Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
Getting Data In
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Community Activity
 |   Hi, We have an auditing setup which logs in Windows event logs (Forwarded Events) as "MSSQLSERVER$AUDIT" source. th... by gregory_cordier Explorer in Getting Data In 04-03-2018 0 2 | 0 | 2 | |
| | We want to monitor Active Directory changes and security Events We are planning to deploy the Universal forwarder to ... by jared_anderson Path Finder in Getting Data In 04-03-2018 0 4 | 0 | 4 | |
 | I would like to configure rsyslog so that it keeps logs generated by the localhost in the /var/log/messages but then ... by MedralaG Communicator in Getting Data In 04-03-2018 0 7 | 0 | 7 | |
| | Hi All, We have set the data retention has 1 year (365 days) for in cluster master. But when we search the data in S... by anandhalagarasa Path Finder in Getting Data In 04-03-2018 1 5 | 1 | 5 | |
| |  Hello everyone, I have a lab in a Ubuntu VM. In this lab, I have the UF and the Splunk E. The forwarder monitors a f... by sebardgz New Member in Getting Data In 04-03-2018 0 6 | 0 | 6 | |
| | Hello, I have a log with a timestamp that does not contain the year. Moreover the events are not in a chronological o... by clorne Communicator in Getting Data In 04-03-2018 0 2 | 0 | 2 | |
| | So we are wondering if by implementing the collection of Sysmon logs, we can stop collecting other logs all together.... by Kinngk789 New Member in Getting Data In 04-02-2018 0 1 | 0 | 1 | |
| | The admin class (lab) says that for json we need the following in the props.conf of the forwarder. INDEXED_EXTRACTIO... by ddrillic Ultra Champion in Getting Data In 04-02-2018 0 2 | 0 | 2 | |
| | alt text I have installed universal forwarder on my windows host and the forwarder does forward the events to the Spl... by josue198_s New Member in Getting Data In 04-02-2018 0 2 | 0 | 2 | |
| | I am new to Splunk and I have it installed on my PC at work. I have Aruba Clear Pass syslog target set to forward to ... by tabbtharrington New Member in Getting Data In 04-02-2018 0 2 | 0 | 2 | |
 | Search a same log file on many different hosts . Use transaction : startwith and endwith to capture one process w... by xinde Path Finder in Getting Data In 04-02-2018 0 2 | 0 | 2 | |
| | Is there a way to change the URL form en-GB to en-US so the dateTime picker shows MM/DD/YY? http://1xx.1xx.1xx.1xx:9... by pachurrito62 Explorer in Getting Data In 04-02-2018 1 2 | 1 | 2 | |
 | I need to set a value based on another value. How would I do this: if severity = 1 severity=high One of my cust... by pfabrizi Path Finder in Getting Data In 04-02-2018 0 2 | 0 | 2 | |
| | Is there a way to simply the props.conf configurations and do the following in one command - FIELDALIAS-alias01 = "a... by ddrillic Ultra Champion in Getting Data In 04-02-2018 0 3 | 0 | 3 | |
| | I have universal forwarder with Splunk_TA_Stream and my app _server_app_audit where in inputs.conf I write _TCP_Routi... by Klimdy Explorer in Getting Data In 04-02-2018 0 2 | 0 | 2 | |
| | Hi.. I have a question From a heavy forwarder , based on the incoming host, I like to send the logs into a separate... by roysoman Engager in Getting Data In 04-02-2018 0 3 | 0 | 3 | |
| | The following sourcetype works fine when we upload a file against this sourcetype, but via the forwarder the csv fiel... by ddrillic Ultra Champion in Getting Data In 04-01-2018 0 12 | 0 | 12 | |
 | the reason for this is because someone made a mix-up on the UF and then some hosts are indexing to the wrong index. I... by ranjitbrhm1 Communicator in Getting Data In 04-01-2018 0 2 | 0 | 2 | |
| | Hi All, I am trying to create a summary index which will gives us the license usage by index and sourcetype, which w... by siva_cg Path Finder in Getting Data In 03-31-2018 0 4 | 0 | 4 | |
| | We have the following in props.conf - FIELDALIAS-alias1 = apiRequest.apiInfo.clientID AS clientID It doesn't seem ... by ddrillic Ultra Champion in Getting Data In 03-31-2018 0 3 | 0 | 3 | |
| | I am trying to write a query in Splunk that will tell me if any user IDs in my CSV file were used to log into any mac... by albert111 New Member in Getting Data In 03-31-2018 0 3 | 0 | 3 | |
| | Not sure if it is possible, but before I try, thought I would ask. I need to ingest json files uploaded to a google ... by Log_wrangler Builder in Getting Data In 03-30-2018 1 1 | 1 | 1 | |
| | When I tried to download the Universal Forwarder Credentials from my trial Splunk Cloud on to my MacBook Pro, I got a... by PaulTszeYuenChu Explorer in Getting Data In 03-30-2018 0 1 | 0 | 1 | |
| | I have a big corporate network with many routers. All routes ha a loopback IP used for syslog. Ex 10.252.1.10/32 Wh... by lakromani Builder in Getting Data In 03-30-2018 0 2 | 0 | 2 | |
| | We are trying to setup the universal forwarder on a Windows AD server. After configuring the index to receive on port... by tinylund Explorer in Getting Data In 03-30-2018 0 4 | 0 | 4 |
Get Started
Explore Essential Splunk Resources
Get Expert Help at Community Office Hours
Join the #getting-data-in Slack channel
Get Expert Help at Community Office Hours
Join the #getting-data-in Slack channel
Top Labels
-
administration
13 -
blacklist
92 -
configuration
33 -
CSV
210 -
data
505 -
deployer
1 -
development
5 -
field extraction
564 -
forwarder management
2 -
heavy forwarder
966 -
host
159 -
HTTP Event Collector
445 -
index
544 -
indexer
717 -
indexer clustering
1 -
inputs.conf
844 -
installation
5 -
intermediate forwarder
146 -
JSON
395 -
Linux
461 -
Mac
30 -
modular input
195 -
monitor
314 -
other
83 -
props.conf
996 -
saved search
2 -
scripted input
249 -
search
1 -
search head
2 -
search head clustering
1 -
source
292 -
sourcetype
497 -
Splunk Enterprise
1 -
Splunk Investigate
1 -
splunk-assist
2 -
syslog
325 -
time
204 -
transforms.conf
585 -
troubleshooting
14 -
universal forwarder
1,577 -
using Enterprise Security
3 -
using Splunk Cloud
4 -
using Splunk Enterprise
16 -
whitelist
60 -
Windows
597 -
XML
91
- « Previous
- Next »
Get Updates on the Splunk Community!
Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security
AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...
Announcing Modern Navigation: A New Era of Splunk User Experience
We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...
Detection Engineering Office Hours: Real-World Troubleshooting & Q&A
[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...
Unanswered Topics
