Getting Data In

Community Activity

Why is my inputs.conf monitor stanza with multiple wildcards not picking up anything? Hi Team, I want to read below log files in 3 separate source types like deprovision , preprovision and provision but ... by smdasim Explorer in Getting Data In 04-14-2018 0 6	0	6
How to prevent the indexing of message field in the windows eventlog sourcetype? I've searched everywhere but all solutions seem workaround, can someone can suggest the best way to prevent the index... by davidepala Path Finder in Getting Data In 04-14-2018 0 3	0	3
question on data inputs for multiple csv files i see that i can chose the single csv file type for a csv file and verify the columns are right and then insert into ... by jiaqya Builder in Getting Data In 04-14-2018 0 11	0	11
Index masking issue on splunk enterprise for iis logs Hi, We have authentication session id field from IIS logs needs to be masked on top priority due to high security st... by rchittip Path Finder in Getting Data In 04-14-2018 0 9	0	9
Why does Splunk overwrite the 'messages' field in scheduler.log events? It seems that scheduler.log events are all prepared for parsing 04-09-2018 23:35:04.548 +0000 ERROR SavedSplunker -... by pkeller Contributor in Getting Data In 04-13-2018 0 2	0	2
Is there any way to translate the URL into a connection request using the Splunk JAVA SDK? I've seen that Splunk does not support REST API access when SAML is enabled. I've also seen that there is a way to lo... by dtow1 Path Finder in Getting Data In 04-13-2018 0 0	0	0
How to bulk upload data using inputs.conf? I'm trying to batch upload many files on my windows computer (some >150mb) using an inputs.conf file. I have the inp... by parwindertaank Explorer in Getting Data In 04-13-2018 0 1	0	1
Multivalue field to multiple fields Hi! How to split multivalue field, e.g. JSON array elements (value { "id": 4321, "value": [ 5, 6, 7, 8 ] }... by yurykiselev Path Finder in Getting Data In 04-13-2018 0 6	0	6
What is the best practice to write monitor stanzas for onboard Network logs from multiple hosts on server? We have to onboard logs from more than 1200 network hosts which reside on a single server. What is the best practice... by jarapally Explorer in Getting Data In 04-13-2018 0 6	0	6
Selective indexing and forwarding based on source Use case: I have three indexers A, B and C. Indexer A is monitoring 10 sources. I would like to index 5 of these sour... by Genti Splunk Employee in Getting Data In 04-13-2018 5 4	5	4
I have configured input.conf of splunk universal forwader but logs are receving with a delay of almost one hour.Unable to receive current logs My inputs.conf are mentioned below. Make sure these get forwarded [monitor://C:\Windows\System32\winevt\Logs\Securi... by aqudoos Explorer in Getting Data In 04-13-2018 0 9	0	9
How to limit REST API searches in Splunk deployment? I am looking into the feasibility of opening up REST api calls to our Splunk deployment. One of the concerns is if we... by dtow1 Path Finder in Getting Data In 04-12-2018 1 4	1	4
field extract - extract everything between two values I want to simply take an event and parse EVERYTHING between two strings and make it a field...the built in field extr... by splunkbacon Explorer in Getting Data In 04-12-2018 0 1	0	1
splunk $result.fieldname$ token w/ json data not working Hi all, I have a scheduled search that runs against a json data sourcetype. Currently splunk extracts the fields co... by zhatsispgx Path Finder in Getting Data In 04-12-2018 0 1	0	1
display source which not getting any hits i have different source and want to display source which not getting any hits I have the following query source=ABC... by logloganathan Motivator in Getting Data In 04-12-2018 0 20	0	20
How to test a coldToFrozenScript? I'm writing a script to archive frozen data to S3, and the archiving documentation seems pretty straightforward. Here... by scharlipknewton New Member in Getting Data In 04-12-2018 0 1	0	1
How can I pull in resource data stats from remote machines into a single instance of Spunk Enterprise to view everything from one spot? Hi, I am trying to use one instance of Splunk Enterprise (Web) as a central place to be able to pull in resource usa... by egatchek Engager in Getting Data In 04-12-2018 1 2	1	2
Trouble Uploading Splunk Data I am going through the Splunk Fundamentals 1 coursework and I am hung up on uploading data into the the system. I am ... by djfletcher913 New Member in Getting Data In 04-12-2018 0 1	0	1
download the masking after indexing? There is a requirement , where i am uploading the file and doing masking through the sourcetype using props.conf. i... by satishachary199 New Member in Getting Data In 04-12-2018 0 1	0	1
how to remove headings of a log file? i indexed my log file line by line using regex, i want only valid rows not headings and lines , but in my query resu... by SapthagiriAavik Explorer in Getting Data In 04-12-2018 0 1	0	1
How to convert time format? I have time in Variable End_Time = 23:06 and want to convert this to 2306. How can I do that? I tried Strptime(End_Ti... by ravicheepa Engager in Getting Data In 04-12-2018 0 4	0	4
configuration bundle action cannot push While we are on creating new index in cluster master we encounter his error : Push Unnecessary: No new bundle will b... by jadengoho Builder in Getting Data In 04-12-2018 1 1	1	1
Line breaking issues with source that is not in index I have a strange issue where I get lots of line breaking errors about a particular file, but I can't find the file in... by jihape Path Finder in Getting Data In 04-12-2018 0 3	0	3
How to agregate data from different sourcetypes? hello I use the request below for retrieving some information from the Windows event viewer but in my dashboard, I n... by jip31jip31 Explorer in Getting Data In 04-11-2018 0 8	0	8
Invalid key in stanza I am looking at confs I didn't originally create. btool check found: Invalid key in stanza [tcpout:A] in /opt/splun... by Log_wrangler Builder in Getting Data In 04-11-2018 1 1	1	1