Getting Data In

Ask a Question

Discussions

Thread Info

Why does the .etl file stop receiving any new events on Windows 2012 Server on Splunk and is there another way to deliver DNS logs to Splunk?

Hello everyone, We have a universal forwarder installed on the Windows 2012 machine and we use the addons and Powe...

by Path Finder in

Why is Splunk not breaking each log line into single events?

Hello, After being loaded into Splunk, my event looks like this: EVENT BEGINNING [3c58db35-1eef-43a5-8b57-57081...

by Explorer in

Can a Universal or Heavy forwarder send (output) data to a dns name rather than an IP address?

I have a scenario where data from a fwdr needs to go to a dns name (load balancer) instead of IP. Please advise if...

by Builder in

how to get the list of sources and sourcetypes grouped by index for a specific app?

I am using the below query to get the list of all sourcetypes for a specific app | rest /services/saved/sourcetype...

by Builder in

How to Blacklist a hostname in inputs.conf?

Hi Team, In our environment, We have all apps in our deployment server and from there we used to deploy it so that...

by Path Finder in

JSON input: How can I split these values for each line break a new row is generated?

Hi there, I have a JSON input in Splunk and Splunk extracts the data. But it is not generating for each application ...

by New Member in

Efficient search?

Hi, I have the following search, which is taking quite a while, and was wondering if there are any obvious improve...

by Champion in

Is enabling HTTP Event Collector in a cluster possible via master apps files only instead of the web interface?

I am trying to set up HEC in a cluster, but the cluster members do not seem to be listening on the port I have design...

by Path Finder in

Is it possible to create a field alias by event type?

I need to create a field aliase by event type. I saw that it is possible to reference an eventtype from the props.con...

by Communicator in

Why are log entries that are sent through the http event collector in JSON format not found in Splunk?

We have am Splunk server in which one is configured the http event collector. We also created a new index for that an...

by New Member in

Cisco AMP for Endpoints: How to get a clear view (via API) of how many agents are currently installed in the environment(Phone Home Event type)?

App: Cisco AMP for Endpoints ver 1.1.0 Splunk: Cloud 6.6.3.2 (ES) I'm attempting to find a way to get the total nu...

by New Member in

Is there a way to reindex the data from 2/1 to today without reindexing the other files?

Hello So I have some data for some reason that did not get index in my monitored filepath. I have a feeling it has so...

by Communicator in

How can I delete the data, which is coming from SH and the UF via the host field when there shouldn't be any files to monitor?

Hello I have to be doing something incorrectly. I have an indexes app that stores our index configs. Small environ...

by Communicator in

Heavy Forwarder: How do I get traffic to a specific index on my indexer?

Hi Folks - testing the product out and trying to figure out this scenario. Windows Server w/ Universal Forwarder -...

by Explorer in

Why is the _time value changing in the summary index?

I try to use summary indexing to improve search efficiency, but it's resulting in an error because of the wrong _time...

by New Member in

change extracted event timezone

Hi guys i've a scritpt on a linux forwarder to monitor a load balancer, it's log is a txt file in UTC format, i need ...

by Path Finder in

How to remove all splunk monitoring from splunk on a windows platform?

I recently integrated Splunk forwarding service with Tableau and when I set up the monitoring, I did .\splunk to add ...

by Explorer in

How many Users have 2 events recorded out of 3 events pulled back in script?

I have a script: index=idaas EventType=Start OR EventType=Pass OR EventType=SignIn | eventstats dc(UserID) as dcU...

by Engager in

How do I modify syslog host to be FQDN?

Splunk 7.0.2 Universal forwarder running on a linux box splunk2.lab.local This is sending a monitor /var/log to a sea...

by New Member in

How to prepare a forwarder script for a silent installation on Windows?

Hello everyone, I need your help to prepare a forwarder script (silent installation) that will be on my Windows (e...

by Engager in

I can't delete index in Splunk Web.

I can't delete index in Splunk Web. I just created index in Splunk web and after that since I no longer need that ...

by Builder in

How can I find hosts from a CSV that are and aren't returning events to Splunk?

I've been poking around Splunk Answers for a while today and can't quite match the scenario I've got. I considered ht...

by Builder in

Getting all forwarder names via a REST call

We created a monitoring dashboard (outside of Splunk) which relies on rest /services/deployment/server/clients to get...

by Ultra Champion in

How can I extract Hostname Field via IP address in event info from .csv lookup?

Hi, I'm looking at alerting on SNMP traps in Splunk and one thing that I need to do is to be able to lookup the ho...

by Explorer in

Why is my auto index uploading a CSV file twice?

Hello, I think I have a problem where my auto index is uploading a file twice- the original file placed in the aut...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why does the .etl file stop receiving any new events on Windows 2012 Server on Splunk and is there another way to deliver DNS logs to Splunk?

Why is Splunk not breaking each log line into single events?

Can a Universal or Heavy forwarder send (output) data to a dns name rather than an IP address?

how to get the list of sources and sourcetypes grouped by index for a specific app?

How to Blacklist a hostname in inputs.conf?

JSON input: How can I split these values for each line break a new row is generated?

Efficient search?

Is enabling HTTP Event Collector in a cluster possible via master apps files only instead of the web interface?

Is it possible to create a field alias by event type?

Why are log entries that are sent through the http event collector in JSON format not found in Splunk?

Cisco AMP for Endpoints: How to get a clear view (via API) of how many agents are currently installed in the environment(Phone Home Event type)?

Is there a way to reindex the data from 2/1 to today without reindexing the other files?

How can I delete the data, which is coming from SH and the UF via the host field when there shouldn't be any files to monitor?

Heavy Forwarder: How do I get traffic to a specific index on my indexer?

Why is the _time value changing in the summary index?

change extracted event timezone

How to remove all splunk monitoring from splunk on a windows platform?

How many Users have 2 events recorded out of 3 events pulled back in script?

How do I modify syslog host to be FQDN?

How to prepare a forwarder script for a silent installation on Windows?

I can't delete index in Splunk Web.

How can I find hosts from a CSV that are and aren't returning events to Splunk?

Getting all forwarder names via a REST call

How can I extract Hostname Field via IP address in event info from .csv lookup?

Why is my auto index uploading a CSV file twice?

Routing logs with Splunk OTel Collector for Kubernetes

New This Month - Observability Updates Give Extended Visibility and Improve User ...

Intro to Splunk Synthetic Monitoring

Request for Documentation on Integrating Splunk wi...

Splunk DB connect indexing only 10k events per hou...

SendGrid Implementation

Secure Firewall syslog receiving thruput on "Cisco...

get error when retrieve log from cortex xdr