Getting Data In

Community Activity

Cisco IOS and WLC time format Hi all, we saw this log from cisco IOS in splunk: ...Jul 4 16:43:42 HOSTNAME 19028: 10.1.1: Jul 4 16:43:42.804: %LI... by tfechner Path Finder in Getting Data In 07-10-2018 0 4	0	4
The unexpected behavior of inputlookup command.Is it a unknown bug? Hi splunk professionals, I see a unexpected behavior about inputlookup command in ver 7.1.1. The detail of unexpecte... by Shuhei052492 Path Finder in Getting Data In 07-10-2018 0 3	0	3
Is there a way in Splunk Web to not import certain events? I'm trying import an xml and using Line_breakers and such I could get clean events that have my data of interest. Res... by splunk2day Explorer in Getting Data In 07-09-2018 0 3	0	3
How do you configure a SearchHead via CLI with stanza's? I have splunk setup in multiple environments (DEV/TST/PRD) with their own SearchHead, Deployment Servers, License Ser... by sharkannon Explorer in Getting Data In 07-09-2018 0 9	0	9
regular expression json good afternoon I'm trying to capture a particular field, but sometimes my events come several times, and declarin... by efaundez Path Finder in Getting Data In 07-09-2018 0 4	0	4
How can I upgrade Splunk Enterprise 6.6.8 to 7.1.1 in Windows Server? Hi, to test the upgrade process, we created a clone of our current splunk server (6.6.8 running on Windows Server 201... by BerndS New Member in Getting Data In 07-09-2018 0 4	0	4
Why won't Splunk parse my multi-line event properly? I am currently unable to parse my multi-line event properly using Splunk. Here is an example from the start of the ev... by smcdonald20 Path Finder in Getting Data In 07-09-2018 0 6	0	6
Missing New logs in Splunk I have NAS servers and splunk installed in Windows server, my new logs in a NAS server stopped indexing. I did troub... by CONSORP Loves-to-Learn Lots in Getting Data In 07-09-2018 0 3	0	3
How do I create two instances of the same data input on one forwarder where instance 1 goes to server 1 and instance 2 goes to server 2? Hi, Is it possible to do the following on one Splunk Universal Forwarder: inputs.conf `[WinEventLog://Security] re... by Ant1D Motivator in Getting Data In 07-09-2018 0 0	0	0
Does Splunk support capturing data from CA Layer7 and how? Layer7 was acquired by CA and is offered as an API Management Platform. It seems that Layer7 should be able to send l... by Phranquelyn New Member in Getting Data In 07-09-2018 0 2	0	2
Splunk for Job Monitoring. Hello Experts!!! I am new to Splunk and just started learning Splunk from couple of days. We are using an in-house ... by gaurav_bhide New Member in Getting Data In 07-09-2018 0 1	0	1
TIME not getting milliseconds Hi all, I do have a log which does look like this: Jul 6 09:31:18.729: %SYS-5-CONFIG_I: Configured from console by... by MERBAG Explorer in Getting Data In 07-08-2018 0 15	0	15
How to parse a JSON from REST API? Hi all, I need some help parsing a JSON containing none/one/multiple nested messages that I have imported via REST AP... by claudio_palmeri Explorer in Getting Data In 07-07-2018 0 4	0	4
How to set up a high available syslog drain for cloud foundry to Splunk? We have a cloud foundry set up and wants to forward the logs to splunk as syslog drain. The TCP/UDP input method is n... by sgp0637 Engager in Getting Data In 07-07-2018 0 2	0	2
using stream forwarder to forward pcap data Hi, I would like to forward pcap data using tcpreplay on a remote machine which has installed a stream forwarder to f... by weicheng98 Path Finder in Getting Data In 07-07-2018 0 0	0	0
How to tag events based on the host value that contains a condition? Events from our DEV/PROD servers are ingested into the same index. This index already has events since 1 year. The on... by ReachDataScient Explorer in Getting Data In 07-06-2018 1 3	1	3
what is the easy way to split _raw column using comma delimiter and show in table I have the _raw data in the following format. I just need to split that data and show each value in a separate column... by arkisa New Member in Getting Data In 07-06-2018 0 1	0	1
if-else statement with timeframe I would like to specify my search to return a previous months + the current months data if the count outputted by jus... by shreyad Explorer in Getting Data In 07-06-2018 0 6	0	6
Custom inputs.conf files in distributed architecture We are using a distributed architecture and I have a couple of servers with custom windows logs that we want to pull ... by lball Explorer in Getting Data In 07-06-2018 0 1	0	1
Wait time before indexing data Hi, I would like to know if there is an option to wait for/ minute X seconds before indexing the data. The goal is ... by shayhibah Path Finder in Getting Data In 07-06-2018 0 5	0	5
Problems with CSV timestamps Hi, I have some csv files on my Splunk index. The files are named with a date like xxxxx20180703.csv . In the csv fil... by kooixiuhong New Member in Getting Data In 07-06-2018 0 6	0	6
Field extraction from Windows eventlog Windows eventlog are indexed fine. A particulare evnetlog source "WinEventLog:Application Info" (mind the space) cont... by gltplus New Member in Getting Data In 07-06-2018 0 1	0	1
How to control the default in a dropdown menu I have the following dropdown menu: <fieldset autoRun="true" submitButton="false"> <input type="dropdown" toke... by HattrickNZ Motivator in Getting Data In 07-05-2018 0 7	0	7
How do I onboard RFC5425 compliance logs? All, What's the current process for onboarding RFC5425 (SYslog with TLS) logging? I see docs from 2013 or so recomm... by daniel333 Builder in Getting Data In 07-05-2018 0 6	0	6
How do i avoid duplicate entries when switching from universal (light) forwarder to heavy forwarder? I have the SUF running on a few servers monitoring a typical logfile and I want to replace it with the heavy forwarde... by gozulin Communicator in Getting Data In 07-05-2018 2 6	2	6