Getting Data In

Discussions

Thread Info

how to remove headings of a log file?

i indexed my log file line by line using regex, i want only valid rows not headings and lines , but in my query resul...

by Explorer in

How to convert time format?

I have time in Variable End_Time = 23:06 and want to convert this to 2306. How can I do that? I tried Strptime(End_Ti...

by Engager in

configuration bundle action cannot push

While we are on creating new index in cluster master we encounter his error : Push Unnecessary: No new bundle wi...

by Builder in

Line breaking issues with source that is not in index

I have a strange issue where I get lots of line breaking errors about a particular file, but I can't find the file in...

by Path Finder in

How to agregate data from different sourcetypes?

hello I use the request below for retrieving some information from the Windows event viewer but in my dashboard, I...

by Explorer in

Invalid key in stanza

I am looking at confs I didn't originally create. btool check found: Invalid key in stanza [tcpout:A] in /opt/s...

by Builder in

Filtering event data

Hi, I'm probably asking something that has been asked a thousand times. I searched the forums but I'm not really s...

by New Member in

How to add data from universal forwarder into splunk.

I have attached screenshots of my search screen and universal forwarder monitoring screen. I can find them in the for...

by New Member in

How to segment syslog events by indexer?

Hi everyone, I am trying to configure one way to segment syslog events by user. Example: Apr 11 13:30:38 10.0....

by Engager in

Is it possible to manage syslog-ng.conf using a deployment server?

I am currently managing 4 syslog servers using syslog-ng. I am trying to figure out the best way to manage the syslog...

by Path Finder in

What is the best logging format for key=value when one value is JSON?

Hello -- I am logging incoming HTTP requests to my logs, what would be the best format for Splunk to pick them up in ...

by New Member in

How to forward data from universal forwarder to Splunk light?

I have installed a universal forwarder on linux server and I have Splunk light cloud instance. I am able to find the ...

by New Member in

Feed data to the splunk index using REST API

Hello experts! I would like to configure my java application to write data directly to a splunk index, rather than wr...

by Engager in

can we get custom logs from a batch job running in AWS EC2 instance to Splunk Cloud for analysis?

Hello, We currently have custom batch jobs running on EC2 instances in AWS and each of these processes creates on...

by New Member in

Help with line-breaking

Hi, I have a feed where it appears that multiple events are being sent on the same line, and I need to break them ...

by Champion in

How to do a one time file upload through conf files?

I want to upload a log file from my computer, through conf files. There will be no monitoring just uploading file onl...

by Explorer in

Multiple fields from json array

Hi! How to split JSON array elements (value) { "id": 4321, "value": [ 5, 6, 7, 8 ] } from multivalue ...

by Path Finder in

Inputlookup and Index rename returning null results

I have an index called "adusers". This index pulls in all information about enabled user accounts. For the purposes o...

by Contributor in

How to ingest data Into summary index?

Hi, I wonder whether someone may be able to help me with some advice please. I'm wanting to set up a Summary Index...

by Motivator in

How to convert GMT to EDT?

How could I convert this GMT time to EDT? index="wineventlog" host=opdc* Account_Name=*test_user EventCode=4624 |...

by Communicator in

How to remove duplicate values from one index in another index?

I have an inputlookup that provides me a list of mac addresses, I want to remove those mac addresses from another ind...

by Contributor in

How to import cef data from data source in splunk enterprise without an agent?

I tried many times to import raw data (CEF) from another SIEM (just to test) and configured to send data to a specifi...

by New Member in

How do i configure an External HEC to listen on https and secure the traffic?

We would like to send data securely from a cloud endpoint to Http Event Collector/Forwarder on our perimeter, before ...

by New Member in

How to create a script, using Powershell, to run and pull logs from splunk and export them to a file?

Hi, I was wondering if an event was to occur for a piece of hardware such as changing, going down etc. is it possible...

by New Member in

how can get syslog from F5 BIGIP with Universal Forwarder

hi all, we our splunk enterprise with this configuration: 1 universal forwarder 2 indexers in cluster 1 search...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

how to remove headings of a log file?

How to convert time format?

configuration bundle action cannot push

Line breaking issues with source that is not in index

How to agregate data from different sourcetypes?

Invalid key in stanza

Filtering event data

How to add data from universal forwarder into splunk.

How to segment syslog events by indexer?

Is it possible to manage syslog-ng.conf using a deployment server?

What is the best logging format for key=value when one value is JSON?

How to forward data from universal forwarder to Splunk light?

Feed data to the splunk index using REST API

can we get custom logs from a batch job running in AWS EC2 instance to Splunk Cloud for analysis?

Help with line-breaking

How to do a one time file upload through conf files?

Multiple fields from json array

Inputlookup and Index rename returning null results

How to ingest data Into summary index?

How to convert GMT to EDT?

How to remove duplicate values from one index in another index?

How to import cef data from data source in splunk enterprise without an agent?

How do i configure an External HEC to listen on https and secure the traffic?

How to create a script, using Powershell, to run and pull logs from splunk and export them to a file?

how can get syslog from F5 BIGIP with Universal Forwarder

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout

Missed data from SOPHOS

Deployment server for heavy forwarders best practi...

[Cohesity Add-on] Extension with “Protection Runs”...

Splunk VMware OVA for ITSI vs Splunk OVA for VMwar...

How to Execute a Python Script via a Button and Di...