Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Greendav

My logs are going into the wrong Index

It was reported to me that data from one of our devices is showing up in the wrong index. Is there an easy way to fi...
by Greendav Explorer in Getting Data In 10-15-2018
1 9
1
9
gesa_behrens

dropping events at index time works from one forwarder but not from the other

My scenario is: 1 Indexer (SPLUNK Enterprise 7.1.3) 1 Heavy Forwarder (SPLUNK Enterprise 7.1.2 1 Universal Forwarder ...
by gesa_behrens Path Finder in Getting Data In 10-15-2018
1 2
1
2
sowmyak

Is there a way to filter only a certain type of log from websphere to get logged to splunk?

I'm trying to add debug and error logs from websphere to splunk, but it consuming a lot of space. My aim is to reduce...
by sowmyak New Member in Getting Data In 10-15-2018
0 1
0
1
kasturea

How do you ingest events of a particular time period from a file in Splunk?

I have a log file of about 400 MB in size. I don't want to ingest it completely. I just want a few events from a part...
by kasturea Explorer in Getting Data In 10-15-2018
0 2
0
2
forca

SA-Modularinput-powershell (V3): scheduler fails scheduling with more than one stanza

Hi. We are running Splunk Enterprise version 7.2.0. On this version and also on 6.6, we find that when we have more t...
by forca New Member in Getting Data In 10-15-2018
0 2
0
2
utsav45

How to whitelist combination of fields using lookup table?

Hello Experts, We've got an alert which gets triggered if service is installed on the windows host. index=winevents...
by utsav45 Explorer in Getting Data In 10-15-2018
0 5
0
5
ddrillic

Why do my forwarders have inconsistent connectivity to the indexers?

We have this case for multiple servers where we see constant errors such as - 10-04-2018 13:25:55.480 -0500 INFO Tc...
by ddrillic Ultra Champion in Getting Data In 10-15-2018
0 5
0
5
vaizvainc

Can Splunk connect with Automation Anywhere tool?

Splunk is an Automated Process. Can Splunk be useful for Automation Anywhere tool ?
by vaizvainc New Member in Getting Data In 10-15-2018
0 3
0
3
riqbal

How do you get logs from Mcafee IPS into Splunk?

I have McAfee IPS. How do I integrate or Collect logs from Mcafee IPS and forward the logs to Splunk? Currently, I a...
by riqbal Communicator in Getting Data In 10-14-2018
0 1
0
1
daniel333

With a heavy forwarder, how do I redirect a data set to separate indexes with different indexes?

All, I have a data set that I need in indexclusterA as index=distil. HOW EVER I need that same data in indexcluster...
by daniel333 Builder in Getting Data In 10-13-2018
0 4
0
4
karthikannan

How do I troubleshoot "ERROR TailingProcessor - Ran out of data while looking for end of header"

Can anybody please tell me what I need to do for the error ERROR TailingProcessor - Ran out of data while looking f...
by karthikannan New Member in Getting Data In 10-12-2018
0 8
0
8
mrcnap

'WinHostMon://Service' without valid type

Hi, I am configuring the input.conf on my windows hosts to get the status of some services but I get an error for so...
by mrcnap New Member in Getting Data In 10-12-2018
0 0
0
0
Greendav

I am trying to create an alert specific to domain admins being added or removed from the Admin group

As the question stated I am trying to create an alert that lets me know when Domain admins were added or removed from...
by Greendav Explorer in Getting Data In 10-12-2018
0 0
0
0
maryamchar

How do I collect fake data automatically in Splunk?

hello, I'm new to Splunk and am using the Splunk Free license. I would like to find a way to collect data automati...
by maryamchar Explorer in Getting Data In 10-12-2018
0 5
0
5
tomokazu

モニターコンソールの取り込みについて

現在、以下の症状が発生しており対応に困っています。 このため、皆様のお力をお借りできたらと投稿致しました。 お手数となりますが、対応に伴う知見がありましたらご提示願います。 また、不足の情報がございました際は、その旨コメントをください...
by tomokazu New Member in Getting Data In 10-11-2018
0 2
0
2
yannK

Why copytruncate logrotate does not play well with splunk monitoring

I am using logrotate to rotate my files, with the option copytruncate. http://linuxcommand.org/man_pages/logrotate8.h...
by yannK Splunk Employee Splunk Employee in Getting Data In 10-11-2018
7 12
7
12
jaracan

How do we change indexes.conf's cold path in a clustered Splunk environment?

Hi Team, Here is our scenario: Our current directory in our coldPath parameter in master-apps/org_all_indexes/local...
by jaracan Communicator in Getting Data In 10-11-2018
0 2
0
2
sylim_splunk

Why am I getting the following Http Event Collector (HEC) errors?: {"text":"Invalid token","code":4}

I created 100s of HEC tokens and put them in an app, which has been pushed down to several Heavy Forwarders. Most of ...
by sylim_splunk Splunk Employee Splunk Employee in Getting Data In 10-11-2018
0 1
0
1
haoban

Can you help me with my search results visualization column chart issue?

The original data is json format Search Language is as follows: I successfully extracted the data and displayed as...
by haoban Path Finder in Getting Data In 10-11-2018
0 4
0
4
LordLeet

In a Splunk cluster on Cloud, what are some best practices when Increasing indexer disk space?

Hello, I'm running my Splunk cluster on cloud, and I'm running out of disk space. I'm planning on increasing the ava...
by LordLeet Path Finder in Getting Data In 10-11-2018
0 3
0
3
SapthagiriAavik

How to calculate total Business hours in between weekend days?

Example: if Friday by 02-FEB-2018 23:00 a ticket got recorded and resolved on monday 05-FEB-2018 20: 00. So I want to...
by SapthagiriAavik Explorer in Getting Data In 10-11-2018
1 3
1
3
andyrobinson

How to configure default values for parameters on Modular Inputs

I am using C# SDK 2.0 and Visual Studio 2013 Extension for creating Modular Inputs. I am trying to understand the be...
by andyrobinson New Member in Getting Data In 10-11-2018
0 3
0
3
matthieumarrast

How do I reload CSS and JS files despite the browser cache?

Hello, I source CSS and JS files in my view, as below: <form stylesheet="style.css" script="script.js"> But, each...
by matthieumarrast Explorer in Getting Data In 10-11-2018
0 3
0
3
ruchika11

I want to set data from my code base(java) for modular input and it should see on the page....Please help me on this.

I want to set value from for modular input from code. and read same data in code.
by ruchika11 New Member in Getting Data In 10-11-2018
0 0
0
0
FritzWittwer_ol

what is the cause of ERROR Regex - Failed in pcre_exec: Error PCRE_ERROR_MATCHLIMIT for regex

I get this error messages for rather simple regexep 10-11-2018 07:48:27.818 +0200 ERROR Regex - Failed in pcre_exec:...
by FritzWittwer_ol Contributor in Getting Data In 10-10-2018
1 0
1
0
Get Updates on the Splunk Community!

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Developer Spotlight with Mika Borner

From Hackathon Winner to Enterprise Leader    Mika Borner, CEO and Founder of Datapunctum AG, has been ...

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...
Top Solution Authors
View All