Getting Data In

Community Activity

Adding Melbourne and Sydney Australia as available time zones in GUI. I'd previously raised this years ago as a support ticket but it hasn't been added so I thought i'd post it here as it... by Lucas_K Motivator in Getting Data In 04-26-2018 6 13	6	13
sourcetype not getting overridden I have an inputs.conf [monitor:///tmp/a.txt] index=a sourcetype=AA Now,I want to over write the sourcetype in HF ... by abhayneilam Contributor in Getting Data In 04-26-2018 0 6	0	6
Need help on Timestamp extraction while parsing the log data at Indexer I have a log file to be monitored and i need to extract timestamp. Example events: Fri Feb 02 2018 10:22:37 aaaaaaa b... by maniu1609 Path Finder in Getting Data In 04-26-2018 0 3	0	3
Script input Error - No module named splunklib.client I am trying to index data from my python script. Everything set up correctly but I still don't see data coming in. So... by tamduong16 Contributor in Getting Data In 04-26-2018 0 5	0	5
How to correlate data between two different sourcetypes when one is in JSON format? I have one index and two sourcetypes. I want to be able to count the actions from sourcetypeA and correlate the data... by dwong2 New Member in Getting Data In 04-25-2018 0 1	0	1
Looking for examples for splitting syslog data to separate indexes and transforming sourcetype I'm having a trouble splitting syslog data coming in over UDP:514 to their own index and transforming the respective ... by johnward4 Communicator in Getting Data In 04-25-2018 0 4	0	4
How to reduce the hot volume size? Hi, We are using volume partitions for the indexes.conf and the hot volume is getting full around 90% on the disk. ... by nawazns5038 Builder in Getting Data In 04-25-2018 0 4	0	4
Hi I got this issue while forwarding the data? Can someone please explain me? by bellampavan Engager in Getting Data In 04-25-2018 0 1	0	1
Extract timestamp from the logs I've logs where events are not starting with time. Log format is 10.100.28.108 - - 2018-04-25--02-31-14 "PUT /mifs/c... by isha_rastogi Path Finder in Getting Data In 04-25-2018 0 3	0	3
Splunk logging Driver Bringing Down the Entire Docker Swarm Cluster Hello, We implemented collecting Docker logs using splunk logging driver, It pushes the docker logs very well and ... by eygtmbot Engager in Getting Data In 04-24-2018 0 3	0	3
Should props.conf match inputs.conf? Does the props.conf file of an indexer has the same contents as the inputs.conf file of the forwarder from which it i... by amulay26 Path Finder in Getting Data In 04-24-2018 0 3	0	3
Script input troubleshoot Hi, I am trying to index from my python script. I followed the steps in this page to setup my data: http://docs.splun... by tamduong16 Contributor in Getting Data In 04-24-2018 0 9	0	9
Find out the type of logs which are captured when it is using a script \bin\scripts\splunk-wmi.path ? I installed SplunkForwarder and during the installation wizard, I checked all the logs for Windows (Application, Secu... by knam Explorer in Getting Data In 04-24-2018 0 1	0	1
How do I configure a UF on Linux to receive and forward windows events? I need to configure a Linux based UF to receive Windows events and then forwarder those to the indexers. I am guessin... by pfabrizi Path Finder in Getting Data In 04-24-2018 0 4	0	4
How to index data from AWS into Splunk? We want to move files from Amazon s3 to Splunk server (ex: /opt/splunk/logs ) continuously and display those details... by duddukurimd New Member in Getting Data In 04-24-2018 0 1	0	1
After matching 2 different data sources based on srcip, why is the output none? Hi, I try to match two events in one search. one event must match virus and the other android. because the clearpass... by nielsg97 Engager in Getting Data In 04-24-2018 0 0	0	0
Syslog from switch to indexer Hello, we want to send syslog from cisco switches directly to the splunk indexer. So I made a NAT from UDP 514 to 54... by chrisitanmoleck Path Finder in Getting Data In 04-24-2018 0 5	0	5
Splunk internal logs stopped logging; can you please provide information about permission setup for log files? Hello Splunkers: This question is for the splunkers who are running their instances with splunk user. Three logs have... by dbanerjee17 New Member in Getting Data In 04-24-2018 0 2	0	2
I need a config to direct outputs to two different Splunk stacks? All, I have a legacy install of Splunk and a new Splunk ES stack. Transition is going to take a year. So far I just... by daniel333 Builder in Getting Data In 04-23-2018 0 1	0	1
CSV file with last 2 fields XML payloads Need help with the following CSV (everything I am trying, the XML fields are getting parsed incorrectly) so I have a... by odigokid Engager in Getting Data In 04-23-2018 0 6	0	6
How to reindex data which is coming from syslog server to splunk ? Please hlep me how I can reindex data which is coming from syslog server to splunk? Thanks , splunker969 by splunker969 Communicator in Getting Data In 04-23-2018 0 7	0	7
Tip: Sample pfSense Logs Parsed Here Hi, I have parsed some pfSense logs. For anyone making an app, please go ahead and use this info. Cheers and use i... by arizvi801 Explorer in Getting Data In 04-23-2018 0 2	0	2
How to ingest Nginx running in a Docker container logs to Splunk? Nginx container runs in Docker container on an Amazon EC2 instance. We're soon going to setup Docker Enterprise editi... by tomharris New Member in Getting Data In 04-23-2018 0 1	0	1
Custom Filters I'm using the Unversal Forwarder to 'monitor' log files on the clients but I just can't index everything forwarded, t... by didier_again Explorer in Getting Data In 04-23-2018 0 3	0	3
Why am I still seeing debug logs in the Splunk heavy forwarder filtering? I have set the following on transforms.conf and props.conf but I still see DEBUG logs in my search. what did I miss ... by raindrop18 Communicator in Getting Data In 04-23-2018 0 7	0	7