Getting Data In

Community Activity

Why is the Powershell Modular Input not scheduling the script to run? Here is my inputs.conf: [powershell://checkdnsext] script = . "$SplunkHome\etc\apps\test_infra_dnsext_inputs\bin\che... by Kendo213 Communicator in Getting Data In 05-03-2018 0 2	0	2
How to limit a data sent to indexers to only with certain windows EventCodes ? Hi , We have recently added a below stanza to monitor the windows power shell events and we have started getting the... by Hemnaath Motivator in Getting Data In 05-03-2018 0 19	0	19
Why is Docker Splunk UF sending logs with 2 different hostnames? Docker-compose splunkuf: image: splunk/universalforwarder:7.0.2 network_mode: host environment: SP... by eddiemashayev Path Finder in Getting Data In 05-03-2018 0 1	0	1
Do we lose data when an indexer crashes? Our standard universal forwarders, at the moment, specify in outputs.conf all the indexers of the cluster we have in ... by ddrillic Ultra Champion in Getting Data In 05-03-2018 0 7	0	7
Configure multiple LINE_BREAKER strings? I have line breaks signified by 2 different strings. This works (keeping BK1 text as part of next event): LINE_BRE... by woodcock Esteemed Legend in Getting Data In 05-02-2018 0 5	0	5
Automatic extraction of JSON fields doesn't work and have to use spath I have a distributed Splunk deployment and need to index JSON data, 1 object per row. Objects are serialized using Ne... by Motoko89 Path Finder in Getting Data In 05-02-2018 0 4	0	4
Is there any way to disable the Splunk Universal Forwarder to generate the dump file, because I want to generate the dump on demand? Hi, I have installed the Splunk universal forwarder to store logs from my IIS WebServer in Splunk. The SplunkUnive... by Itaupinheirocam New Member in Getting Data In 05-02-2018 0 0	0	0
Is it ok to mix volumes and paths in indexes.conf? Hi, we have three clustered indexers and are looking to leverage slow disks for the cold paths. I'm wondering if it... by jeski Engager in Getting Data In 05-02-2018 0 2	0	2
Universal Forwarder Before I start this is a serious case of blind leading the blind. Currently we have a VMware running Windows Server ... by butlerm494 New Member in Getting Data In 05-02-2018 0 14	0	14
Eval and rex to props.comf Just looking some help to construct props file for below search statement. \| rex max_match=10 field=violation_detai... by Splunk_rocks Path Finder in Getting Data In 05-02-2018 0 6	0	6
How to populate second dropdown(source) list based on the first dropdown(host) selection? Here is my sample code that I am using <form> <label>raw data</label> <fieldset submitButton="true" autoRun=... by navd New Member in Getting Data In 05-02-2018 0 4	0	4
Splunk UF Docker edit props.conf file Hey, I want to be able to edit this file /opt/splunk/etc/system/default/props.conf and add this data input: [jo... by eddiemashayev Path Finder in Getting Data In 05-02-2018 0 5	0	5
Why are the individual records merging in single event in CSV monitoring? I am facing a bizarre problem in csv file monitoring. I am monitoring a csv file from a server path. The records are ... by rajim Path Finder in Getting Data In 05-02-2018 0 7	0	7
Update only specific field in csv Hi, I am running a search query which take input from lookup and generate counts for each row. And I want to update ... by AKG1_old1 Builder in Getting Data In 05-02-2018 0 1	0	1
Impossible to use WMI hi in wmi.conf i have the code below but when i done index="windows-wmi" sourcetype="WMI:Reliability" nothing is dis... by jip31 Motivator in Getting Data In 05-02-2018 0 3	0	3
Break event and extract fields from script input Hi All, Am getting custom scripted input from one of our app server, but wanted to know understand how to break thes... by kpavan Path Finder in Getting Data In 05-02-2018 0 1	0	1
How to store the urldecode data indexing using heavy forwarder to indexer? I want to store the urlencoded data on the server, install the heavy forwarder on the server, urldecoding the data (e... by leeyounsoo Path Finder in Getting Data In 05-01-2018 0 2	0	2
Understanding and debugging TCP input, is there is a way to understand/view the raw data routed to Splunk? Hi all I have a tcp stream from logstash to a universal forwarder, the forwarder is already used to forward other inp... by davidepala Path Finder in Getting Data In 05-01-2018 0 3	0	3
scheduler.log is not rolling in Splunk enterprise Hi Team , we are not seeing scheduler.log in splunk . we have tried the below option but no luck default-mode.co... by sivapuvvada Path Finder in Getting Data In 05-01-2018 0 4	0	4
High volume log rotation Given this monitor stanza [monitor://blah/var/log/blah.log] What is the expected behavior during log rotation if th... by jojosplunker Explorer in Getting Data In 05-01-2018 2 9	2	9
Will stanzas inherit index from [default] in inputs.conf? In the inputs.conf, I have the [default] stanza with the index and host like below. [default] index = prod_dc host ... by knam Explorer in Getting Data In 05-01-2018 0 2	0	2
folder monitoring I have a folder with several files on desktop. (xml) files have same names but different numbering for ex: File1, Fil... by ninisimonishvil Path Finder in Getting Data In 05-01-2018 0 3	0	3
Why am I unable to find the source or sourcetype when using a powershell script in Splunk? Hi I want to use a powershell script in Splunk I put the script in BIN folder, I have created an input in data entry... by jip31 Motivator in Getting Data In 05-01-2018 0 9	0	9
why folder monitoring is not working? Hello, I have a folder with several files on desktop. (xml) files have same names but different numbering for ex: F... by ninisimonishvil Path Finder in Getting Data In 05-01-2018 0 3	0	3
Pivot FILTER exclude quotation mark character Hello Team, I do have a pivot: \| pivot xxxxx RootObject count(RootObject) AS "Count of admin_adminsearch_RMD578e130... by teknet9 Path Finder in Getting Data In 04-30-2018 0 0	0	0