from the Json to build out data to see what was the quote number that threw error. I a... by jitin_ratra New Member in Getting Data In 10-21-2018 0 1	0	1
How can I query and find records which have an empty array? My JSON looks like this, { "id":"studentNumber", "courses" : [ { "course" : "Analysis of Alg" }, { "course": "game d... by dreddy123 New Member in Getting Data In 10-21-2018 0 4	0	4
How to apply an arbitrary offset to the timestamp at index time? I have an input that writes timestamps as the number of milliseconds passed since January 1st 1601 that sadly cannot ... by martin_mueller SplunkTrust in Getting Data In 10-20-2018 2 5	2	5

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Getting Data In

How do you monitor a folder in Splunk for a specific index or source type?

Seeing all the forwarded data on indexer but universal forwarder is saying "configured but inactive"

Why does enable Splunk Forwarder on boot FreeBSD display ""Can't access "/etc/rc.conf": No such file or directory" error?

How do I go about filtering data with transform.conf?

Microsoft Azure Active Directory Reporting Add-on for Splunk not retrieving all events.

SPLUNK_HOME in Docker image

dnslookup: How to change host (indextime) using dnslookup?

Why is linebreaking not working for Microsoft DHCP failover auto config sync?

How do I use the difference between multiple field values to create a new field in Splunk?

How to populate a new field with the differences of multiple CSVs against a single CSV?

How do you Index a JSON file that was exported from another Splunk instance?

How do you build a chart from two date fields?

Why is DNS lookup failing during indexing for 2 hosts?

How do I split JSON array, twitter hashtags?

In inputs.conf whitelist, how do I create a regex expression for whitelisting files which contain a certain string?

time latency (Indextime and timestamp)?

Can you suggest a format for a source type event break that doesn't truncate the following JSON logs?

Splunk 7.0.0: How to get metrics in from collectd

When building a modular input, how to index JSON data?

How do I test connectivity over a specific port in Windows?

Splunk stopped indexing local log after SSL setup

Why has Splunk stopped indexing all log files?

Extract Json and Build a plot

How can I query and find records which have an empty array?

How to apply an arbitrary offset to the timestamp at index time?

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation