Getting Data In

Community Activity

how to start over from scratch? Hi, I'm learning splunk enterpise (currently in free mode), and I wanted a clean start, so I did a splunk clean all... by ferenc0521 New Member in Getting Data In 02-25-2018 0 1	0	1
How to split a single line event into multiple events at search time? Hi, I have those kind of events indexed: 11/26/15 15:05:11.000 retrievePending=0 mergePending=1823 sendPending=43 r... by romaindelmotte Explorer in Getting Data In 02-24-2018 0 2	0	2
How to increase the replication factor? Hi, I have three indexers and it has 2 replication factor for now. I'm considering to add 1 more indexer and increas... by joonoyang Engager in Getting Data In 02-24-2018 0 2	0	2
Do I need to redirect internal splunk events to index cluster FROM the cluster master? Hello there! I do not have my internal events from my index cluster master in my index cluster. Do I need to configur... by brent_weaver Builder in Getting Data In 02-24-2018 0 3	0	3
Does Splunk now support wildcards for props.conf? I am trying to interpret http://docs.splunk.com/Documentation/Splunk/7.0.2/admin/Attributeprecedencewithinafile In t... by briancronrath Contributor in Getting Data In 02-24-2018 0 1	0	1
Collect outdated packages (apt list --upgradable) through UF Hey guys, you know how you can run $ apt list --upgradable and get a list of all the packages that have a pending up... by worm929 Explorer in Getting Data In 02-24-2018 0 1	0	1
How to set up timestamps in this situation? Below is a sample of the log that is generated at the source. This timestamp is in UTC: 2018-02-24T21:21:43.176112 s... by gauravnj1 Engager in Getting Data In 02-24-2018 0 1	0	1
Indexer not indexing forwarded data I have an forwarder that's set up to monitor a log file at the location: /var/log/mhn/mhn-splunk.log. inputs.conf on... by gauravnj1 Engager in Getting Data In 02-24-2018 0 3	0	3
Why is the Index Filter is not working? I have a filter built from: http://docs.splunk.com/Documentation/Splunk/7.0.2/Forwarding/Routeandfilterdatad and http... by ntripp_element Explorer in Getting Data In 02-24-2018 0 5	0	5
How do I mass-deploy Universal forwarder to many Linux machines? I am trying to deploy the Universal forwarders to a large Linux environment. Installing it manually is time consuming... by kartreddy4 New Member in Getting Data In 02-24-2018 0 2	0	2
Splunk Indexing Acting Up I'm not sure how to describe this problem. But I'm hoping someone can help me. I have a syslog server receiving Rou... by TitanAE New Member in Getting Data In 02-24-2018 0 3	0	3
How can I compare what host am i missing? I have an input lookup called servers.csv (header is called host) that lookup has all the servers that should be repo... by mmcarty New Member in Getting Data In 02-23-2018 0 5	0	5
Can you extract JSON syslog automatically? Trying to get my syslog in json format to extract properly. I've tried using INDEXED_EXTRACTIONS=JSON as well as KV_... by tkwaller Builder in Getting Data In 02-23-2018 0 5	0	5
How to use HTTP Event Collector(HEC) to setup an app to log to Splunk? I am trying to set up an app to log to Splunk but I have a few (basic) questions. First I was just going to write the... by mhelmers New Member in Getting Data In 02-23-2018 0 1	0	1
How can I convert REST API curl command using javascript SDK? curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/script -d name=/Applications/splunk4.3... by abhishekdharga Engager in Getting Data In 02-23-2018 0 3	0	3
How can I monitor Active Directory GPO changes on splunk enterprise? I am running Splunk 7.0.2 and I would like to monitor Active Directory GPO changes on splunk enterprise. What is the ... by alvaroveiga New Member in Getting Data In 02-23-2018 0 5	0	5
question on summary indexing couple of questions i have: 1st question: i have a large amount of data which i run summary index everyday and colle... by jiaqya Builder in Getting Data In 02-23-2018 0 5	0	5
How can we override Splunk's eventtime with timestamp value present in the event data coming from JMS MQ. I am fetching message queue message from JMS app in Splunk Enterprise 6.4.1. All the fields of the event are being e... by jincy_18 Path Finder in Getting Data In 02-23-2018 1 5	1	5
Unable to retrieve the value where key contains ": " Symbol I have splunk log as follows: 2018-02-21T18:29:31.958125+00:00 EQM-SCMS.Test-SCMS-qlab02.tfbhardGoodsSCMS-test fa... by karthi25 Path Finder in Getting Data In 02-23-2018 0 2	0	2
How to monitor the performance of 4 or 5 servers in a dashboard? Hey there! Sup? I need to monitor like 4 or 5 computer performances with splunk in a dashboard. I know splunk has a ... by vtsguerrero Contributor in Getting Data In 02-22-2018 0 2	0	2
How to write a monitor stanza for configuring inputs.conf on forwarder for sub directories? Hello, I have a directory with sub directories and then logs. Can i please know how to write monitor stanza for this... by iamlearner123 Explorer in Getting Data In 02-22-2018 0 1	0	1
How can I add the hosts to the search without it bringing up all the hosts in the index? I need to add the hosts to the search below, such as host = "servername". It currently brings up all the hosts in the... by rgarbac1 New Member in Getting Data In 02-22-2018 0 1	0	1
Where do I find registry for splunk in windows? Actually we are not able to install universal forwarder on 1 azure instances it is getting stuck in between, do we ha... by rahul_acc_splun New Member in Getting Data In 02-22-2018 0 1	0	1
How can I reindex a [WinEventLog://___] file with Splunk_TA_windows? crcSalt does not work with this type of input. If this were not binary data, I would do some text substitution with s... by andrewaalin Explorer in Getting Data In 02-22-2018 0 6	0	6
Does Splunk Universal Forwarders contain an option to enable persistent queues? As per Splunk documentation, "Persistent queues are not available for splunktcp (input from Splunk forwarders)". Does... by ppuru Path Finder in Getting Data In 02-22-2018 0 4	0	4