Getting Data In

Community Activity

Monitoring directory on a remote host I am attempting to ingest data from a remote host (Linux) to my Search Head/Indexer host (Windows) via Splunk Web. I ... by madavis1986 Explorer in Getting Data In 07-19-2018 0 3	0	3
Splunk Log data Enrichment in notifications I have logs loaded to splunk, I created few alerts to send the error email notifications till this it is working fine... by maheswar6523 New Member in Getting Data In 07-19-2018 0 2	0	2
How to insert a dynamic dropdown using CSV as a lookup? Hi, I want to insert a dynamic dropdown for the dashboard I have. Please find below the use case that I have which I... by rakeshyv0807 Explorer in Getting Data In 07-19-2018 0 7	0	7
Why are the JSON event lines missing? the line format is : {"tim":"2018-07-12 15:23:16","pre":"ayisha.udam","fir":"Ayisha","las":"UDAM","pe1":false} Som... by splunkLPN Path Finder in Getting Data In 07-19-2018 0 4	0	4
Transforms in props.conf? Whats the difference between calling one transforms and two transforms in a props.conf file? 1 transform: TRANSFORMS... by patricianaguit Explorer in Getting Data In 07-18-2018 0 1	0	1
Automatic Sourcetype Tagging on Syslog Server Hi everyone, In my environment, we are collecting logs from several types of devices on a syslog server, then forwar... by R_B Path Finder in Getting Data In 07-18-2018 1 7	1	7
How to remove hh:mm:ss from a date/time field to be displayed in mm/dd/yyyy format? So my original data looks like this: AUDIT_CREATED_TS 7/17/2018 1:15:30 AM 7/17/2018 1:10:30 AM 7/17/2018 1:05:41 AM ... by dennisSplunk201 New Member in Getting Data In 07-18-2018 0 6	0	6
How to setup forwarder details in inputs.conf? I have existing Universal Forwarder setup for our prod Splunk Enterprise instance. Now, I am trying to setup a dev Sp... by Naren26A Engager in Getting Data In 07-18-2018 0 5	0	5
How to change permissions for a job through the REST API/Python SDK? I am doing some automation in which I am running some searches through the API, and if any results are found, it emai... by chrishartsock Path Finder in Getting Data In 07-18-2018 0 5	0	5
what could be the possible error of not getting logs if inputs.conf ,outputs.conf are ok,file permission is also there,Splunkd is also running and no error found in internal logs? Help regarding Troubleshooting log i.e if unable to find the reason of not getting my logs.. by Salma1 New Member in Getting Data In 07-18-2018 0 3	0	3
Debug timestamp issue for data coming from UDP port in Cloud Splunk. I have an index whose data is being fetched from UDP port. Index is experiencing latency [lag in events] and we suspe... by JuhiSaxena Explorer in Getting Data In 07-18-2018 0 12	0	12
Incomplete field value Hi, I am passing a log file . The field values for message field is incomplete. Also the Message field has many patt... by swetar New Member in Getting Data In 07-18-2018 0 2	0	2
How to use mstats with post-processing Hello, I'm facing a strong issue with using a mstats command, working in a post-processing components on a dynamic w... by pokpok New Member in Getting Data In 07-18-2018 0 0	0	0
Can splunk read data from unix stream socket? Is it possible to get data in splunk from unix stream socket? Not tcp\udp socket, but socket like this - https://en.w... by gots Path Finder in Getting Data In 07-18-2018 0 7	0	7
SEDCMD vs TRANSFORMS? 1) When to use SEDCMD? 2) When to use transforms and props for data masking? 3) Which is better? by patricianaguit Explorer in Getting Data In 07-18-2018 0 2	0	2
How can I propagate date+hour to each next event in the log? Hi. I am a newborn splunk user. Logs come in the following format --Format-- @@dd/mm/yyyy_HH MMSS.msecond\|Message... ... by Pharaon Engager in Getting Data In 07-18-2018 0 2	0	2
How to get the xml data into splunk from the https url i have the https url and how to pull the xml data using the url from Splunk. Below is the sample url https://10.10... by Nadhiyaa Path Finder in Getting Data In 07-18-2018 0 2	0	2
Is there a REST API call to rebuild the forwarder asset table? Is there an API call that can rebuild the forwarder asset table as opposed to going into the Distributed Management C... by sarahkrisher New Member in Getting Data In 07-17-2018 0 2	0	2
change host name in nmon_data Hello I want to change host name in TA-nmon and I have set the value of override_sys_hostname in /dbdata1/splunkforwa... by khmohammadzadeh New Member in Getting Data In 07-17-2018 0 4	0	4
How can I get member users groups from Microsoft Azure AD? Hi Splunkers I am working with Azure AD and Splunk Cloud and I need to get information about member's group like who... by evinasco Communicator in Getting Data In 07-17-2018 0 1	0	1
Will Splunk run a modular input using system Python on a Universal Forwarder If I have a modular input written in Python, will Splunk attempt to execute it on a Universal Forwarder if the host h... by LukeMurphey Champion in Getting Data In 07-17-2018 1 6	1	6
How to check if indexer is writing cold to frozen? I have an ec2 splunk instance writing frozen data to an s3 bucket (via s3fs). Where would I find in the splunk logs ... by Log_wrangler Builder in Getting Data In 07-17-2018 0 2	0	2
Trouble extracting time in JSON I have a JSON log file that I'm attempting to ingest (Splunk v6.6.5). The events parse correctly, but the epoch time... by ericlarsen Path Finder in Getting Data In 07-17-2018 0 2	0	2
use transforms.conf or props.conf to convert multi line event to single event on forwarder level to send external to Splunk I would like to convert an event similar to the one below to be a single event when sending it out to an external Sys... by ssyed2009 New Member in Getting Data In 07-17-2018 0 2	0	2
Accepted time is suspiciously far away from the previous event's time I'm ingesting logs that have both event timestamps as well as timestamps within the contents of the logs. My props.c... by bschaap Path Finder in Getting Data In 07-17-2018 0 2	0	2