Getting Data In

Thread Info

How to config inputs.conf to use host name of server its deployed on?

HostName: XXXXXXXX*p528* File Path: /dsto/sw/prod/webapps/jbossEAP6.1/servers/appname1/log/p520/server.log <-- not...

by Path Finder in

Universal Forwarder - Active Directory - i dont want setup the forwarder each station

Hi i have 32 station connect to Active Directory what the best to spread Universal Forwarder to all station ? ...

by New Member in

I have a log file. I want to ignore lines from that log file before indexing it. can I do this? Please help me on this matter as soon as possible

In the log file I have below mentioned a line : EVENT_SESH;0;04/01/2018 06:30:23:5000;1;;1;0;;;END OF IMPORT PROC...

by Path Finder in

Why is nullQueue : log discard not working?

Hi, I recently experimented with Splunk transformations in order to discard some log entries ( and that worked wel...

by New Member in

Extracting the last words from my Logfile

My logfile has lines like this: MY_TEST;0;12/12/2014 23:30:14:9000;1;MK69KSS97;TRKCHOP;;4480;EXPORT THE TALISMAN;9...

by Explorer in

How to set a string in my current source field value as the source in Splunk?

Hi , Is there any way I can simply have Plprdfinodm01 as my Source in Splunk which indicates JVM name? D:\splun...

by Explorer in

Why is the Symantec time_format not working?

I am trying to set the time format from our Symantec events to the value of 'occurred_on' in my props.conf. here i...

by Path Finder in

Can you specify the order of operations for sourcetype definitions in props.conf to run an eval after a lookup?

From: http://docs.splunk.com/Documentation/Splunk/6.4.1/admin/Propsconf You cannot use a field added through ...

by Communicator in

Does Intermediate Forwarding Load Balance?

I want to configure a Heavy Forwarder to forward to a set of Heavy Forwarders, which are then distributing to a Index...

by Explorer in

Splunk rest post command

Hello, I need to process some REST requests within Splunk, with functions that rest command provides me (for examp...

by Communicator in

I have a Log file where different .TXT files are present. How can I extract a field with the help of regular expression for all .TXT files are present ?

;1;1;;;File not found : D:\WINDOP\COMS\WINDOP\IN\UPDATE.TXT ;3;1;;;File not found : D:\WINDOP\COMS\WINDOP\IN\STORE.TX...

by Path Finder in

How to edit my search to sort by month in chronological order?

I have the following search, and it is currently displaying a graph grouped by day of the month but not in chronologi...

by Explorer in

How to exclude JSON entries from the indexing?

Hello dear splunketeers ! I am seeking some advice. The splunk architecture I currently manage is fairly simple...

by New Member in

There isn't message of "linux transparent hugepage support" in splunkd.log of lately UF.

I think that the messages below isn't appear in splunkd.log in UF lately. INFO ulimit - Linux transparent hugepage...

by Builder in

Trouble parsing JSON coming via REST

Hi! I have a JSON that looks like this (the repeting elements have been removed): { "data":{ ...

by Observer in

ERROR ExecProcessor - message from "script.py" Error: cannot serialize {json}

Hi, I have a Script which download a Json, it look like: def stream_events(self, inputs, ew): ew.log("INFO","Adding d...

by Explorer in

Why do we need sometimes to bounce the forwarders for changes to take effect?

Why do we need sometimes to bounce the forwarders for changes to take effect? Just spent some time following the belo...

by Ultra Champion in

What is the best method of configuring timestamp recognition to support all ISO 8601 formats with Splunk 6.4.1?

One of our teams wishes to use ISO 8601 for their log event timestamps. They have the desire to use any of the format...

by Explorer in

API to delete the indexed logs from indexer. - RESOLVED

We have a database server whose logs are pushed into Splunk. Those logs also contain userdata information like their ...

by Path Finder in

Joining two Sequential Time Events into one Event in Splunk if difference is not more than 5 minutes??

Hi All, I got out put like this From date Todate 03/02/2018 09...

by Path Finder in

How to troubleshoot error "Connection to host=xx.xxx.x.xxx:9997 failed"?

Splunk events are stopping. When we check the logs, we are seeing all of these errors. When we restart Splunk, it wor...

by New Member in

Unable to index to Splunk server from MuleSoft

Greetings everyone!!! We were trying to integrate Splunk with Mulesoft. we already had splunk plugins in Mulesoft....

by Contributor in

Splunk takes the wrong timestamp from the log

I have a log that has multiple timestamps like this inside, but not all lines have such a date entry. NOTE: 24DEC1...

by Path Finder in

Universal forwarder to monitor multiple files / folders?

Hi, Does anybody know if it is possible to get a universal forwarder to monitor multiple files or folders? I know ...

by Communicator in

Data collection from HP devices

What would be best way to collect data from HP Devices eg WLC, Routers(HP MSR50-40) and Switches (eg. 10508,3800,5406...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to config inputs.conf to use host name of server its deployed on?

Universal Forwarder - Active Directory - i dont want setup the forwarder each station

I have a log file. I want to ignore lines from that log file before indexing it. can I do this? Please help me on this matter as soon as possible

Why is nullQueue : log discard not working?

Extracting the last words from my Logfile

How to set a string in my current source field value as the source in Splunk?

Why is the Symantec time_format not working?

Can you specify the order of operations for sourcetype definitions in props.conf to run an eval after a lookup?

Does Intermediate Forwarding Load Balance?

Splunk rest post command

I have a Log file where different .TXT files are present. How can I extract a field with the help of regular expression for all .TXT files are present ?

How to edit my search to sort by month in chronological order?

How to exclude JSON entries from the indexing?

There isn't message of "linux transparent hugepage support" in splunkd.log of lately UF.

Trouble parsing JSON coming via REST

ERROR ExecProcessor - message from "script.py" Error: cannot serialize {json}

Why do we need sometimes to bounce the forwarders for changes to take effect?

What is the best method of configuring timestamp recognition to support all ISO 8601 formats with Splunk 6.4.1?

API to delete the indexed logs from indexer. - RESOLVED

Joining two Sequential Time Events into one Event in Splunk if difference is not more than 5 minutes??

How to troubleshoot error "Connection to host=xx.xxx.x.xxx:9997 failed"?

Unable to index to Splunk server from MuleSoft

Splunk takes the wrong timestamp from the log

Universal forwarder to monitor multiple files / folders?

Data collection from HP devices

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

splunkd.log errors and broken fishbucket on splunk...

Getting Data In

Are you a member of the Splunk Community?

Discussions