Getting Data In

Community Activity

Can I change the default management port 8089 on Splunk Universal Forwarder and still push updates from the Deployment Server? I am running into a conflict with vCenter and using port 8089. I have the universal forwarder installed and I am depl... by chrishatfield21 Path Finder in Getting Data In 09-17-2018 1 6	1	6
Why is the UF version on forwarder different than what the indexer is seeing? I recently upgraded all of my Universal Forwarders (UF) to 7.0.3 from various version levels (some 6.3.3, some were 7... by MrMcGeough Explorer in Getting Data In 09-17-2018 0 11	0	11
Discard event after 10 lines Hi, I have many events of 500 lines. Only first 10 lines are important. How to truncate or discard or ignore the rema... by anantdeshpande Path Finder in Getting Data In 09-17-2018 0 2	0	2
Is there a way to retrieve a saved search that was accidentally deleted? Is there a way to get back a saved search which is accidentally deleted? I cannot seem to find any "recycle bin" for ... by Urias Engager in Getting Data In 09-17-2018 0 4	0	4
Event breaking during index time own sourcetype Hi all, This linebreak/eventbreak problem drives me crazy. I searched all day to find a solution but nothing has he... by tfechner Path Finder in Getting Data In 09-17-2018 0 9	0	9
Is there a TA for Cisco IOS via SNMP? Hi everybody! My FW server is collecting cisco IOS data via SNMP. Is there an TA for this type of data? For extracti... by jbrocks Communicator in Getting Data In 09-16-2018 1 1	1	1
When adding "no_appending_timestamp = true" , how come logs stop coming in? Hi all, I have a UDP port 1514 which I forward syslog data to (It is a homelab, I am aware a syslog server with forw... by Alexing New Member in Getting Data In 09-15-2018 0 0	0	0
Why are wildcards not working when configuring the source path in inputs.conf? I am facing issues with using wildcards in my input.conf file. I am monitoring the same directory where 2 different ... by danillopavan Communicator in Getting Data In 09-15-2018 0 3	0	3
Question about sending data between SSL Forwarder to Forwarder We will be deploying forwarders outside of our network and using SSL. These forwarders will be forwarding the raw dat... by brdr Contributor in Getting Data In 09-15-2018 0 1	0	1
After updating my indexer to 2TB, which index volume should I increase? i have upgraded my indexer to 2TB from 450GB to increase my data retention. Below is my current indexer volume con... by Venkat_16 Contributor in Getting Data In 09-14-2018 0 1	0	1
How do I find unique errors from cronjobs sent to syslog? I am trying to find all unique messages sent to syslog from specific machines Splunk 6.6.8 Using the following bash ... by cwheeler33 Explorer in Getting Data In 09-14-2018 0 1	0	1
Is there a limit to the number of TCP listeners we can configure on a Heavy Forwarder (HF)? Hi , We have configured a couple of Bluecoats on TCP custom ports on a HF. i see the data flowing in but the Bluecoa... by shivarpith Path Finder in Getting Data In 09-14-2018 0 2	0	2
What is the difference between the dbinspect command and "_bkt"? Hello guys, Could you let me know the difference in terms of buckets between : \| dbinspect search and search \| ... by splunkreal Motivator in Getting Data In 09-14-2018 0 5	0	5
What is a good way to Splunk log lines like the following with JSON? Lets say I have a log line that contains of a JSON field with this content: { "breakdown": { "a": [ ... by dtakacssplunk Explorer in Getting Data In 09-14-2018 0 0	0	0
How do you sum all values of a field that has JSON data? I have some JSON data , in that i want to sum all values of a key in a Splunk query. Below is the sample data : data... by gauravepi Path Finder in Getting Data In 09-14-2018 0 11	0	11
How can we avoid the line truncating warning? On the forwarder's splunkd.log, we keep getting the following warning - 09-29-2017 02:11:46.400 -0500 WARN LineBre... by ddrillic Ultra Champion in Getting Data In 09-14-2018 0 3	0	3
Can you help me send data to cloud as well on-premise servers? We have a requirement to send data from our HF server to Splunk cloud indexers as well as on-premise indexer. So, Wi... by Splunk_citizen Explorer in Getting Data In 09-14-2018 0 0	0	0
can we use rsyslog instead of syslog-ng for palo alto app in splunk? hi Can we use rsyslog instead of syslog-ng for palo alto app in splunk .when i read the palo alto guideliness for sp... by sairamvarma New Member in Getting Data In 09-14-2018 0 5	0	5
How do I find and remove strings in logs from the Forwarder? Hello, I'm trying to send some antivirus logs from the forwarder into Splunk. The logs I'm sending have a tendency ... by brandonmcgrath1 New Member in Getting Data In 09-14-2018 0 1	0	1
How to extract the one time header on top of the real header. Hi, I'm new to splunk and would like some help with tackling my task at hand, - NO INDEX DATE STIME ETIM... by srhzab Engager in Getting Data In 09-13-2018 0 2	0	2
How can I watch a CSV file? All, I have a CSV being laid to a file system by a database. A basic monitor stanza brought the file in perfect w... by daniel333 Builder in Getting Data In 09-13-2018 0 1	0	1
app.conf does not honor environment variables i'd like to embed an env variable in my app label, so i add this to my app.conf: [ui] label = My App $SPLUNK_HOME H... by tony_luu Path Finder in Getting Data In 09-13-2018 1 3	1	3
Why is my forwarder not forwarding data other than _internal? I have forwarder not forwarding any input data other than _internal. Checks performed: splunk version - 6.4.2 Forwa... by sathiyasun Explorer in Getting Data In 09-13-2018 0 2	0	2
Is it possible to edit a sourcetype after its creation? Hello Splunkers, Is it possible to edit a sourcetype after its creation? Thank you in advance! Afroditi by atemourt Engager in Getting Data In 09-13-2018 0 5	0	5
Why do I see duplicate fields in sourcetype configuration? Hello Splunkers, I am trying to configure a sourcetype in Advanced section. For example, I create a field alias by c... by atemourt Engager in Getting Data In 09-13-2018 0 2	0	2