Getting Data In

Discussions

Thread Info

How many sources are there and what are the sizes of each sources?

I am trying to write a code where I should be able to count how many 'Sources' are there and the size/linecount of ea...

by Contributor in

Unable to start Splunk universal forwarder on AIX Server - Module Error

On installing the universal forwarder using a service account with full permission (777) and also have tried multiple...

by Contributor in

How to configure props.conf TIME_FORMAT to recognize 2 variations of a timestamp?

I have a log that has time expressed like this 20151218111015. So that would be December 18th, 2015 11:10:15. However...

by Communicator in

how to make this into a transaction: group events under previous field until new field is present

My events all have a sequence (field), however, some events are "multiline". I want to group them together. Example: ...

by New Member in

Inputs defined sourcetype overwrite a specific source using props and transforms

Hi , all my /var/log file are are input configured to redirect to sourcetype=unixlogs and now i would like to redirec...

by Path Finder in

Indexed time and event logged time is mismatching

We are getting events from one of our application ,But the indexed time and event logged time is different ,Please le...

by Explorer in

How to parse the events

Type: VIP Status | Target: /Common/phutan.mayhem.com-80-int-llb | Status: The children pool member(s) either don't ha...

by Contributor in

Indexer's $SPLUNK_HOME /var/run/searchpeers/ excessive disk usage and bundles not being reaped

Problem: Excessive disk space consumed on indexer in $SPLUNK_HOME/var/run/searchpeers to the point where the indexer ...

by Splunk Employee in

DS: Disable specific input (not the app) on a specific UF host

We have one host where one of the inputs in an app distributed by the Deployment Server is causing too much traffic. ...

by Path Finder in

How to GET latest and previous events from a different host?

Hi all , This is my problem : I have a table with time,log and host. sample : host 1 <event log> 2018-06-05 23:...

by Builder in

set search results as the default value of a multi select when the dashboard loads.

Hi guys, for example i have a search that returns 7 id's. What I wanted to do is set those 7 ids as the default value...

by Explorer in

Index only rows that match a pattern

i have a file with following pattern : SERVICESTATE::CRITICAL , which updates everyday. this file also has many other...

by Builder in

Can these ingestion related tasks be completed through the REST API?

Our organization creates new indexes almost daily for one-off/one-shot logs from different customers we work with. Th...

by Builder in

How to monitor [WinEventLog://System] event logs for "Critical" or "Error" event logs only (Level 1 and 2)

Is there any way to monitor System Event Viewer logs ( [WinEventLog://System] ) for Event Level set to "Critical" and...

by Builder in

Issue in Data Parsing for extracting the field .

Hi Team, I’m struck in parsing the data, please advise how to handle the data. In the log of an application a ...

by Explorer in

Change Time Window Filter to another type of filtering

In the Time Window Filter, I can filter through events based on the time they arrived However, I would lik...

by Explorer in

how to split multiline JSON events/ Group multiline JSON event.

HI, Log File [ { "name" : "TraderCurrency", "type" : "RiskBreakdown", "duration" : 1173, "count" : 1, ...

by Builder in

How can I anonymize fields of data that has undergone indexed extractions?

I'm on a standalone Splunk environment. I've got some .csv files, and I'd like to use indexed extractions for them as...

by SplunkTrust in

Universal forwarder not forwarding

Hello, I'm trying to forward logs from azLog (Azure log integration) into my splunk indexer. Both are running on AWS ...

by New Member in

Where can I find Splunk field names for AD event ID fields ?

Greetings all, As the title states where can I find the Splunk equivalent of AD event ID fields ? For example ...

by Path Finder in

How can I get the remote Windows Logs?

Hi All, Have installed Universal forwarder in my remote windows machine. Actually, have tried configuring ''Remote...

by Explorer in

How to filter events if a field value must be false and then true at a later point?

Hi Splunk community, I was not sure how to formulate the question precisely, so I give you my use case: Filter ...

by Explorer in

Question on Props and Transforms ?

Hi had a question from my security team that is, where it will be highly secure to palace the props and transforms co...

by Motivator in

How to fetch data through dynamic calls in REST API Loop?

How do I fetch data through dynamic calls in REST API - Loop Example: The script will first run on the APi.json...

by Engager in

Problem with timestamp in props.conf file.

Here is a sample log record. . . [Fri, 25 May 2018 17:07:34GMT] [some_named_plugin.dll] [Process:4856][ERROR] : inval...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How many sources are there and what are the sizes of each sources?

Unable to start Splunk universal forwarder on AIX Server - Module Error

How to configure props.conf TIME_FORMAT to recognize 2 variations of a timestamp?

how to make this into a transaction: group events under previous field until new field is present

Inputs defined sourcetype overwrite a specific source using props and transforms

Indexed time and event logged time is mismatching

How to parse the events

Indexer's $SPLUNK_HOME /var/run/searchpeers/ excessive disk usage and bundles not being reaped

DS: Disable specific input (not the app) on a specific UF host

How to GET latest and previous events from a different host?

set search results as the default value of a multi select when the dashboard loads.

Index only rows that match a pattern

Can these ingestion related tasks be completed through the REST API?

How to monitor [WinEventLog://System] event logs for "Critical" or "Error" event logs only (Level 1 and 2)

Issue in Data Parsing for extracting the field .

Change Time Window Filter to another type of filtering

how to split multiline JSON events/ Group multiline JSON event.

How can I anonymize fields of data that has undergone indexed extractions?

Universal forwarder not forwarding

Where can I find Splunk field names for AD event ID fields ?

How can I get the remote Windows Logs?

How to filter events if a field value must be false and then true at a later point?

Question on Props and Transforms ?

How to fetch data through dynamic calls in REST API Loop?

Problem with timestamp in props.conf file.

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures