Getting Data In

Community Activity

download the masking after indexing? There is a requirement , where i am uploading the file and doing masking through the sourcetype using props.conf. i... by satishachary199 New Member in Getting Data In 04-12-2018 0 1	0	1
how to remove headings of a log file? i indexed my log file line by line using regex, i want only valid rows not headings and lines , but in my query resu... by SapthagiriAavik Explorer in Getting Data In 04-12-2018 0 1	0	1
How to convert time format? I have time in Variable End_Time = 23:06 and want to convert this to 2306. How can I do that? I tried Strptime(End_Ti... by ravicheepa Engager in Getting Data In 04-12-2018 0 4	0	4
configuration bundle action cannot push While we are on creating new index in cluster master we encounter his error : Push Unnecessary: No new bundle will b... by jadengoho Builder in Getting Data In 04-12-2018 1 1	1	1
Line breaking issues with source that is not in index I have a strange issue where I get lots of line breaking errors about a particular file, but I can't find the file in... by jihape Path Finder in Getting Data In 04-12-2018 0 3	0	3
How to agregate data from different sourcetypes? hello I use the request below for retrieving some information from the Windows event viewer but in my dashboard, I n... by jip31jip31 Explorer in Getting Data In 04-11-2018 0 8	0	8
Invalid key in stanza I am looking at confs I didn't originally create. btool check found: Invalid key in stanza [tcpout:A] in /opt/splun... by Log_wrangler Builder in Getting Data In 04-11-2018 1 1	1	1
Filtering event data Hi, I'm probably asking something that has been asked a thousand times. I searched the forums but I'm not really sur... by markb81 New Member in Getting Data In 04-11-2018 0 7	0	7
How to add data from universal forwarder into splunk. I have attached screenshots of my search screen and universal forwarder monitoring screen. I can find them in the for... by ajindal New Member in Getting Data In 04-11-2018 0 6	0	6
How to segment syslog events by indexer? Hi everyone, I am trying to configure one way to segment syslog events by user. Example: Apr 11 13:30:38 10.0.11.1... by vitorpedralli Engager in Getting Data In 04-11-2018 0 1	0	1
Is it possible to manage syslog-ng.conf using a deployment server? I am currently managing 4 syslog servers using syslog-ng. I am trying to figure out the best way to manage the syslo... by cburgman Path Finder in Getting Data In 04-11-2018 1 4	1	4
What is the best logging format for key=value when one value is JSON? Hello -- I am logging incoming HTTP requests to my logs, what would be the best format for Splunk to pick them up in ... by hf2015 New Member in Getting Data In 04-11-2018 0 1	0	1
How to forward data from universal forwarder to Splunk light? I have installed a universal forwarder on linux server and I have Splunk light cloud instance. I am able to find the ... by ajindal New Member in Getting Data In 04-11-2018 0 2	0	2
Feed data to the splunk index using REST API Hello experts! I would like to configure my java application to write data directly to a splunk index, rather than wr... by priyankatiwari Engager in Getting Data In 04-11-2018 0 2	0	2
can we get custom logs from a batch job running in AWS EC2 instance to Splunk Cloud for analysis? Hello, We currently have custom batch jobs running on EC2 instances in AWS and each of these processes creates one ... by hitenv79 New Member in Getting Data In 04-11-2018 0 2	0	2
Help with line-breaking Hi, I have a feed where it appears that multiple events are being sent on the same line, and I need to break them ou... by a212830 Champion in Getting Data In 04-11-2018 0 3	0	3
How to do a one time file upload through conf files? I want to upload a log file from my computer, through conf files. There will be no monitoring just uploading file onl... by deva1995 Explorer in Getting Data In 04-11-2018 0 9	0	9
Multiple fields from json array Hi! How to split JSON array elements (value) { "id": 4321, "value": [ 5, 6, 7, 8 ] } from multivalue fiel... by yurykiselev Path Finder in Getting Data In 04-11-2018 0 1	0	1
Inputlookup and Index rename returning null results I have an index called "adusers". This index pulls in all information about enabled user accounts. For the purposes... by willadams Contributor in Getting Data In 04-11-2018 0 1	0	1
How to ingest data Into summary index? Hi, I wonder whether someone may be able to help me with some advice please. I'm wanting to set up a Summary Index o... by IRHM73 Motivator in Getting Data In 04-10-2018 0 4	0	4
How to convert GMT to EDT? How could I convert this GMT time to EDT? index="wineventlog" host=opdc* Account_Name=*test_user EventCode=4624 \| m... by davidcraven02 Communicator in Getting Data In 04-10-2018 0 4	0	4
How to remove duplicate values from one index in another index? I have an inputlookup that provides me a list of mac addresses, I want to remove those mac addresses from another ind... by JoshuaJohn Contributor in Getting Data In 04-10-2018 0 1	0	1
How to import cef data from data source in splunk enterprise without an agent? I tried many times to import raw data (CEF) from another SIEM (just to test) and configured to send data to a specifi... by sampy93 New Member in Getting Data In 04-10-2018 0 1	0	1
How do i configure an External HEC to listen on https and secure the traffic? We would like to send data securely from a cloud endpoint to Http Event Collector/Forwarder on our perimeter, before ... by familylicense New Member in Getting Data In 04-10-2018 0 0	0	0
How to create a script, using Powershell, to run and pull logs from splunk and export them to a file? Hi, I was wondering if an event was to occur for a piece of hardware such as changing, going down etc. is it possible... by mdeer New Member in Getting Data In 04-10-2018 0 1	0	1