Getting Data In

Community Activity

When setting up a heavy forwarder, do I need to create an index locally as I do in my indexer cluster? When setting up a Heavy forwarder, do I need to have the index created locally as I do in my indexer cluster? So I am... by brent_weaver Builder in Getting Data In 05-24-2018 0 4	0	4
How do you use the indexing/preview API endpoint? I'd like to create my inputs and sourcetypes via the API in a clustered environment. Then I'd like to send a test fil... by thisissplunk Builder in Getting Data In 05-23-2018 0 3	0	3
How to forward Windows Event Viewer HPC Server logs with inputs.conf? , I currently use inputs.conf file to forward Windows Event Viewer Application logs to Splunk via the following syntax:... by mdu23 New Member in Getting Data In 05-23-2018 0 2	0	2
Any idea on where I am going wrong with bash_history timestamping? All, I am extracting bash_history, the event looks like this. #1510170881 grep -r something * But ends up with ... by daniel333 Builder in Getting Data In 05-23-2018 0 1	0	1
How do I enable a UF to accept REST API commands? I'm reading through all of the API docs, and I am executing GET API calls against my search head successfully. Howeve... by thisissplunk Builder in Getting Data In 05-23-2018 0 2	0	2
Logs in an index getting rolled cold to frozen before size or time limits are reached repFactor = auto homePath = volume:home/indexname/db coldPath = volume:SAN/indexname/colddb thawedPath = $SPLUNK_THAW... by briancronrath Contributor in Getting Data In 05-23-2018 0 8	0	8
How do I remove fields from VMWare Add-on before indexing? I'm currently receiving an excess amount of data from the VMWare app sample below and would like to only keep a few o... by AdamHolmes New Member in Getting Data In 05-23-2018 0 8	0	8
Is there an API call or CLI argument to update the password for the bind user for LDAP authentication? I have a very large, complex Splunk environment and I need to update the LDAP BIND user password. With over 100 inst... by wlth09 Explorer in Getting Data In 05-23-2018 0 1	0	1
props/transforms.conf Hi, I have the below data and I know that props and/or transforms.conf need to be modified to have the below report ... by dbcase Motivator in Getting Data In 05-23-2018 0 2	0	2
What is a good replacement to monitor Active Directory with Splunk 7.x? I am trying to monitor changes in Active Directory and found a number of ways to ingest data from AD. Splunk Add-on f... by snix Communicator in Getting Data In 05-23-2018 0 3	0	3
unifi USG syslog to Splunk enterprise Good Morning, I configured my Unifi USG to send logs to the splunk server on udp 514, created a receiver udp 514. I ... by wbarrett12 New Member in Getting Data In 05-23-2018 0 4	0	4
IIS logs creating licensing issue Hello, We recently completed a SOW with Splunk Professional Services. As part of the SOW we cleaned up apps, scripts... by andyadino Engager in Getting Data In 05-23-2018 0 1	0	1
Count number of events from IIS logs. I would like to group it by Country, source IP, destination IP, sum(cs_bytes), sum(sc_bytes) where the country is the... by tundeawe New Member in Getting Data In 05-23-2018 0 6	0	6
How to parse epoch time in SNMP log? I would like to parse timestamp for Windows SNMP logs Below is log "{""MibList"":[{""OID"":""1.3.6.1.4.1.311.1.13.1... by Niraj_Shah New Member in Getting Data In 05-23-2018 0 4	0	4
Will splunk provide pivot REST api to use in the apps? Hello, With reference to my previous question, (https://answers.splunk.com/answers/660382/how-to-customize-the-pivot... by gopiktr Engager in Getting Data In 05-23-2018 0 0	0	0
syslog configuration First Part I configure central syslog server where I planned to have all logs from all syslog devices. my syslog conf... by riqbal Communicator in Getting Data In 05-23-2018 0 6	0	6
How can I force Splunk to reread a config file every now and then in addition to when it changes? All, I am bringing in a number of configs as sourcetype=config_file via inputs.conf and I am pretty happy with it. ... by daniel333 Builder in Getting Data In 05-22-2018 0 4	0	4
Windows DHCP Logs I am having trouble getting a Splunk forwarder (4.1.2) to send Windows 2008 R2 DHCP logs back to the main Splunk inde... by Justin Path Finder in Getting Data In 05-22-2018 3 7	3	7
Can you auto remove CSV files after indexing? Is there a configuration in Splunk where it can remove/move a CSV file after it has been indexed? so it does not show... by jiaqya Builder in Getting Data In 05-22-2018 0 4	0	4
Why is the log time different than the system time? I have been beating my head against the wall on this one for a few days now. I have tried every suggestion I can find... by pdgill314 Path Finder in Getting Data In 05-22-2018 0 6	0	6
What can be done when port 8089 is taken on the forwarder? We reach a situation where port 8089 is being used by another app on a set of forwarders. Can we use another port on ... by ddrillic Ultra Champion in Getting Data In 05-22-2018 0 11	0	11
How Do I Remove Device From Splunk Server Class? Hello everyone. I am managing Windows and Mac devices via the Splunk DMC. Because of an error I made in the Splunk Se... by nmensah Explorer in Getting Data In 05-22-2018 0 4	0	4
Transform to nullQueue depends on search? Hello, I've been spending the last month experimenting with Splunk. Lately, i've tried to reroute a specific event t... by Burritobizon Engager in Getting Data In 05-22-2018 0 3	0	3
Need some more clarification on _meta value while using. Hi Folks, we have ingested the logs from microsoft azure using microsoft cloud services app on HF and we added some ... by lksridhar Explorer in Getting Data In 05-22-2018 0 5	0	5
How to get total comma separated values in splunk? Hi all, I am getting event like this Im trying to get total values with the comma separated but I am not getting t... by ajayabburi508 Path Finder in Getting Data In 05-22-2018 0 4	0	4