Getting Data In

Community Activity

Need help on TIME_FORMAT and TIME_PREFIX I have a props.comf that is not working for TIME_FORMAT and TIME_PREFIX for the below log structure. Trying to break ... by sathiyasun Explorer in Getting Data In 08-30-2018 0 5	0	5
How can I override sourcetype and redirect to another index? Hi Guys, I want to override sourcetype for all events before being indexed and redirect some of those events (those w... by danielwysockiar Explorer in Getting Data In 08-30-2018 2 2	2	2
Why is my Remote File & Directory input not automatically inputting data? I currently have a Remote File & Directory Data Input on the following log 'C:\Windows\System32\winevt\Logs\Microsoft... by Callumfranks Engager in Getting Data In 08-30-2018 0 2	0	2
How do you audit for who is disabling Data Input? Recently, we found one data input for receiving syslog was stopped. We don't know if the service issue is auto stop ... by kennethyeung New Member in Getting Data In 08-29-2018 0 0	0	0
How to have my JSON output data in separate rows and not a single one? This is the output of my JSON data. I would want to see it in separate rows and not in a single row. When I do mvexpa... by Nadhiyaa Path Finder in Getting Data In 08-29-2018 0 4	0	4
The precise sourcetype setting when importing ESET logs I currently use the ESET Remote Administrator. However, I can not divide log fields with sourcetype. Please tell me t... by dum0785 New Member in Getting Data In 08-29-2018 0 4	0	4
Is it possible to generate the sourcetype based on the source? We have hundreds of ldap servers ready to be splunked. We would like to generate the sourcetype based on the source. ... by ddrillic Ultra Champion in Getting Data In 08-29-2018 1 7	1	7
Why is date not parsing correctly on my search head cluster? I have 2 splunk environments a DEV and PROD. I am send events from same syslog source. I have this date parsing: TIM... by pfabrizi Path Finder in Getting Data In 08-29-2018 0 4	0	4
Proofpoint TAP modular input in the distributed environment. How to install Proofpoint TAP modular input in the distributed environment. how to configure the inputs.conf files by Nadhiya_Dubai Explorer in Getting Data In 08-29-2018 1 1	1	1
Can you make .conf changes with the rest API? Has anyone used the rest API to successfully edit a conf file? I understand there are 3 methods GET, POST, DELETE.... by Log_wrangler Builder in Getting Data In 08-29-2018 0 2	0	2
how to host splunk distributed instance on microsoft Azure? We are in the phase of deploying splunk on Microsoft azure. we would like to know what are the limitation if we deplo... by gaikarmayur New Member in Getting Data In 08-29-2018 0 2	0	2
What have people's experiences been setting up Splunk in Azure? Hi guys, just a general question asking about what people's experiences have been when setting up a clustered splun... by Robbie1194 Communicator in Getting Data In 08-29-2018 0 2	0	2
How come when I send Syslog info via UDP to local universal forwarder, the host is always 127.0.0.1? Hi all, I've just stumbled across this issue. I have a linux host running rsyslogd. When I forward my events to the ... by dkrey Explorer in Getting Data In 08-29-2018 1 4	1	4
How to expand the values as separate events in my JSON data? { "results": [ { "statement_id": 0, "series": [ { ... by Nadhiyaa Path Finder in Getting Data In 08-29-2018 0 4	0	4
Upgrade to 7.1.2 from 6.5.1 - Universal Forwarder Upgrade Hello Team, We are planning to upgrade Splunk Enterprise v6.5.1 to v7.1.2. I understand that we need to upgrade or m... by hemendralodhi Contributor in Getting Data In 08-29-2018 0 1	0	1
How do I line break after a particular word? Hello Below is a sample one sample event which starts with ####### and ends with * All done!. How do I break the eve... by vrmandadi Builder in Getting Data In 08-28-2018 0 4	0	4
Duplicate values but one key Hi, I am running into an issue where I have keys and values which will show up once; upon expansion however it shows... by mrstrozy Path Finder in Getting Data In 08-28-2018 0 1	0	1
Need help on LINE_BREAKER,TIME_FORMAT and TIME_PREFIX I have built a props.conf but when I upload the log file manually it works fine but when the app writes the log the l... by sathiyasun Explorer in Getting Data In 08-28-2018 0 2	0	2
Splunk DB Connect 3.1.1 - Why database input for MS SQL server query does not capture any data to the index? i have setup a database input to connect to MS SQL server in Splunk DB connect 3.1.1. My database connection is work... by nbtsplunk Loves-to-Learn Lots in Getting Data In 08-28-2018 0 0	0	0
Can you collect data From DirecTV Receiver/Bridge with Splunk? Hello Splunkers! I'm getting into the nitty-gritty of Splunk and trying to apply my own data. I came up with the ide... by GIPO29 Path Finder in Getting Data In 08-28-2018 1 2	1	2
How to find what is causing us to go over our daily license quota with so few events indexed? We recently obtained a Splunk Enterprise license with a 6GB/day limit. We installed approximately 20 Windows Forward... by mj_hpg Engager in Getting Data In 08-28-2018 0 2	0	2
How do I Email results from Python script to users through REST API? Hello Experts, I have created a machine learning model and am fetching data from Splunk to generate real-time predi... by harshavelocity Engager in Getting Data In 08-28-2018 0 0	0	0
customizing the indexes.conf to keep no cold data Our requirement is that there is no cold data. Once the data comes in it will be keep warm for 90 days and then it wi... by saurabh_tek11 Communicator in Getting Data In 08-28-2018 1 11	1	11
splunk detects _time right, but displays it wrong Hi, I have an issue with the _time field in Splunk. An event like this gets into Splunk. While the date_hour, dat... by horsefez Motivator in Getting Data In 08-28-2018 0 13	0	13
Do I have a possible KV extraction issue on the universal forwarder? I have some json events that are fairly long (10K-20K characters). Most events come through fine, except for the fact... by ehowardl3 Path Finder in Getting Data In 08-28-2018 0 3	0	3