Getting Data In

Community Activity

How can I get a list of host names that do not ingest for the last 24 hrs? I need to get a list of host names that does not ingest for certain source for the last 24hrs compare with the same s... by ytaointra New Member in Getting Data In 04-21-2018 0 11	0	11
How to parse JSON data with spath and table the data. Hi I am trying to parse this json using spath. I am not able to parse "data" element. { "id":"eab50eea-4b3c-4c... by adibrr16 New Member in Getting Data In 04-21-2018 0 1	0	1
Breaking the Cyberark logs Hi I'm using TA for CyberArk for onboarding the logs, but i see the the logs are in correct format, how can i break... by kiran331 Builder in Getting Data In 04-21-2018 0 2	0	2
Why is this linebreak is not working with JSON data? Any ideas why this linebreak is not working with JSON data? I've even set the sourcetype to _json, but still no luck... by fisuser1 Contributor in Getting Data In 04-20-2018 0 4	0	4
How to enable DR Setup on a Splunk environment with one master node, two search heads, and five indexers? In our splunk environment, we have one master node (Master1) and two search head (search head 2 & search head 3) and ... by satkan100 Path Finder in Getting Data In 04-20-2018 0 0	0	0
Exracting a json field data from a log Hi All, I am trying to extact a JSON field from the log. I can able to get the data by using "spath input" command. ... by soumyacharya91 Path Finder in Getting Data In 04-20-2018 0 7	0	7
How to set up a Query in Splunk to monitor Oracle database activity for users connecting to a database as SYSDBA? Logs have already been forwarded to syslog. I started with this query: index=syslog sourcetype=syslog (host="mask... by jmyrand New Member in Getting Data In 04-19-2018 0 0	0	0
Is there any way to completely disable compression for frozen data or all data? Hi, I am implementing an archive solution for our production platform and I have a question, if anyone could advise. ... by cdstealer Contributor in Getting Data In 04-19-2018 0 2	0	2
Splunk with suricatanot reading eve.json I have checked suricata TA app for reading intrusion but as I see it doesn't read eve.json but it reads only fast.log... by Dennisherner New Member in Getting Data In 04-19-2018 0 1	0	1
Issue with Self-Signed Certs Windows Splunk Univeral Forwarder to Windows Indexer "PEM routines:PEM_read_bio:no start line." Hello I get an error when attempting to utilize a self-signed Splunk cert generated from the splunk openssl through t... by dwchow Engager in Getting Data In 04-19-2018 0 0	0	0
Why is the Splunk_TA_nix hardware sourcetype not automatically extracted? We are collecting sourcetype=hardware via the Splunk_TA_nix app (v5.2.3), but the data returned isn't being extract... by anewell Path Finder in Getting Data In 04-19-2018 0 4	0	4
Help with Line Break for log 04/19/18 12:32:17.398524 - IQ~MSG.ACCTNUM(XXXX).FUNCTION(Inquiry).CALLER(Hos tLoanExists).DATETIME(4/19/2018 12:32:1... by dperry Communicator in Getting Data In 04-19-2018 0 2	0	2
Monitoring a remote server directory from my workstation Hey, I am new to Splunk and I have a newbie question  I have installed Splunk (v.4.1.3) on my workstation choosing... by Ant1D Motivator in Getting Data In 04-19-2018 0 11	0	11
What are some of the best practices of setting up new Splunk servers? Hello, We recently created 5 new Splunk servers with Windows Server 2016 installed, our current deployment is, 2 ind... by cecampbell Engager in Getting Data In 04-19-2018 0 6	0	6
How to check for data that is not present in csv lookup I have DHCP logs and a csv which contains hostnames of devices.. I need to check the DHCP logs for the hostnames tha... by nnimbe1 Path Finder in Getting Data In 04-19-2018 0 3	0	3
How to switch between Splunk Universal Fowarders? Hi, We have a production environment and disaster recovery environment, Splunk universal forwarder is installed on b... by kranthik Explorer in Getting Data In 04-19-2018 0 1	0	1
What is the format for putting information into configuration files where the data needs to be in hex/binary? Suppose that you need to define a rest where one of the fields will have a hex or binary value that you don't want to... by DalJeanis Legend in Getting Data In 04-19-2018 0 1	0	1
Is it possible to add a field that has a relation to a fieldvalue/source value? Is it possible to add an field that has a relation to a fieldvalue/source value? I am trying to make a simple dashboa... by Mike6960 Path Finder in Getting Data In 04-19-2018 0 10	0	10
Change File/Directory Input Index In our distributed environment, we've got our File/Directory data inputs configured on our deployment server, and our... by bteele New Member in Getting Data In 04-18-2018 0 1	0	1
Scripted input printing System.object[] instead of string? I have a batch file that executes PowerShell like so: inputs.conf [script://.\bin\myscript.bat] disabled = 0 interv... by andrew207 Path Finder in Getting Data In 04-18-2018 1 0	1	0
How to collect data from a Windows Server Container? We are migrating an existing Microsoft ASP.net application from running on a full OS to running in a Windows Server C... by hrottenberg_spl Splunk Employee in Getting Data In 04-18-2018 1 2	1	2
What is the proper use of (*) wildcard in a file monitor path? So I am confused about how to write a wildcard path for the following. I have a UF set up to monitor a file location... by Log_wrangler Builder in Getting Data In 04-18-2018 0 2	0	2
How to grab data from a the search result for an API call script? I have a job that is set to run off of every alert. I have a python script executing that is showing Exit Code 0. The... by Athildjax64 New Member in Getting Data In 04-18-2018 0 2	0	2
splunk --filtering and corelation We are having NPS auth logs from our VPN service. Requirement : In NPS logs first when auth request come in it gets ... by ritikaviavi Observer in Getting Data In 04-18-2018 0 1	0	1
Splunk Forwarder Blacklist Looking for help with a blacklist. Im looking to blacklist a certain event Process Name when spawned by an Account Na... by spaz1729 New Member in Getting Data In 04-18-2018 0 5	0	5