Getting Data In

Community Activity

Is it possible to manage syslog-ng.conf using a deployment server? I am currently managing 4 syslog servers using syslog-ng. I am trying to figure out the best way to manage the syslo... by cburgman Path Finder in Getting Data In 04-11-2018 1 4	1	4
What is the best logging format for key=value when one value is JSON? Hello -- I am logging incoming HTTP requests to my logs, what would be the best format for Splunk to pick them up in ... by hf2015 New Member in Getting Data In 04-11-2018 0 1	0	1
How to forward data from universal forwarder to Splunk light? I have installed a universal forwarder on linux server and I have Splunk light cloud instance. I am able to find the ... by ajindal New Member in Getting Data In 04-11-2018 0 2	0	2
Feed data to the splunk index using REST API Hello experts! I would like to configure my java application to write data directly to a splunk index, rather than wr... by priyankatiwari Engager in Getting Data In 04-11-2018 0 2	0	2
can we get custom logs from a batch job running in AWS EC2 instance to Splunk Cloud for analysis? Hello, We currently have custom batch jobs running on EC2 instances in AWS and each of these processes creates one ... by hitenv79 New Member in Getting Data In 04-11-2018 0 2	0	2
Help with line-breaking Hi, I have a feed where it appears that multiple events are being sent on the same line, and I need to break them ou... by a212830 Champion in Getting Data In 04-11-2018 0 3	0	3
How to do a one time file upload through conf files? I want to upload a log file from my computer, through conf files. There will be no monitoring just uploading file onl... by deva1995 Explorer in Getting Data In 04-11-2018 0 9	0	9
Multiple fields from json array Hi! How to split JSON array elements (value) { "id": 4321, "value": [ 5, 6, 7, 8 ] } from multivalue fiel... by yurykiselev Path Finder in Getting Data In 04-11-2018 0 1	0	1
Inputlookup and Index rename returning null results I have an index called "adusers". This index pulls in all information about enabled user accounts. For the purposes... by willadams Contributor in Getting Data In 04-11-2018 0 1	0	1
How to ingest data Into summary index? Hi, I wonder whether someone may be able to help me with some advice please. I'm wanting to set up a Summary Index o... by IRHM73 Motivator in Getting Data In 04-10-2018 0 4	0	4
How to convert GMT to EDT? How could I convert this GMT time to EDT? index="wineventlog" host=opdc* Account_Name=*test_user EventCode=4624 \| m... by davidcraven02 Communicator in Getting Data In 04-10-2018 0 4	0	4
How to remove duplicate values from one index in another index? I have an inputlookup that provides me a list of mac addresses, I want to remove those mac addresses from another ind... by JoshuaJohn Contributor in Getting Data In 04-10-2018 0 1	0	1
How to import cef data from data source in splunk enterprise without an agent? I tried many times to import raw data (CEF) from another SIEM (just to test) and configured to send data to a specifi... by sampy93 New Member in Getting Data In 04-10-2018 0 1	0	1
How do i configure an External HEC to listen on https and secure the traffic? We would like to send data securely from a cloud endpoint to Http Event Collector/Forwarder on our perimeter, before ... by familylicense New Member in Getting Data In 04-10-2018 0 0	0	0
How to create a script, using Powershell, to run and pull logs from splunk and export them to a file? Hi, I was wondering if an event was to occur for a piece of hardware such as changing, going down etc. is it possible... by mdeer New Member in Getting Data In 04-10-2018 0 1	0	1
how can get syslog from F5 BIGIP with Universal Forwarder hi all, we our splunk enterprise with this configuration: 1 universal forwarder 2 indexers in cluster 1 search hea... by payamhaddad New Member in Getting Data In 04-10-2018 0 2	0	2
Subtract date from todays date to find status of the project Hello All, I am trying to injest into splunk a CSV which has a field called "Project End Date" and the field is in th... by ranjitbrhm1 Communicator in Getting Data In 04-10-2018 0 2	0	2
input output does not update i have created an input drop down which gets a count of a column from a index. when i change the tokens , i find that... by jiaqya Builder in Getting Data In 04-10-2018 0 1	0	1
Why are there multiple values on the test instance in timestartpos and timeendpos fields? I extracted sample data from our prod instance of Splunk to be used in the test instance. The way I did it was to run... by nemaden New Member in Getting Data In 04-10-2018 0 2	0	2
Timestamp issue Hi, I have configured inputs and props on a heavy forwarder and there is same stanza of sourcetype with no parameter... by nawazns5038 Builder in Getting Data In 04-09-2018 0 3	0	3
Is there a way to blacklist specific event for specific index I know we can easily blacklist specific event using regex in props.conf and transforms.conf . But I have 4 different ... by ss026381 Communicator in Getting Data In 04-09-2018 0 4	0	4
Deployed app on Universal Forwarder being created with 700 permissions (Linux Deployment Server to Linux UF) Created an app on the deployment server which is used to tell the Universal Forwarder which directories and logs to m... by twhitehead New Member in Getting Data In 04-09-2018 0 0	0	0
Using a transform i cant use SEDCMD Hi I am taking in data and making a new source type, so i need to use a transform for this. The issue is when i use ... by robertlynch2020 Influencer in Getting Data In 04-09-2018 0 6	0	6
Route and Filter Data from syslog (and syslog-ng is NOT an immediate option) I have a typical scenario that could be resolved with a UF on syslog-ng, however that is a future resolution. At the... by Log_wrangler Builder in Getting Data In 04-09-2018 0 7	0	7
What search can I use to identify logs with future timestamps? Hi All, Can any one guide me on how to check whether any log sources that are logging with future time stamps. I am n... by Hemnaath Motivator in Getting Data In 04-09-2018 0 23	0	23