Getting Data In

Community Activity

How do you collect log within 1 hour from file log rotate? Dear all, I have file log access /var/log/secure . Use log rotate ( setting daily) I need collect log login fail 3 t... by hiepdv4 New Member in Getting Data In 08-31-2018 0 1	0	1
Why is my UDP-input data appearing duplicated in the index? I've carried out two searches to find out splunk is indexing duplicate search results which are from the same host, s... by kavraja Path Finder in Getting Data In 08-31-2018 0 5	0	5
Using SPATH notation in conf files Hi guys, I need to uto extract fields and values during search time using SPATH notation in props.conf and transforms... by danielwysockiar Explorer in Getting Data In 08-31-2018 0 3	0	3
Why is Splunk not indexing in milli seconds? Hi All, I configured an input in which the timestamp field is in format 20180830112930314 (%Y%m%d%H%M%S%3N). The sam... by siva_cg Path Finder in Getting Data In 08-31-2018 0 8	0	8
This XML file does not appear to have any style information associated with it. The document tree is shown below. This XML file does not appear to have any style information associated with it. The document tree is shown below. ... by RAVIKR New Member in Getting Data In 08-31-2018 0 0	0	0
HEC: Share a basic hello world script with Ruby to send to HEC? All, I need to send some data from a Ruby script to HEC collectors. Anyone have a basic hello world script they can... by daniel333 Builder in Getting Data In 08-30-2018 0 2	0	2
Not receiving readable logs from Brocade Switches We have added brocade switches to heavy forwarder via tcp:6514. We are able to receive the logs , but not in a readab... by nairv Explorer in Getting Data In 08-30-2018 0 3	0	3
How to use blacklist in inputs.conf? Hi, How do you edit inputs.conf to blacklist some hosts from indexing and index those hosts to different index? lis... by knalla Path Finder in Getting Data In 08-30-2018 0 5	0	5
SNMP -- Correcting date/time output and rogue ap mac address Hello, I just configured an SNMP-Trap on an RHEL box to send to Splunk. Getting the following output: Agent Hostna... by jahicks New Member in Getting Data In 08-30-2018 0 0	0	0
Need help on TIME_FORMAT and TIME_PREFIX I have a props.comf that is not working for TIME_FORMAT and TIME_PREFIX for the below log structure. Trying to break ... by sathiyasun Explorer in Getting Data In 08-30-2018 0 5	0	5
How can I override sourcetype and redirect to another index? Hi Guys, I want to override sourcetype for all events before being indexed and redirect some of those events (those w... by danielwysockiar Explorer in Getting Data In 08-30-2018 2 2	2	2
Why is my Remote File & Directory input not automatically inputting data? I currently have a Remote File & Directory Data Input on the following log 'C:\Windows\System32\winevt\Logs\Microsoft... by Callumfranks Engager in Getting Data In 08-30-2018 0 2	0	2
How do you audit for who is disabling Data Input? Recently, we found one data input for receiving syslog was stopped. We don't know if the service issue is auto stop ... by kennethyeung New Member in Getting Data In 08-29-2018 0 0	0	0
How to have my JSON output data in separate rows and not a single one? This is the output of my JSON data. I would want to see it in separate rows and not in a single row. When I do mvexpa... by Nadhiyaa Path Finder in Getting Data In 08-29-2018 0 4	0	4
The precise sourcetype setting when importing ESET logs I currently use the ESET Remote Administrator. However, I can not divide log fields with sourcetype. Please tell me t... by dum0785 New Member in Getting Data In 08-29-2018 0 4	0	4
Is it possible to generate the sourcetype based on the source? We have hundreds of ldap servers ready to be splunked. We would like to generate the sourcetype based on the source. ... by ddrillic Ultra Champion in Getting Data In 08-29-2018 1 7	1	7
Why is date not parsing correctly on my search head cluster? I have 2 splunk environments a DEV and PROD. I am send events from same syslog source. I have this date parsing: TIM... by pfabrizi Path Finder in Getting Data In 08-29-2018 0 4	0	4
Proofpoint TAP modular input in the distributed environment. How to install Proofpoint TAP modular input in the distributed environment. how to configure the inputs.conf files by Nadhiya_Dubai Explorer in Getting Data In 08-29-2018 1 1	1	1
Can you make .conf changes with the rest API? Has anyone used the rest API to successfully edit a conf file? I understand there are 3 methods GET, POST, DELETE.... by Log_wrangler Builder in Getting Data In 08-29-2018 0 2	0	2
how to host splunk distributed instance on microsoft Azure? We are in the phase of deploying splunk on Microsoft azure. we would like to know what are the limitation if we deplo... by gaikarmayur New Member in Getting Data In 08-29-2018 0 2	0	2
What have people's experiences been setting up Splunk in Azure? Hi guys, just a general question asking about what people's experiences have been when setting up a clustered splun... by Robbie1194 Communicator in Getting Data In 08-29-2018 0 2	0	2
How come when I send Syslog info via UDP to local universal forwarder, the host is always 127.0.0.1? Hi all, I've just stumbled across this issue. I have a linux host running rsyslogd. When I forward my events to the ... by dkrey Explorer in Getting Data In 08-29-2018 1 4	1	4
How to expand the values as separate events in my JSON data? { "results": [ { "statement_id": 0, "series": [ { ... by Nadhiyaa Path Finder in Getting Data In 08-29-2018 0 4	0	4
Upgrade to 7.1.2 from 6.5.1 - Universal Forwarder Upgrade Hello Team, We are planning to upgrade Splunk Enterprise v6.5.1 to v7.1.2. I understand that we need to upgrade or m... by hemendralodhi Contributor in Getting Data In 08-29-2018 0 1	0	1
How do I line break after a particular word? Hello Below is a sample one sample event which starts with ####### and ends with * All done!. How do I break the eve... by vrmandadi Builder in Getting Data In 08-28-2018 0 4	0	4