Getting Data In

Community Activity

Deployed app on Universal Forwarder being created with 700 permissions (Linux Deployment Server to Linux UF) Created an app on the deployment server which is used to tell the Universal Forwarder which directories and logs to m... by twhitehead New Member in Getting Data In 04-09-2018 0 0	0	0
Using a transform i cant use SEDCMD Hi I am taking in data and making a new source type, so i need to use a transform for this. The issue is when i use ... by robertlynch2020 Influencer in Getting Data In 04-09-2018 0 6	0	6
Route and Filter Data from syslog (and syslog-ng is NOT an immediate option) I have a typical scenario that could be resolved with a UF on syslog-ng, however that is a future resolution. At the... by Log_wrangler Builder in Getting Data In 04-09-2018 0 7	0	7
What search can I use to identify logs with future timestamps? Hi All, Can any one guide me on how to check whether any log sources that are logging with future time stamps. I am n... by Hemnaath Motivator in Getting Data In 04-09-2018 0 23	0	23
Can REST API be used to execute a Bash script on Splunk server? I have a Bash script on my deployment server to add server into the serverclass.conf. Could I execute the bash script... by jingqin New Member in Getting Data In 04-09-2018 0 4	0	4
Data is missing Hi, Recently I am seeing new issues in Splunk Enterprise. When i do searches in Splunk it's not pulling all data but... by chandana204 Communicator in Getting Data In 04-09-2018 0 7	0	7
Are there alternative ways to monitor forwarders? My splunk environment we have not enable forward management so for me difficult to manage the forwarder host up & dow... by satkan100 Path Finder in Getting Data In 04-09-2018 0 4	0	4
How to rename a specific IP subnets appearing in search to some name i.e city network index=* \| stats count by source_ip,dest_port I got my results against Source_ip,dest_port.Now i want to rename the I... by aqudoos Explorer in Getting Data In 04-09-2018 0 1	0	1
Can I set a different connection_host value for a specific set of remote servers? Hi, I have a inputs.conf with splunktcp-ssl stanza. The connection_host is equals to "dns". But I would like it to b... by ctaf Contributor in Getting Data In 04-09-2018 0 4	0	4
MAX_EVENTS in probs.conf issue. Hello everyone, I have a problem with props.conf. My props.conf: [test_cx1] BREAK_ONLY_BEFORE = \<CxXMLResults\s... by rasty Path Finder in Getting Data In 04-09-2018 0 2	0	2
How Indexers behave when it comes into detention state ? I understand Splunk provides multiple means to control the disk size for indexing, and I want to understand better ar... by tsawa_splunk Splunk Employee in Getting Data In 04-09-2018 0 2	0	2
Ran out of space due to misconfigured index Good Day All, I have a question for you. I recently misconfigured a index and the size went full on the disk drive... by ranjitbrhm1 Communicator in Getting Data In 04-08-2018 0 1	0	1
How to resolve alerts with the wrong time stamp? Alerts with the wrong time stamp. Any suggestions? Please help. Thanks in advance by manideep6669 Engager in Getting Data In 04-07-2018 0 3	0	3
Need help with log having multiple occurrence of same field I have following logs where field4 is coming twice in each log line. Example: 2018-04-06T23:01:36.264+0000 logLevel=... by abishekmaggo New Member in Getting Data In 04-07-2018 0 2	0	2
How do I reload a configuration file that does not require a restart? For example, if I make changes to props.conf that do not require a restart, what is the best method to reload the fil... by sroback_splunk Splunk Employee in Getting Data In 04-06-2018 0 1	0	1
How to filter for a specific pattern with wild card? Hi, In excel you can custom filter the cells using a wild card with a question mark. For example, if I want to filt... by aamer4zangi Path Finder in Getting Data In 04-06-2018 0 12	0	12
Is it possible to configure indexer discovery with CLI ? Is possible to configure indexer discovery with CLI on master and forwarder? Thanks For example: In the master node... by Aftend1971 Explorer in Getting Data In 04-06-2018 0 1	0	1
How to filter out search results where a field value is with the string ? Hi All, We want to filter out the events based on a field value containing only the string characters, not the numer... by Hemnaath Motivator in Getting Data In 04-06-2018 0 3	0	3
Why is splunkd.exe on my indexer having hard page faults instead of using it 512GB of RAM? Yes, it's Windows. Yes, Windows sucks With 512GB of RAM this should never have to use its pagefile. by lycollicott Motivator in Getting Data In 04-06-2018 0 1	0	1
Why am I not able to get data to Splunk Enterprise from another VM? I've installed Splunk Enterprise on one VM and installed Universal Forwarder on another VM and I followed all the set... by druvakumar Path Finder in Getting Data In 04-06-2018 0 11	0	11
How do I constantly check the log if a connection is up or not? I have a host and source. host="xyz" source="abc" They give me results every minute whether the connection is up or... by timmag Explorer in Getting Data In 04-06-2018 0 7	0	7
Why do I have a different result using curl or data input? Hi, I noticed something strange. When I upload the following JSON by the Splunk Web interface, using he json_sales s... by Clovisa Path Finder in Getting Data In 04-06-2018 0 2	0	2
DNS debug log dns.log Format Review I am looking for a solid understanding of the fields in the DNS packet logs. I have included information from what I... by landen99 Motivator in Getting Data In 04-06-2018 1 8	1	8
Why has the Splunk forwarder on Windows 2008R2 created so many sessions that no new sessions can be created? In my environment, there are two components like below. Splunk 6.2.7 on Linux. Splunk 6.2.7 on Windows 2008R2 Yester... by yutaka1005 Builder in Getting Data In 04-06-2018 0 1	0	1
Lookup file updates not working I have a lookup created from a CSV file. i put in entries 1 2 3 4 5 When i do a search, i can find these values. ... by jiaqya Builder in Getting Data In 04-06-2018 0 3	0	3