Getting Data In

Community Activity

please help me : How CAN I configurate splunk enterprise so it could see the forwarder ? hey please help!! i did all the steps of universal forwarder configuration but i still can't forward data into splunk... by neermine Path Finder in Getting Data In 08-15-2018 1 11	1	11
Is there a way, instead of going on the server, to find out if the log files have gone stale? My customer uses the following to monitor their hundreds of forwarders - \| metadata type=hosts index=<customer index... by ddrillic Ultra Champion in Getting Data In 08-14-2018 0 4	0	4
What ports are used as source ports for Splunk Universal forwarder agent? Let’s say we have Splunk Universal Forwarder agents installed on windows servers. Is it known what ports are being ... by mlevsh Builder in Getting Data In 08-14-2018 1 4	1	4
how to index outlook data into splunk enterprise 7.1.2 version I have a business requirement to index outlook data into the Splunk. I used IMAPmailbox,imap and Microsoft Office 365... by chandra_palle New Member in Getting Data In 08-14-2018 0 0	0	0
Unable to find predefined sourcetypes after installing app on new system Hey Splunk-gurus, I created an app which parses events from same log file and categorized them into multiple source... by arpita_biswas New Member in Getting Data In 08-14-2018 0 2	0	2
How can I use blacklist to ignore directories that include "-"? I have a monitor set up in inputs.conf on my UF as follows [monitor:///log/test] blacklist = ppd.\.log$\|prod.\.l... by Stokers_23 Explorer in Getting Data In 08-14-2018 0 1	0	1
How to convert a single event into an outputlookup CSV file? We are receiving a csv file as an event. (The whole csv file as a single event). This is configured correctly eg [cu... by koshyk Super Champion in Getting Data In 08-14-2018 0 3	0	3
how can I configure my transforms.conf to filter specific events Now here ,this is a test log Thu Jun 08 2017 03:06:50 www3 sshd[2294]: Failed password for beyonce from 10.1.10.172 ... by snakecoding New Member in Getting Data In 08-13-2018 0 0	0	0
Is there a way to submit events with user 'nobody' ? Hi. I am trying to submit events, from a scripted input, with user 'nobody' I am getting this error: HTTP 403 Forb... by davidtrujillo Explorer in Getting Data In 08-13-2018 1 0	1	0
Programmatically enable/disable JMX input We have one JMX input that needs to be disabled and then re-enabled every now and then. I am trying to figure out how... by batsonpm Path Finder in Getting Data In 08-13-2018 0 1	0	1
What stanza would I need to only monitor the Notification Packages string within the Lsa hive? Hey guys, So I have another request that I can monitor hives without issue so directly below if I were to add anyth... by AaronMoorcroft Communicator in Getting Data In 08-13-2018 0 3	0	3
Parsing SQL Queries I am analyzing SQL Queries executed by users, is there any way to parse this queries. e.g. In insert query every time... by masterpiece Engager in Getting Data In 08-13-2018 0 1	0	1
Windows Process On a Windows 2003 there is a process running in windows called java.exe. Do you know of a way that Splunk can monito... by itsomana Path Finder in Getting Data In 08-13-2018 1 3	1	3
Is there a way to add more than one time filter to splunk reports? Hello, Can we add more than one time filter to splunk reports? I am trying to do this for pivot reports? Thanks i... by chinmayc469 Explorer in Getting Data In 08-13-2018 0 3	0	3
Logging thousend files via Splunk Forwarder causes high CPU load Hi there, we have a oracle logging directory with thousend .aud files for logging to Splunk. Each day over 700 new ... by tfechner Path Finder in Getting Data In 08-13-2018 0 7	0	7
How do I write a search query for a hierachial JSON? (I have no experience in Splunk searches) The question is simple: I have a JSON like this: { "name": "Testdata... by kjubie New Member in Getting Data In 08-13-2018 0 4	0	4
How to forward internal logs (splunkd.log) from UniversalForwarders to indexer via heavy forwarder Hi. My configuration is UF->HF->INDEXER. Aim: configure DMC to monitor all instances of my deployment including Un... by kalianov Path Finder in Getting Data In 08-12-2018 0 4	0	4
timeformat are not getting extracted properly timeformat are not getting extracted properly, we have one type of timestamp but clock there is different. It is star... by ashikuma Explorer in Getting Data In 08-12-2018 0 2	0	2
DBX inputs - Filter Events to NullQueue Hi, I have a dbx input that runs a stored procedure and spits out results into an index. I would like to add a props... by rijutha Explorer in Getting Data In 08-12-2018 0 4	0	4
Monitor a directory and run a script on a new file Hi, I'm a beginner Splunk user and I'm trying to use Splunk to monitor a nfs directory for new files and running a (... by cristiang New Member in Getting Data In 08-12-2018 0 2	0	2
How can I change hostname in log files? I am trying to change the host name. the name is from the log files. Sep 20 11:13:18 10.50.3.100 Sep 20 11:13:15 ac.... by riqbal Communicator in Getting Data In 08-12-2018 0 6	0	6
How do I index one _time field from separated different time data? This is my data from with html tags. This is just single line. 03/<tr class="mtx" style="text-align:right;"><td styl... by goji Path Finder in Getting Data In 08-10-2018 0 4	0	4
Why is my input not getting parsed if I use wildcards? Hi I have a input with sourcetype [eventlog]. In props.conf If I use sourcetype as below to define settings it is... by ankithreddy777 Contributor in Getting Data In 08-10-2018 0 8	0	8
Why are the logs being forwarder from one source to the Splunk indexer in a Splunk forwader deployed on a Windows server? Hi there, We have Splunk forwarder deployed on a Windows server and inputs.conf is configured with two log sources. ... by venksel Explorer in Getting Data In 08-10-2018 1 5	1	5
Multiline field in modular input getting newline removed while indexed I am creating a modular input. My input is a CSV and I convert it to JSON to be imported as a new event in Splunk. Se... by scottsavareseat Path Finder in Getting Data In 08-10-2018 0 1	0	1