Getting Data In

Discussions

Thread Info

Why is my inputs.conf monitor stanza with multiple wildcards not picking up anything?

Hi Team, I want to read below log files in 3 separate source types like deprovision , preprovision and provision but ...

by New Member in

How to prevent the indexing of message field in the windows eventlog sourcetype?

I've searched everywhere but all solutions seem workaround, can someone can suggest the best way to prevent the index...

by Path Finder in

question on data inputs for multiple csv files

i see that i can chose the single csv file type for a csv file and verify the columns are right and then insert into ...

by Builder in

Index masking issue on splunk enterprise for iis logs

Hi, We have authentication session id field from IIS logs needs to be masked on top priority due to high security st...

by Path Finder in

Why does Splunk overwrite the 'messages' field in scheduler.log events?

It seems that scheduler.log events are all prepared for parsing 04-09-2018 23:35:04.548 +0000 ERROR SavedSplunker...

by Contributor in

Is there any way to translate the URL into a connection request using the Splunk JAVA SDK?

I've seen that Splunk does not support REST API access when SAML is enabled. I've also seen that there is a way to lo...

by Path Finder in

How to bulk upload data using inputs.conf?

I'm trying to batch upload many files on my windows computer (some >150mb) using an inputs.conf file. I have the i...

by Explorer in

Multivalue field to multiple fields

Hi! How to split multivalue field, e.g. JSON array elements (value { "id": 4321, "value": [ 5, 6, 7, 8 ]...

by Path Finder in

What is the best practice to write monitor stanzas for onboard Network logs from multiple hosts on server?

We have to onboard logs from more than 1200 network hosts which reside on a single server. What is the best practice...

by Explorer in

Selective indexing and forwarding based on source

Use case: I have three indexers A, B and C. Indexer A is monitoring 10 sources. I would like to index 5 of these sour...

by Splunk Employee in

I have configured input.conf of splunk universal forwader but logs are receving with a delay of almost one hour.Unable to receive current logs

My inputs.conf are mentioned below. Make sure these get forwarded [monitor://C:\Windows\System32\winevt\Logs\Se...

by Explorer in

How to limit REST API searches in Splunk deployment?

I am looking into the feasibility of opening up REST api calls to our Splunk deployment. One of the concerns is if we...

by Path Finder in

field extract - extract everything between two values

I want to simply take an event and parse EVERYTHING between two strings and make it a field...the built in field extr...

by Explorer in

splunk $result.fieldname$ token w/ json data not working

Hi all, I have a scheduled search that runs against a json data sourcetype. Currently splunk extracts the fields ...

by Path Finder in

REST /services/data/indexes

When I run the following command to list the indexes on my indexers, I only see the top 30 per indexer: | rest /se...

by Path Finder in

display source which not getting any hits

i have different source and want to display source which not getting any hits I have the following query source...

by Motivator in

How to test a coldToFrozenScript?

I'm writing a script to archive frozen data to S3, and the archiving documentation seems pretty straightforward. Here...

by New Member in

How can I pull in resource data stats from remote machines into a single instance of Spunk Enterprise to view everything from one spot?

Hi, I am trying to use one instance of Splunk Enterprise (Web) as a central place to be able to pull in resource u...

by Engager in

Trouble Uploading Splunk Data

I am going through the Splunk Fundamentals 1 coursework and I am hung up on uploading data into the the system. I am ...

by New Member in

download the masking after indexing?

There is a requirement , where i am uploading the file and doing masking through the sourcetype using props.conf. ...

by New Member in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Getting Data In

Discussions

Why is my inputs.conf monitor stanza with multiple wildcards not picking up anything?

How to prevent the indexing of message field in the windows eventlog sourcetype?

question on data inputs for multiple csv files

Index masking issue on splunk enterprise for iis logs

Why does Splunk overwrite the 'messages' field in scheduler.log events?

Is there any way to translate the URL into a connection request using the Splunk JAVA SDK?

How to bulk upload data using inputs.conf?

Multivalue field to multiple fields

What is the best practice to write monitor stanzas for onboard Network logs from multiple hosts on server?

Selective indexing and forwarding based on source

I have configured input.conf of splunk universal forwader but logs are receving with a delay of almost one hour.Unable to receive current logs

How to limit REST API searches in Splunk deployment?

field extract - extract everything between two values

splunk $result.fieldname$ token w/ json data not working

REST /services/data/indexes

display source which not getting any hits

How to test a coldToFrozenScript?

How can I pull in resource data stats from remote machines into a single instance of Spunk Enterprise to view everything from one spot?

Trouble Uploading Splunk Data

download the masking after indexing?

Azure Authentication Logs - Authentication Method ...

How to add setup parameters to a new shell input i...

I developed an application to process Nessus data ...

Splunk Add-On for Google Cloud Platform Data Routi...

How to get on-prem MuleSoft data into Splunk?