Getting Data In

Community Activity

Help with syslog tranforms/props Hi, I've inherited a splunk environment where the syslog needs a fair amount of clean-up. The incoming syslog messa... by a212830 Champion in Getting Data In 04-27-2018 0 5	0	5
Help with setting index and sourcetype via transforms.conf Hi, I want to override the "unknown" index that some of my syslog messages are coming in as, using props and transfo... by a212830 Champion in Getting Data In 04-27-2018 0 2	0	2
Find source types from UF to HF... Hi all...one of my Heavy Forwarders is relaying much data, we are using it for an intermediate forwarding tier to Spl... by cpraz_ord Explorer in Getting Data In 04-27-2018 0 2	0	2
Monitoring deploymentclient.conf in etc\system Is it possible to monitor the folder in etc/system which consists the deployment client ip thru windows app/add-on. ... by krishnab Path Finder in Getting Data In 04-27-2018 0 1	0	1
Why Monitoring a Directory is not working? Hello, I have a folder with several files on desktop. (xml) files have same names but different numbering for ex: F... by ninisimonishvil Path Finder in Getting Data In 04-26-2018 0 2	0	2
How to integrate Splunk with servicenow without duplicate table records? Hi all, I have integrated splunk with servicenow to get all tables from servicenow. Recently I observed that whenever... by abhishekroy168 Path Finder in Getting Data In 04-26-2018 0 2	0	2
How to create a new rest command that creates new stanzas from setmup.xml? I would like to create a new rest command that creates new stanzas from setmup.xml. I can add/edit entries to an exis... by fk319 Builder in Getting Data In 04-26-2018 0 1	0	1
How do I change timestamp field with a different time format? I am trying to write a search query to change time format here and make it to simple MM-DD-YY , can anyone help me wr... by purvak2525 New Member in Getting Data In 04-26-2018 0 4	0	4
Lookup display_name from an id in nested json I have some JSON events coming in via the HTTP Event collector. One of the elements within it has an 'owner_id', whic... by stephencrim Engager in Getting Data In 04-26-2018 0 1	0	1
Why am I unable to run savedsearches from RESTAPI? All, I created simple savedsearch as followed: \| makeresults \| eval msg="test for Jason" And save it as "ggarci... by GersonGarcia Path Finder in Getting Data In 04-26-2018 0 7	0	7
Splunk_TA_ontap throwing error message - Unable to initialize modular input Hi, We are using Splunk_TA_ontap app. We are now seeing message " Unable to initialize modular input "ta_ontap_col... by brdr Contributor in Getting Data In 04-26-2018 2 4	2	4
Adding Melbourne and Sydney Australia as available time zones in GUI. I'd previously raised this years ago as a support ticket but it hasn't been added so I thought i'd post it here as it... by Lucas_K Motivator in Getting Data In 04-26-2018 6 13	6	13
sourcetype not getting overridden I have an inputs.conf [monitor:///tmp/a.txt] index=a sourcetype=AA Now,I want to over write the sourcetype in HF ... by abhayneilam Contributor in Getting Data In 04-26-2018 0 6	0	6
Need help on Timestamp extraction while parsing the log data at Indexer I have a log file to be monitored and i need to extract timestamp. Example events: Fri Feb 02 2018 10:22:37 aaaaaaa b... by maniu1609 Path Finder in Getting Data In 04-26-2018 0 3	0	3
Script input Error - No module named splunklib.client I am trying to index data from my python script. Everything set up correctly but I still don't see data coming in. So... by tamduong16 Contributor in Getting Data In 04-26-2018 0 5	0	5
How to correlate data between two different sourcetypes when one is in JSON format? I have one index and two sourcetypes. I want to be able to count the actions from sourcetypeA and correlate the data... by dwong2 New Member in Getting Data In 04-25-2018 0 1	0	1
Looking for examples for splitting syslog data to separate indexes and transforming sourcetype I'm having a trouble splitting syslog data coming in over UDP:514 to their own index and transforming the respective ... by johnward4 Communicator in Getting Data In 04-25-2018 0 4	0	4
How to reduce the hot volume size? Hi, We are using volume partitions for the indexes.conf and the hot volume is getting full around 90% on the disk. ... by nawazns5038 Builder in Getting Data In 04-25-2018 0 4	0	4
Hi I got this issue while forwarding the data? Can someone please explain me? by bellampavan Engager in Getting Data In 04-25-2018 0 1	0	1
Extract timestamp from the logs I've logs where events are not starting with time. Log format is 10.100.28.108 - - 2018-04-25--02-31-14 "PUT /mifs/c... by isha_rastogi Path Finder in Getting Data In 04-25-2018 0 3	0	3
Splunk logging Driver Bringing Down the Entire Docker Swarm Cluster Hello, We implemented collecting Docker logs using splunk logging driver, It pushes the docker logs very well and ... by eygtmbot Engager in Getting Data In 04-24-2018 0 3	0	3
Should props.conf match inputs.conf? Does the props.conf file of an indexer has the same contents as the inputs.conf file of the forwarder from which it i... by amulay26 Path Finder in Getting Data In 04-24-2018 0 3	0	3
Script input troubleshoot Hi, I am trying to index from my python script. I followed the steps in this page to setup my data: http://docs.splun... by tamduong16 Contributor in Getting Data In 04-24-2018 0 9	0	9
Find out the type of logs which are captured when it is using a script \bin\scripts\splunk-wmi.path ? I installed SplunkForwarder and during the installation wizard, I checked all the logs for Windows (Application, Secu... by knam Explorer in Getting Data In 04-24-2018 0 1	0	1
How do I configure a UF on Linux to receive and forward windows events? I need to configure a Linux based UF to receive Windows events and then forwarder those to the indexers. I am guessin... by pfabrizi Path Finder in Getting Data In 04-24-2018 0 4	0	4