Getting Data In

Discussions

Thread Info

Subtract date from todays date to find status of the project

Hello All, I am trying to injest into splunk a CSV which has a field called "Project End Date" and the field is in th...

by Communicator in

Why are there multiple values on the test instance in timestartpos and timeendpos fields?

I extracted sample data from our prod instance of Splunk to be used in the test instance. The way I did it was to run...

by New Member in

Timestamp issue

Hi, I have configured inputs and props on a heavy forwarder and there is same stanza of sourcetype with no paramet...

by Builder in

Is there a way to blacklist specific event for specific index

I know we can easily blacklist specific event using regex in props.conf and transforms.conf . But I have 4 different ...

by Communicator in

Deployed app on Universal Forwarder being created with 700 permissions (Linux Deployment Server to Linux UF)

Created an app on the deployment server which is used to tell the Universal Forwarder which directories and logs to m...

by New Member in

Using a transform i cant use SEDCMD

Hi I am taking in data and making a new source type, so i need to use a transform for this. The issue is when i us...

by Motivator in

Route and Filter Data from syslog (and syslog-ng is NOT an immediate option)

I have a typical scenario that could be resolved with a UF on syslog-ng, however that is a future resolution. At t...

by Builder in

What search can I use to identify logs with future timestamps?

Hi All, Can any one guide me on how to check whether any log sources that are logging with future time stamps. I am n...

by Motivator in

Can REST API be used to execute a Bash script on Splunk server?

I have a Bash script on my deployment server to add server into the serverclass.conf. Could I execute the bash script...

by New Member in

Are there alternative ways to monitor forwarders?

My splunk environment we have not enable forward management so for me difficult to manage the forwarder host up & dow...

by Path Finder in

How to rename a specific IP subnets appearing in search to some name i.e city network

index=* | stats count by source_ip,dest_port I got my results against Source_ip,dest_port.Now i want to rename the...

by Explorer in

Can I set a different connection_host value for a specific set of remote servers?

Hi, I have a inputs.conf with splunktcp-ssl stanza. The connection_host is equals to "dns". But I would like it to...

by Contributor in

MAX_EVENTS in probs.conf issue.

Hello everyone, I have a problem with props.conf. My props.conf: [test_cx1] BREAK_ONLY_BEFORE = \<CxXMLRes...

by Path Finder in

How Indexers behave when it comes into detention state ?

I understand Splunk provides multiple means to control the disk size for indexing, and I want to understand better ar...

by Splunk Employee in

Ran out of space due to misconfigured index

Good Day All, I have a question for you. I recently misconfigured a index and the size went full on the disk drive. S...

by Communicator in

How to resolve alerts with the wrong time stamp?

Alerts with the wrong time stamp. Any suggestions? Please help. Thanks in advance

by Engager in

Need help with log having multiple occurrence of same field

I have following logs where field4 is coming twice in each log line. Example: 2018-04-06T23:01:36.264+0000 logLeve...

by New Member in

How to filter for a specific pattern with wild card?

Hi, In excel you can custom filter the cells using a wild card with a question mark. For example, if I want to fi...

by Path Finder in

Is it possible to configure indexer discovery with CLI ?

Is possible to configure indexer discovery with CLI on master and forwarder? Thanks For example: In the master ...

by Explorer in

How to filter out search results where a field value is with the string ?

Hi All, We want to filter out the events based on a field value containing only the string characters, not the num...

by Motivator in

Getting Data In

Discussions

Subtract date from todays date to find status of the project

Why are there multiple values on the test instance in timestartpos and timeendpos fields?

Timestamp issue

Is there a way to blacklist specific event for specific index

Deployed app on Universal Forwarder being created with 700 permissions (Linux Deployment Server to Linux UF)

Using a transform i cant use SEDCMD

Route and Filter Data from syslog (and syslog-ng is NOT an immediate option)

What search can I use to identify logs with future timestamps?

Can REST API be used to execute a Bash script on Splunk server?

Are there alternative ways to monitor forwarders?

How to rename a specific IP subnets appearing in search to some name i.e city network

Can I set a different connection_host value for a specific set of remote servers?

MAX_EVENTS in probs.conf issue.

How Indexers behave when it comes into detention state ?

Ran out of space due to misconfigured index

How to resolve alerts with the wrong time stamp?

Need help with log having multiple occurrence of same field

How to filter for a specific pattern with wild card?

Is it possible to configure indexer discovery with CLI ?

How to filter out search results where a field value is with the string ?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Routing Metric events to null queue

Databricks to Splunk (Error to load up job results...

Using tokens in Base and Chain searches in Dashboa...

Splunk IPFIX from NSX-T

Need to drop logs in Syslog-ng

Getting Data In

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>