Getting Data In

Ask a Question

Discussions

Thread Info

Why splunk is not able to index large csv files,

I'm trying to index a 3.5 GB csv file, but splunk is not reading it. Any clues ?

by Explorer in

CSV Import: fieds name are missing, but showing up while uploading process.

Hi there, i tried to upload a csv-file. During Uploading I could separate the fields with a "comma" and the field...

by New Member in

Using Transforms.conf truncates my data at 3925 characters - Why?

Ladies and Gents, I'm struggling trying to transform some of my data. props.conf [st1] NO_BINARY_CHECK = tru...

by Path Finder in

How to extract host field with many other fields in a single transformation step (DEST_KEY versus WRITE_META)

I am playing with a custom format for data going into Splunk on Splunk 7.0, and I am trying to extract fields at inde...

by Champion in

What happens if "DEST_KEY = MetaData:Host"?

May I know the answers for the below questions. what happens if DEST_KEY = MetaData:Host? Does the Host metadata r...

by Contributor in

Apply multiple transforms to a single host

How can I have multiple host stanzas in transforms.conf all be applied? I'd like to pull content out of some entries ...

by Path Finder in

Decrease bundle size

The bundle in the search head has grown upto 776 MB. Its not getting pushed as a result. How to reduce the bundle si...

by Builder in

Filtering data using SHOULD_LINEMERGE

Hi all, I have configured the line breaking parameter as (SHOULD_LINEMERGE = true) to read a log file that contain...

by Communicator in

Combinate SHOULD_LINEMERGE with Filtering

Hi all, I am trying to have a combination of SHOULD_LINEMERGE=true with filtering just to index some lines of the ...

by Communicator in

How can I get my TCP data into the metrics index?

I am trying to pull incoming tcp data into the Metrics Store using this information: http://docs.splunk.com/Docume...

by Path Finder in

Using SEDCMD in Splunk Cloud

Task: Mask PII data at Index Time Current Setup: Universal forwards to forward logs to Splunk Based on document...

by Explorer in

When a universal forwarder is unable to connect to an indexer, will the forwarder still be collecting data from the server?

Hi Team, We have an log file in one of the server and which is keep generated in the directory for every 10 mins ...

by Engager in

How do you run script WinNetMon on universal forwarder?

I wanna to run WinNetMon on UF and I put to SplunkUniverstalForwarder\etc\system\local\inputs.conf

by Builder in

Anonymize data is not working,

hello, I made my Anonymize data based on this http://docs.splunk.com/Documentation/Splunk/7.0.0/Data/Anonymizedata...

by Engager in

Questions for large install admins: What's your best practice for log length (TRUNCATE) maximums? How much do you force devs to limit their event size?

My current splunk install handles logs for about 80 different development groups. Each one with their own idea of wha...

by Influencer in

LineBreakingProcessor truncates long events and drops the next (related)

Running Splunk Enterprise 6.5.6. I am parsing incoming events of sourcetype weblogic_stdout, and am having some tr...

by Explorer in

How to configure a forwarder to filter and send the specific events I want?

I'm using a set of universal forwarders to send data to a central indexer. I would like to send events from "WinEv...

by Communicator in

extract key value pairs and timestamp field from nested json

Hi, I need to read the below json file in python script and send each json to splunk. [[[ with open('sampledata.js...

by Path Finder in

Configuring Cold To Frozen path if cold is on a C: drive and I want my frozen path to be on a newly created F: drive

I created a new F: drive for my archiving or Frozen path. Currently everything is configured to the default and filli...

by Explorer in

Inputlookup usage

I have an inputlookup table with list of email addresses . I already have a pre existing field called user . How do I...

by Path Finder in

How to use the date in a CSV filename as the timestamp in events when there is no date or time field?

Hi, We are monitoring a csv file which has date included in the filename, with the filename format: abc_xxx_yz-201...

by Contributor in

Event not showing full log entry.. newline issue?

For some reason Splunk is indexing one of my log files a bit oddly. In the following excerpt, the Splunk event is onl...

by New Member in

Why are props and transforms preconfigured to sanitize the hostname for pretrained sourcetypes like 'syslog' and 'linux_syslog_messages'?

Hello, Just a simple question about pretrained sourcetypes like 'syslog' and 'linux_syslog_messages'. Why are thos...

by Explorer in

After installing Splunk SDK for Python, why am I getting "ImportError: No module named spluklib.client" in my python code?

Hi, I just started trying Splunk SDK in Windows. I installed Python and Splunk SDK. However I have an error "Impor...

by Engager in

Heavy forwarder isn't forwarding data from UDP port to indexer

Hello team, I have a HF in place and it is supposed to listen to a UDP port and forward the data to the indexer. Its ...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why splunk is not able to index large csv files,

CSV Import: fieds name are missing, but showing up while uploading process.

Using Transforms.conf truncates my data at 3925 characters - Why?

How to extract host field with many other fields in a single transformation step (DEST_KEY versus WRITE_META)

What happens if "DEST_KEY = MetaData:Host"?

Apply multiple transforms to a single host

Decrease bundle size

Filtering data using SHOULD_LINEMERGE

Combinate SHOULD_LINEMERGE with Filtering

How can I get my TCP data into the metrics index?

Using SEDCMD in Splunk Cloud

When a universal forwarder is unable to connect to an indexer, will the forwarder still be collecting data from the server?

How do you run script WinNetMon on universal forwarder?

Anonymize data is not working,

Questions for large install admins: What's your best practice for log length (TRUNCATE) maximums? How much do you force devs to limit their event size?

LineBreakingProcessor truncates long events and drops the next (related)

How to configure a forwarder to filter and send the specific events I want?

extract key value pairs and timestamp field from nested json

Configuring Cold To Frozen path if cold is on a C: drive and I want my frozen path to be on a newly created F: drive

Inputlookup usage

How to use the date in a CSV filename as the timestamp in events when there is no date or time field?

Event not showing full log entry.. newline issue?

Why are props and transforms preconfigured to sanitize the hostname for pretrained sourcetypes like 'syslog' and 'linux_syslog_messages'?

After installing Splunk SDK for Python, why am I getting "ImportError: No module named spluklib.client" in my python code?

Heavy forwarder isn't forwarding data from UDP port to indexer

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Microsoft-AzureADPasswordProtection-DCAgent

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...