Getting Data In

Community Activity

Can I create a field transformation using a JSON source key? I don't seem to be able to set up a field transformation using a Source Key that comes from a JSON event field. I ha... by Jordan_Brough Path Finder in Getting Data In 06-25-2018 1 7	1	7
Why am I only and always getting results from host in the network? hello guys, This is my simple query for port flapping detection eventtype="cisco_ios-port_down" OR eventtype="c... by null0 New Member in Getting Data In 06-25-2018 0 3	0	3
How can I make the Powershell add-on script's run on a schedule? I have an add-on that I'm deploying on Windows systems. inputs.conf looks like this: [powershell://Processes-EX1] ... by eduardKiyko Explorer in Getting Data In 06-24-2018 1 5	1	5
Forward specific data from Splunk enterprise to Splunk Cloud Hi, We have both Splunk enterprise and Splunk cloud. I would like to take a specific set of data from Splunk enterp... by dbcase Motivator in Getting Data In 06-22-2018 0 1	0	1
How can I change the password without knowing the default or entered password for the forwarder? /opt/splunkforwarder/bin/splunk edit user admin -password $NEWPASSWORD This doesn't work - how can I change the pas... by shawno New Member in Getting Data In 06-22-2018 0 2	0	2
Why is WebLogic server.out parsing not working? Hi all, I have a Splunk installation here with lot's or Oracle WebLogic logging. Everything except the *server.out f... by cmeerbeek Path Finder in Getting Data In 06-22-2018 0 3	0	3
How to get the standard deviation of the interval between the occurrence of events? I have a server log in splunk and whenever a user login it will store a record with the username and timestamp. Now... by SRF1LO Engager in Getting Data In 06-22-2018 0 4	0	4
Does a Heavy Forwarder fit my needs? I have read in various places about "cooking" logs before sending them to a Splunk Enterprise instance. I'm curious t... by thomastaylor Communicator in Getting Data In 06-22-2018 0 6	0	6
Splunk OPEN SSL: unable to load library files. Hi Splunker, Unable to open the Splunk open ssl. Error is, #echo $SPLUNK_HOME /opt/splunk # /opt/splunk/bin/... by vasanthmss Motivator in Getting Data In 06-22-2018 1 4	1	4
Can you override sourcetype at inputs.conf without touching other config files ? Hi all, Seems we have to override the sourcetype to sourcetype other than 'recognized' ones (e.g. syslog) in order t... by stwong Communicator in Getting Data In 06-22-2018 0 9	0	9
Applying different extractions to the same source from different hosts I have two groups of servers that are both running haproxy, and the logs are in the same location (e.g. /var/log/hapr... by krisreeves Path Finder in Getting Data In 06-21-2018 0 2	0	2
Alert when Splunk Universal Forwarder stops working/if uninstalled Hello, How can I get alerts when Splunk UF is uninstalled on a Windows Machine? Or even if the SplunkForwarder Servi... by walterkobayashi Engager in Getting Data In 06-21-2018 0 2	0	2
Time Log always add 7 hours hello, i"m a newbie in splunk. i try to display my log file on splunk, but i had a issue here. this in example for m... by sianty910 New Member in Getting Data In 06-21-2018 0 7	0	7
How to use REST API over port 8089 with the Splunk Web SSL certificate instead of the self-signed certificate? Let me point out I've checked all the 8089 certificate questions on >answers, but have a slightly different question.... by tweaktubbie Communicator in Getting Data In 06-21-2018 3 7	3	7
How to configure in props/transforms.conf to remove the event data which does not contain any information in it? Hi Splunk experts, Just want to know how can I remove events which does not contain any information in it? Example ... by Hemnaath Motivator in Getting Data In 06-21-2018 0 12	0	12
Does anyone have an updated Dockerfile for 7.1.0? The docker file for 7.1.0 referenced in Docker hub here: https://hub.docker.com/r/splunk/splunk/ And more specifical... by csmykay New Member in Getting Data In 06-21-2018 0 3	0	3
Connection closes with INFO TcpOutputProc - Detected connection to 10.x.x.x:9997 closed. TCP connection closes after few hours and will not re-establish even after splunk restart. Connection gets re-establ... by mravindra Engager in Getting Data In 06-21-2018 0 4	0	4
Graylog sending to SPLUNK over 9997 I have Graylog forwarding to a UF over port 9997 and I see events streaming in but not being picked up by SPLUNK. I h... by pfabrizi Path Finder in Getting Data In 06-21-2018 0 8	0	8
universal forwarder is taking about 30GB of Memory - Is this normal? Hi My universal forwarder is taking about 30GB and my IT guys are asking is this normal. I have just restarted it an... by robertlynch2020 Influencer in Getting Data In 06-21-2018 0 11	0	11
Is it possible to list out empty index Hi, I am working on index="retail_ca", The problem with this index is some days the data is not ingesting in this i... by chandana204 Communicator in Getting Data In 06-20-2018 0 20	0	20
Additional search in REST API results enpoint I'm using curl and the REST API to submit a job and fetch the results by search id. What I'd like to do is, rather th... by ecmcn New Member in Getting Data In 06-20-2018 0 0	0	0
Is it possible to create a command that launches a powershell script? We currently have a PowerShell script that queries one of our EDR solutions and returns all data for the specified ho... by ng87 Path Finder in Getting Data In 06-20-2018 0 8	0	8
Forward data from logstash-forwarder to Splunk Indexer Hi all, we have an ELK-cluster in our company and now we want to have the data, we have in ELK, as well in Splunk. I... by yAlff Path Finder in Getting Data In 06-20-2018 2 4	2	4
How to split multiple lines of data into a single individual line in splunk? Hi All, We are monitoring the wtmpx data from the Unix machines via splunk using the Splunk add-on for Unix, based o... by Hemnaath Motivator in Getting Data In 06-20-2018 0 1	0	1
Why am I unable to boot-start splunk universal forwarder as non-root user on MacOS High Sierra? Hi there, I'm new to Splunk and am testing out installing splunk forwarder on some Mac clients running High Sierra f... by charvey007 Engager in Getting Data In 06-20-2018 1 3	1	3