Getting Data In

Community Activity

How to change modinputs checkpoints location Hi, We are looking to change the location of the modinputs checkpoints. By default, the checkpoints are in $SPLUNK_H... by MIJ75 Explorer in Getting Data In 08-23-2018 1 3	1	3
Heavy Forwarders as an intermediary Layer Using indexer discovery Hey, we are using multiple HF to collect data from different groups of UF before sending it to a multi site Indexer ... by ChrisLH Explorer in Getting Data In 08-23-2018 0 3	0	3
HEC Curl Command Not Working? Hello all! I have a weird problem occurring that I would like to get some feedback on. I currently am running a Splun... by thomastaylor Communicator in Getting Data In 08-22-2018 1 3	1	3
How to make the time stamp of logs default to _indextime? Hi, Is there a way to have the time stamp of logs to default to the _indextime? I have noticed that a few events from... by awedmondson Explorer in Getting Data In 08-22-2018 1 10	1	10
Perfmon:Memory missing from search head I'm trying to timechart memory usage on my search head, but for some reason it's not collecting data. Specifically, m... by dtrelford Path Finder in Getting Data In 08-22-2018 1 5	1	5
PingOne/PingIdentity log subscription ingestion - logs unreadable I am sending logs from PingOne to my heavy forwarder. The logs are being streamed to the forwarder via TCP. The logs ... by kschiemo Engager in Getting Data In 08-22-2018 0 1	0	1
Upload txt file - metafields source and sourcetype not searchable Hello, i just uploaded a txt file with some logs, through GUI Add data ->upload. Data is indexed, and I can search it... by danielwysockiar Explorer in Getting Data In 08-22-2018 0 3	0	3
crcSalt entries getting deleted on Forwarders inputs.conf, when changing Forwarder Data Inputs through GUI Hello and good afternoon. I did run into the following issue and was wondering if anybody experienced the same and/o... by ingobahn New Member in Getting Data In 08-22-2018 0 1	0	1
Support for logs compressed with xz? The version of SUSE Linux I'm using has been compressing my logs with xz (by default) rather than gzip or bzip2. As ... by hatchmt Engager in Getting Data In 08-22-2018 1 2	1	2
How can I define customize sourcetype that I write logs in _internal? My custom script writes log in /opt/splunk/var/log/splunk/script.log. I want the log to be indexed in _internal but ... by sathiyasun Explorer in Getting Data In 08-22-2018 0 2	0	2
servicesns/user/app/saved/searches endpoint doesn't filter on user or app Like the title says, I can hit the endpoint successfully, but the results are the same no matter what I replace "user... by joemaz95 Path Finder in Getting Data In 08-22-2018 0 2	0	2
messy code from inputted .xlsx files when i try to input some excel files named xx.xlsx , and then i got some messy codes from search result like: "Pk\x00... by lllidan New Member in Getting Data In 08-22-2018 0 3	0	3
How to edit ps.sh to limit process getting in ingest for Splunk Add-on for Unix and Linux Hello, I'm trying to only get a certain server processes to ingest to splunk index using Splunk Add-on for Unix and ... by tgmvt03 Engager in Getting Data In 08-21-2018 0 1	0	1
What is the best practise for monitoring a file directly on the indexer machine(s)? I need to monitor a file directly on the indexer. I know I can just define an inputs.conf on the indexer itself and r... by hettervik Builder in Getting Data In 08-21-2018 0 4	0	4
Splunk alert and shutting down a physical port on a switch Have anyone used Splunk to act upon an alert and shut down a physical port on the switch? This would require running ... by pzharyuk New Member in Getting Data In 08-21-2018 0 2	0	2
How to filter the event by different date than mapped in the sourcetype? We have Date1 mapped in the sourcetype for the index. So if I select last 7 days in the date filter data is filtered ... by ninadbhaskarwar Path Finder in Getting Data In 08-21-2018 0 5	0	5
Combine data across multiple sources and then split answer to separate rows when exported to csv Good afternoon, I am trying to take data from multiple sourcestypes, combine it by a common field and then output it... by newill New Member in Getting Data In 08-21-2018 0 4	0	4
HEC Sourcetype Hello everyone! I just have a brief question regarding the HEC input. Our primary data input is the HEC. For new appl... by thomastaylor Communicator in Getting Data In 08-21-2018 0 4	0	4
Palo Alto stopped logging traffic to Splunk I am having the same issue as: https://answers.splunk.com/answers/507167/why-are-my-palo-alto-firewall-logs-not-forwa... by dkr3500 Path Finder in Getting Data In 08-21-2018 0 1	0	1
Why are logs not getting sent to Splunk with our current inputs.conf monitor stanza for a Windows file? Hello All, I know this has been covered and there are many answers, but from what I can tell, my inputs.conf is corr... by edwardrose Contributor in Getting Data In 08-21-2018 0 7	0	7
How to do a match of fields between a CSV file and my SPLUNK search? Hello I want to do a match between a CSV file and my SPLUNK search In the CSV file, I want that the field "host" whic... by jip31 Motivator in Getting Data In 08-20-2018 0 13	0	13
Single Value fields Ingested as Multi Value I never ran into this problem before, but I hope someone has.. I have a python script which calls a REST API and pas... by fdarrigo Path Finder in Getting Data In 08-20-2018 0 4	0	4
How to import old log files to splunk I have a remote server which has 1 week older rolling logs. I wanted to monitor those logs so I have installed UF and... by vinaykata Path Finder in Getting Data In 08-20-2018 0 8	0	8
Send JSON file/txt file using HEC - stuck on curl command Hello Trying to send a JSON file/text file through HEC to splunk. Getting stuck while adding "-d @data.json" ... by spharisha New Member in Getting Data In 08-20-2018 0 2	0	2
Is there a way to index data from NFS without mounting? Hello, I'm relatively new to Splunk, so please bear with me. I wanted to know whether there was any way to point to m... by nealw New Member in Getting Data In 08-20-2018 0 2	0	2