Getting Data In

Community Activity

eliminate unnecessary values when indexing good morning I want to ignore certain elements of a log when indexing them, for example: field0 \| x \| x \| x \| ... by efaundez Path Finder in Getting Data In 07-03-2018 0 9	0	9
How to input an excel file from an email automatically Hello, everyday I have an email with an Excell file attached. To input the data in Splunk, I have to save the file, ... by Alaza Explorer in Getting Data In 07-03-2018 0 7	0	7
Fill Ratio for Splunk Enterprise Data Pipeline not displaying properly What fill ratio is suppose to be was replaced with a bunch of variables like $result.parsingQueue$ $result.aggQueue$ ... by jackfrost Engager in Getting Data In 07-02-2018 1 3	1	3
How do I increase the session timeout settings in the config files? I've already increased this setting in web.conf, but my session still times out after an hour. Are there other setti... by Mick Splunk Employee in Getting Data In 07-02-2018 2 4	2	4
Programatically accessing external APIs from splunk in Python Need to access some URLs, from Splunk programatically in Python. Need to know what should be the structure of the a... by aayushtandon23 New Member in Getting Data In 07-02-2018 0 1	0	1
Any tips on setting up Dell Sonicwall Analytics? Hello Splunkers, I'm having trouble getting apps/searches that rely on firewall data, to display anything. The dashbo... by jackal713 Path Finder in Getting Data In 07-02-2018 0 2	0	2
MAX_EVENTS in props.conf not working Hi everyone, We have the following Splunk configuration: Splunk Cloud instance (managed)Universal ForwarderMonitori... by fcologno New Member in Getting Data In 07-02-2018 0 1	0	1
How to display several syslogs at the same time from different devices? Hi All I am looking for a solution to display syslogs from three devices at the same time on the same screen in orde... by IHG152 New Member in Getting Data In 07-02-2018 0 5	0	5
What is the identification process for SplunkForwarder? I've been asked to write a document about the process of SplunkForwarder connecting with a deployer or indexer and fo... by agentsofshield Path Finder in Getting Data In 07-01-2018 0 2	0	2
How to parse hash code from a raw log into a field Mail_Log_Splunk: Info: MID 119972447 SHA ee1b5fe97eb813f416052526bc191f3112382a7e9638fba3a3ed2652acf81d5a filename Pi... by kjebaker3 New Member in Getting Data In 07-01-2018 0 8	0	8
How do I combine two data sources and get rid of repeated IDs? Currently I have two data sources with different names for the same IDs. One is called License Key Identifier and the... by Ragate Explorer in Getting Data In 06-30-2018 0 2	0	2
Splunk Add on For AWS - Generic S3 input I have setup splunk add-on for AWS. For generic S3 bucket, we tried to add different format files into the bucket. Th... by caughtnakul New Member in Getting Data In 06-29-2018 0 0	0	0
,Guacamole Docker logs in Splunk Hi, I would like the Guacamole logs to get forwarded to the Splunk server and I added the log forwarding parameters... by tezarin New Member in Getting Data In 06-29-2018 0 5	0	5
Why am I encountering a bug when accessing nested JSON field values? There seems to be a bug searching events with JSON data if the field names are nested. For example: sourcetype=cmdb... by responsys_cm Builder in Getting Data In 06-29-2018 0 2	0	2
Collect remote files using SFTP Hi all, Is there any native way of configuring splunk or forwarders to periodically collect files using SFTP ? It... by npr72 New Member in Getting Data In 06-29-2018 0 3	0	3
Help extracting and paring nested JSON for table I'm indexing some JSON data that describes an AWS security group. Inside this JSON are nested pairs of port combinati... by dwodeyla_bit9 Engager in Getting Data In 06-29-2018 0 5	0	5
len(_raw) vs \|dbinspect rawSize I use a simple query to determine the amount of data I've sent to splunk: index=x \|eval esize=len(_raw) \|timechart s... by Hoekb03 Explorer in Getting Data In 06-29-2018 0 1	0	1
How to use spath command in props.conf or transforms.conf in Splunk? Hello , I used spath command to extract field from json data: {"key":"value", "key":"value", "key":"value", "key":"... by MAMAOUI Explorer in Getting Data In 06-29-2018 0 4	0	4
Getting issue while parsing event which have no timestamp in logs Getting issue while parsing events which have no timestamp in logs, it should use date\time from last log event times... by ashikuma Explorer in Getting Data In 06-29-2018 0 9	0	9
Can Splunk read a file in JSON format? We are trying to pull in slack data using function1 which is not work as we are using the new api. We had a call with... by pfabrizi Path Finder in Getting Data In 06-29-2018 0 4	0	4
How to mass delete knowledge objects in version 7.0? I've got a large number of orphaned objects that I'd like to clean up (delete). I don't see any way to do this in th... by the_wolverine Champion in Getting Data In 06-28-2018 0 5	0	5
Can I do an if else in a props.conf? I am using Graylog to forward my windows events, all the events field names start with winlogbeat, but some are _even... by pfabrizi Path Finder in Getting Data In 06-28-2018 0 2	0	2
How to split multiple lines in a table into separate rows? I have some data from Tenable and I am trying to weed out the rows with multiple values into its own row. A good e... by jimmynguy Explorer in Getting Data In 06-28-2018 0 4	0	4
crcSalt is not working I ingested SQL ERRORLOGs and SQLAGENT logs with my forwader but didn't have the props.conf setup correctly. They show... by thisissplunk Builder in Getting Data In 06-28-2018 0 9	0	9
How would I filter out fields via Props.conf? I am forwarding windows events from graylog to a UF and then UF to Indexer. I have a props.conf to create field alias... by pfabrizi Path Finder in Getting Data In 06-28-2018 0 2	0	2