Getting Data In

Community Activity

Why are there multiple host entries for every Splunk forwarder? Hi We are installing splunk universal forwarder in all of our servers. It seems to be working fine, however there ar... by meoo Explorer in Getting Data In 04-22-2018 1 3	1	3
data is not appropriate Hi, I am using the below query which I am running for the last 7 days , but I am getting the data for only 3 days, I... by abhayneilam Contributor in Getting Data In 04-22-2018 0 6	0	6
How can I get a list of host names that do not ingest for the last 24 hrs? I need to get a list of host names that does not ingest for certain source for the last 24hrs compare with the same s... by ytaointra New Member in Getting Data In 04-21-2018 0 11	0	11
How to parse JSON data with spath and table the data. Hi I am trying to parse this json using spath. I am not able to parse "data" element. { "id":"eab50eea-4b3c-4c... by adibrr16 New Member in Getting Data In 04-21-2018 0 1	0	1
Breaking the Cyberark logs Hi I'm using TA for CyberArk for onboarding the logs, but i see the the logs are in correct format, how can i break... by kiran331 Builder in Getting Data In 04-21-2018 0 2	0	2
Why is this linebreak is not working with JSON data? Any ideas why this linebreak is not working with JSON data? I've even set the sourcetype to _json, but still no luck... by fisuser1 Contributor in Getting Data In 04-20-2018 0 4	0	4
How to enable DR Setup on a Splunk environment with one master node, two search heads, and five indexers? In our splunk environment, we have one master node (Master1) and two search head (search head 2 & search head 3) and ... by satkan100 Path Finder in Getting Data In 04-20-2018 0 0	0	0
Exracting a json field data from a log Hi All, I am trying to extact a JSON field from the log. I can able to get the data by using "spath input" command. ... by soumyacharya91 Path Finder in Getting Data In 04-20-2018 0 7	0	7
How to set up a Query in Splunk to monitor Oracle database activity for users connecting to a database as SYSDBA? Logs have already been forwarded to syslog. I started with this query: index=syslog sourcetype=syslog (host="mask... by jmyrand New Member in Getting Data In 04-19-2018 0 0	0	0
Is there any way to completely disable compression for frozen data or all data? Hi, I am implementing an archive solution for our production platform and I have a question, if anyone could advise. ... by cdstealer Contributor in Getting Data In 04-19-2018 0 2	0	2
Splunk with suricatanot reading eve.json I have checked suricata TA app for reading intrusion but as I see it doesn't read eve.json but it reads only fast.log... by Dennisherner New Member in Getting Data In 04-19-2018 0 1	0	1
Issue with Self-Signed Certs Windows Splunk Univeral Forwarder to Windows Indexer "PEM routines:PEM_read_bio:no start line." Hello I get an error when attempting to utilize a self-signed Splunk cert generated from the splunk openssl through t... by dwchow Engager in Getting Data In 04-19-2018 0 0	0	0
Why is the Splunk_TA_nix hardware sourcetype not automatically extracted? We are collecting sourcetype=hardware via the Splunk_TA_nix app (v5.2.3), but the data returned isn't being extract... by anewell Path Finder in Getting Data In 04-19-2018 0 4	0	4
Help with Line Break for log 04/19/18 12:32:17.398524 - IQ~MSG.ACCTNUM(XXXX).FUNCTION(Inquiry).CALLER(Hos tLoanExists).DATETIME(4/19/2018 12:32:1... by dperry Communicator in Getting Data In 04-19-2018 0 2	0	2
Monitoring a remote server directory from my workstation Hey, I am new to Splunk and I have a newbie question  I have installed Splunk (v.4.1.3) on my workstation choosing... by Ant1D Motivator in Getting Data In 04-19-2018 0 11	0	11
What are some of the best practices of setting up new Splunk servers? Hello, We recently created 5 new Splunk servers with Windows Server 2016 installed, our current deployment is, 2 ind... by cecampbell Engager in Getting Data In 04-19-2018 0 6	0	6
How to check for data that is not present in csv lookup I have DHCP logs and a csv which contains hostnames of devices.. I need to check the DHCP logs for the hostnames tha... by nnimbe1 Path Finder in Getting Data In 04-19-2018 0 3	0	3
How to switch between Splunk Universal Fowarders? Hi, We have a production environment and disaster recovery environment, Splunk universal forwarder is installed on b... by kranthik Explorer in Getting Data In 04-19-2018 0 1	0	1
What is the format for putting information into configuration files where the data needs to be in hex/binary? Suppose that you need to define a rest where one of the fields will have a hex or binary value that you don't want to... by DalJeanis Legend in Getting Data In 04-19-2018 0 1	0	1
Is it possible to add a field that has a relation to a fieldvalue/source value? Is it possible to add an field that has a relation to a fieldvalue/source value? I am trying to make a simple dashboa... by Mike6960 Path Finder in Getting Data In 04-19-2018 0 10	0	10
Change File/Directory Input Index In our distributed environment, we've got our File/Directory data inputs configured on our deployment server, and our... by bteele New Member in Getting Data In 04-18-2018 0 1	0	1
Scripted input printing System.object[] instead of string? I have a batch file that executes PowerShell like so: inputs.conf [script://.\bin\myscript.bat] disabled = 0 interv... by andrew207 Path Finder in Getting Data In 04-18-2018 1 0	1	0
How to collect data from a Windows Server Container? We are migrating an existing Microsoft ASP.net application from running on a full OS to running in a Windows Server C... by hrottenberg_spl Splunk Employee in Getting Data In 04-18-2018 1 2	1	2
What is the proper use of (*) wildcard in a file monitor path? So I am confused about how to write a wildcard path for the following. I have a UF set up to monitor a file location... by Log_wrangler Builder in Getting Data In 04-18-2018 0 2	0	2
How to grab data from a the search result for an API call script? I have a job that is set to run off of every alert. I have a python script executing that is showing Exit Code 0. The... by Athildjax64 New Member in Getting Data In 04-18-2018 0 2	0	2