Getting Data In

Discussions

Thread Info

Why am I getting the error "disabled" when I launch the deployment client page after a possibly successful deployment on Splunk 7.0?

Hi All, I just set up a deployment server, created server class and added a couple of deployment-apps and a forwar...

by Loves-to-Learn in

Why is My Splunk 7.0.2 Install Missing HTTP Event Collector Option?

I would like to setup HEC but do not see the option under Settings -> Data Inputs. What do I have to do to enable HEC...

by Explorer in

Which index does search.log data populates in, in splunk?

Hi , Does anyone know which index does search.log data populates in? I find search.log during a job inspect, mostl...

by Path Finder in

How to overwrite the host field value with dvc field value ?

Hi All, I have a request from the client to overwrite the host field value with the dvc field value from the interest...

by Motivator in

How to map a custom App on a search head to a Remote Index on a indexer which is a separate physical server in a unclustered distributed deployment?

Hi, I've created a custom app on my search head and want to map it to an index on my indexer which is a separate p...

by Path Finder in

Numpi import through Splunk script

I'm trying to parse a log file and written a python script to parse it However when I run it in Splunk search app, on...

by New Member in

Linux servers: After upgrading from 6.2.0 to 7.2.0, will the 6.2.0 universal forwarders be able to communicate with the new 7.0.2 enterprise components?

We are considering upgrading from 6.2.0 to version 7.0.2 All the *nix servers will be upgraded but during the upgrade...

by Path Finder in

How to reduce the size of specific indexes?

Greetings, My indexers have run out of space and I have been reducing the maxHotSpanSecs, but it keeps filling up...

by Builder in

How to create a search from multiple sourcetypes?

Hi, Below are the three different source types from which I am trying to get the specific values as highlighted. ...

by Path Finder in

Why is there a problem parsing empty CSV file which only contain a header?

Hi, I receive log file from my servers. All files are CSVs. CSVs which contain header + data are well parsed...

by Path Finder in

Why is the text Log Broken into Multiple Events?

We have Powershell logs being written to text files along with a Windows path. We have a Splunk app monitoring that l...

by New Member in

Why does the .etl file stop receiving any new events on Windows 2012 Server on Splunk and is there another way to deliver DNS logs to Splunk?

Hello everyone, We have a universal forwarder installed on the Windows 2012 machine and we use the addons and Powe...

by Explorer in

Why is Splunk not breaking each log line into single events?

Hello, After being loaded into Splunk, my event looks like this: EVENT BEGINNING [3c58db35-1eef-43a5-8b57-57081...

by Explorer in

Can a Universal or Heavy forwarder send (output) data to a dns name rather than an IP address?

I have a scenario where data from a fwdr needs to go to a dns name (load balancer) instead of IP. Please advise if...

by Builder in

how to get the list of sources and sourcetypes grouped by index for a specific app?

I am using the below query to get the list of all sourcetypes for a specific app | rest /services/saved/sourcetype...

by Builder in

How to Blacklist a hostname in inputs.conf?

Hi Team, In our environment, We have all apps in our deployment server and from there we used to deploy it so that...

by Path Finder in

JSON input: How can I split these values for each line break a new row is generated?

Hi there, I have a JSON input in Splunk and Splunk extracts the data. But it is not generating for each application ...

by New Member in

Efficient search?

Hi, I have the following search, which is taking quite a while, and was wondering if there are any obvious improve...

by Champion in

Is enabling HTTP Event Collector in a cluster possible via master apps files only instead of the web interface?

I am trying to set up HEC in a cluster, but the cluster members do not seem to be listening on the port I have design...

by Path Finder in

Is it possible to create a field alias by event type?

I need to create a field aliase by event type. I saw that it is possible to reference an eventtype from the props.con...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why am I getting the error "disabled" when I launch the deployment client page after a possibly successful deployment on Splunk 7.0?

Why is My Splunk 7.0.2 Install Missing HTTP Event Collector Option?

Which index does search.log data populates in, in splunk?

How to overwrite the host field value with dvc field value ?

How to map a custom App on a search head to a Remote Index on a indexer which is a separate physical server in a unclustered distributed deployment?

Numpi import through Splunk script

Linux servers: After upgrading from 6.2.0 to 7.2.0, will the 6.2.0 universal forwarders be able to communicate with the new 7.0.2 enterprise components?

How to reduce the size of specific indexes?

How to create a search from multiple sourcetypes?

Why is there a problem parsing empty CSV file which only contain a header?

Why is the text Log Broken into Multiple Events?

Why does the .etl file stop receiving any new events on Windows 2012 Server on Splunk and is there another way to deliver DNS logs to Splunk?

Why is Splunk not breaking each log line into single events?

Can a Universal or Heavy forwarder send (output) data to a dns name rather than an IP address?

how to get the list of sources and sourcetypes grouped by index for a specific app?

How to Blacklist a hostname in inputs.conf?

JSON input: How can I split these values for each line break a new row is generated?

Efficient search?

Is enabling HTTP Event Collector in a cluster possible via master apps files only instead of the web interface?

Is it possible to create a field alias by event type?

Welcome to the Future of Data Search & Exploration

What’s new on Splunk Lantern in August

This Week's Community Digest - Splunk Community Happenings [8.3.22]

How to calculate Percentage and Percent difference...

Ignoring path="x" due to: Bug: tried to check/conf...

eStreamer is sending about 12 logs per minute and ...

Are there any good/recent guides on setting up Son...

Which endpoint can be used to retrieve splunk inst...