Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
itdeptPFS

Where to edit props.config for breaking log into multiple events?

I am using universal forwarders to move log data from remote servers to a centralized Splunk Light server. Where do ...
by itdeptPFS New Member in Getting Data In 08-17-2018
0 4
0
4
splunker2013

eDirectory events

Hi everyone, Has anyone successfully captured audit events from the Novell Audit agent for eDirectory or IDM product...
by splunker2013 New Member in Getting Data In 08-17-2018
0 6
0
6
davidpaper

How many pipelines should I use on a forwarder?

I'm trying to figure out how many pipelines to set on my forwarders to maximize the following: ThroughputData distri...
by davidpaper Contributor in Getting Data In 08-16-2018
1 3
1
3
joshimeister

How do you parse JSON from a specific field?

I tried search in the community support section for something similar to my issue. I am trying to parse a specific f...
by joshimeister Loves-to-Learn Lots in Getting Data In 08-16-2018
0 1
0
1
thisissplunk

Cloudtrail JSON logs do not ingest into splunk in a usable manner. How to parse correctly?

The cloudtrail event exports are in JSON with fields, which is great. However, each event has a top level empty piece...
by thisissplunk Builder in Getting Data In 08-16-2018
0 0
0
0
avansteen

How to forward the entire contents of a CSV file even if its unchanged daily?

Hello, I'm attempting to forward a set of .csv files for administrator group auditing. However it only forwards, or a...
by avansteen New Member in Getting Data In 08-16-2018
0 3
0
3
att35

What does the view Settings -> Sourcetypes (Under Data Section) tells us?

Hi, I am working on troubleshooting one issue where data from a particular sourcetype is not getting parsed correctl...
by att35 Builder in Getting Data In 08-16-2018
0 0
0
0
a212830

Is there a log that would state why my session was disconnected?

Hi, Is there a log that would state when/why a splunk browser session was disconnected? We are getting these in pro...
by a212830 Champion in Getting Data In 08-16-2018
0 3
0
3
neovenkat

latest = -0d@d is broken for users in time zones when daylight savings starts and clock switches over. We observed this issue with search time range preset = yesterday as well for 'America/Santiago' timezone as DST started today.

We had set the time zone as 'America/Santiago' for user tz_user. Today DST started for America/ Santiago time zone. ...
by neovenkat Explorer in Getting Data In 08-16-2018
0 7
0
7
Shan

Please help me out to filter or restrict with exact value as mentioned below?

Hi All, Need your help on finding a solution for below problem.. This is how my data appear in Index. I want to...
by Shan Builder in Getting Data In 08-16-2018
0 5
0
5
neermine

help please : inputs problem

hi i have configurate my universal forwarder and splunk so i can find my machine in the host list of splunk .. but i ...
by neermine Path Finder in Getting Data In 08-16-2018
0 23
0
23
Cbr1sg

Splunk event time for event with starttime and endtime

Hello all, I setup DB connect input to query data from SQL server and store it in the index of Splunk. During the set...
by Cbr1sg Path Finder in Getting Data In 08-15-2018
0 5
0
5
Cbr1sg

Does Splunk has a feature to auto detect the timezone of the viewer?

Hello all, I have an use case in Splunk to display the data in the viewer's timezone automatically. For example: whe...
by Cbr1sg Path Finder in Getting Data In 08-15-2018
0 6
0
6
pp1231234

We have many applications currently logging to CAL by default, we are interested in collecting these logs to Splunk.

We have many applications currently logging to CAL by default, we are interested in collecting these logs to Splunk. ...
by pp1231234 Engager in Getting Data In 08-15-2018
0 1
0
1
kisero

Why are the events getting lost when exporting to CSV?

Hello When searching from the Splunk Search Head I get thousands of events. When I export the result to a CSV I only ...
by kisero Engager in Getting Data In 08-15-2018
0 1
0
1
joesrepsol

inputlookup not working from CLI search, but works from GUI on deployment server?

So I'm trying to setup a search that returns the hostname of the missing forwarders to use in a BladeLogic automation...
by joesrepsol Path Finder in Getting Data In 08-15-2018
0 2
0
2
pete222

On a Heavy forwarder that forwards events to a 3rd party device, how can I encrypt the traffic using certificates?

Hi I have an app on a HF that forwards events to a 3rd party device via unencrypted channel. I would like to encrypt ...
by pete222 New Member in Getting Data In 08-15-2018
0 1
0
1
neermine

new index and sourcetype

should we modify the props.conf and the transforms.conf when we create a now index and a new sourcetype ?
by neermine Path Finder in Getting Data In 08-15-2018
0 8
0
8
brdr

Why is starting splunkd on windows failing with an error?

We are using Splunk Enterprise 7.1 on windows. I'm attempting to start splunk daemon unsuccessfully. Within splunkd.l...
by brdr Contributor in Getting Data In 08-15-2018
0 5
0
5
Aendrew

Splunk Mint for Windows

I would like to use Splunk Mint on iOS, Android and Windows. At the moment there is only support for iOS and Android....
by Aendrew New Member in Getting Data In 08-15-2018
0 0
0
0
pete222

In a heavy forwarder, how do I select specific windows event ids and reparse them as single line events?

I have windows event logs coming into a heavy forwarder, which I don’t need to index. All I need to do is select a co...
by pete222 New Member in Getting Data In 08-15-2018
0 2
0
2
Log_wrangler

How do I create a custom command to decode base64 and remove null bytes?

I have tried all the base64 decoding apps in splunk base with no luck. The apps decode the first character and stop ...
by Log_wrangler Builder in Getting Data In 08-15-2018
0 2
0
2
gkwl22000

xml rest import not spltting into envents

I have a dashboard xml export from another app. the xml does not appear to be forrmatted as true xml using <> for som...
by gkwl22000 New Member in Getting Data In 08-15-2018
0 0
0
0
neermine

please help me : How CAN I configurate splunk enterprise so it could see the forwarder ?

hey please help!! i did all the steps of universal forwarder configuration but i still can't forward data into splunk...
by neermine Path Finder in Getting Data In 08-15-2018
1 11
1
11
ddrillic

Is there a way, instead of going on the server, to find out if the log files have gone stale?

My customer uses the following to monitor their hundreds of forwarders - | metadata type=hosts index=<customer index...
by ddrillic Ultra Champion in Getting Data In 08-14-2018
0 4
0
4
Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...
Top Solution Authors
View All