Getting Data In

Community Activity

Unable to archive frozen data to s3 Hello Everyone, I am using the below in indexes.conf file, but the script never got executed instead the frozen file... by basu42002 Path Finder in Getting Data In 06-10-2018 0 18	0	18
Why My Timestamp didnt work on DB Connect? We set up an input in DbConnect and it works perfectly in our development environment but when we apply the same inpu... by justodaniel Path Finder in Getting Data In 06-09-2018 0 1	0	1
Kvstore Collection endpoint sort limit Hello! We are using KVStore collections in our apps, making use of the Splunk Rest API Collection Endpoint. For one ... by alvaromari83 Path Finder in Getting Data In 06-09-2018 0 1	0	1
Field Calculation not working What I'm trying to do is create a field named ids_type and make it equal to network. (ids_type=network) I'm trying t... by mr_t2083 Explorer in Getting Data In 06-08-2018 0 6	0	6
Universal forwarder Manual Installation I am trying to install Splunk Insights .. Installed splunk Server .. when i am trying to install Forwarder am not all... by nookalaa New Member in Getting Data In 06-08-2018 0 2	0	2
Splunk 6.4.1 migration to new Server Hello All, I am having one heck of a time migrating an old server to a new server, both are windows server 2012 r2 w... by drewsunderland Explorer in Getting Data In 06-08-2018 0 4	0	4
File monitoring With an interval Hello everyone. I have an issue regarding monitoring files in a directory. The thing is that in order events to b... by ninisimonishvil Path Finder in Getting Data In 06-08-2018 0 2	0	2
Setting persistentQueueSize for Windows Logs We are looking into to setting up persistentQueueSize for our Windows Event Logs. On the persistentQueueSize page (So... by cboillot Contributor in Getting Data In 06-08-2018 0 0	0	0
Scripted Input is incomplete Hi Team, I have deployed a scripted input which will list out all .log files from a specific folder on application s... by siva_cg Path Finder in Getting Data In 06-08-2018 0 1	0	1
How to search for session timeout event in Splunk internal logs for an account? How to search for session timeout event in Splunk internal logs for an account? ... is there any way to find the entr... by varun8159 Explorer in Getting Data In 06-08-2018 0 3	0	3
missing sourcetype in index summary I have two summary reports over an index, and one sourcetype is missing from one. The reports are: index="esam" ... by JeToJedno Explorer in Getting Data In 06-08-2018 0 4	0	4
One search head to search across two separate indexer clusters? I am running two setups of Splunk, one is in Datacenter and another is in AWS. DC : 2 Node search heads, 3 nodes : ... by varunmalhotra1 Explorer in Getting Data In 06-08-2018 0 1	0	1
I want to filter specific security events logs but my configuration didn't work. I have configure the input file residing under following path.C:\Program Files\SplunkUniversalForwarder\etc\system\lo... by aqudoos Explorer in Getting Data In 06-08-2018 0 4	0	4
How do you audit user logins on a forwarder? I need to change the admin account password and want to make sure I don't break any automated tasks by doing it. How ... by thisissplunk Builder in Getting Data In 06-07-2018 0 4	0	4
Why does REST API access work via a web browser, but not via CURL? I'm accessing my forwarder's REST API endpoints like so in a web browser and it works: https://10.10.10.10:8089/serv... by thisissplunk Builder in Getting Data In 06-07-2018 1 5	1	5
Culling older events in an index Yello! So I'm trying to remove events in a specific index older than a year, and all the references I've found so far... by charlesslover Engager in Getting Data In 06-07-2018 0 3	0	3
Can props.conf and transforms.conf be created in the Deployment Server GUI to push to indexers? Do props.conf and transforms.conf need to be created in $SPLUNK_HOME/etc/deployment-apps/YOURAPP/local or can it be c... by lmjoin Explorer in Getting Data In 06-07-2018 0 1	0	1
How to do the equivalent of a debug/refresh on cluster master master-apps? I'm updating /master-apps/_cluster/local/indexes.conf and then pushing the bundle. I check the cluster's search head ... by thisissplunk Builder in Getting Data In 06-07-2018 0 9	0	9
Clone a subset of data I'd like to send a sample of my prod data to a test env. Is this possible ? for example my prod data from one sour... by Skins Path Finder in Getting Data In 06-07-2018 0 1	0	1
SHA1 issue for splunk 8008 port for DCN vmware i am using 6.4..4 and by scaning we got issue on 8008 port as SHA 1 alert so how to make 8008 port (vmware DCN port)... by splunk24 Path Finder in Getting Data In 06-07-2018 0 0	0	0
How can we send data to 2 different groups of indexers? Hi We are looking to forward same data to different indexers and we did the below steps for this. We have 2 apps f... by splunker9999 Path Finder in Getting Data In 06-07-2018 1 4	1	4
Parsing error \| ERROR LineBreakingProcessor - Line breaking regex has no capturing groups: \"\} Hey Ninjas, I'm getting the below-parsing error when indexing the JSON formatted events. ERROR LineBreakingProcesso... by arunsunny Path Finder in Getting Data In 06-07-2018 0 3	0	3
How many sources are there and what are the sizes of each sources? I am trying to write a code where I should be able to count how many 'Sources' are there and the size/linecount of ea... by zacksoft Contributor in Getting Data In 06-07-2018 0 8	0	8
Unable to start Splunk universal forwarder on AIX Server - Module Error On installing the universal forwarder using a service account with full permission (777) and also have tried multiple... by Venkat_16 Contributor in Getting Data In 06-07-2018 0 2	0	2
How to configure props.conf TIME_FORMAT to recognize 2 variations of a timestamp? I have a log that has time expressed like this 20151218111015. So that would be December 18th, 2015 11:10:15. However... by dstuder Communicator in Getting Data In 06-06-2018 1 4	1	4