Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
darksky21

monitoring all auth.log file

Hi i would like to monitor all auth.log file in my ubuntu system but there are many auth.log file (e.g. auth.log, aut...
by darksky21 Path Finder in Getting Data In 02-16-2018
0 4
0
4
daniel333

Anyone have a walk through or guide to rolling frozen buckets to Google Storage?

Al\ll, I've never had to roll to frozen before and we've moved to Google Cloud. Looking for a walk through on setti...
by daniel333 Builder in Getting Data In 02-15-2018
0 2
0
2
mhouse3

Why impliment load balancing on my forwarder if all my FW data is being forwarded to all of the indexers

If I have my outputs.conf file on all of my forwarders are configured to send all the data to all of the indexers wha...
by mhouse3 Path Finder in Getting Data In 02-15-2018
0 4
0
4
jennjoe1

MS IIS 2008 app, fields not being parsed with ms:iis:auto

I can write a custom field extractor that works on the search-head but having problems with the auto portion. Since ...
by jennjoe1 Explorer in Getting Data In 02-15-2018
0 3
0
3
ralam

Why am I getting the error "disabled" when I launch the deployment client page after a possibly successful deployment on Splunk 7.0?

Hi All, I just set up a deployment server, created server class and added a couple of deployment-apps and a forwarde...
by ralam Explorer in Getting Data In 02-15-2018
0 6
0
6
trumpjk

Why is My Splunk 7.0.2 Install Missing HTTP Event Collector Option?

I would like to setup HEC but do not see the option under Settings -> Data Inputs. What do I have to do to enable HEC...
by trumpjk Explorer in Getting Data In 02-15-2018
0 2
0
2
Mohsin123

Which index does search.log data populates in, in splunk?

Hi , Does anyone know which index does search.log data populates in? I find search.log during a job inspect, mostly...
by Mohsin123 Path Finder in Getting Data In 02-15-2018
1 3
1
3
Hemnaath

How to overwrite the host field value with dvc field value ?

Hi All, I have a request from the client to overwrite the host field value with the dvc field value from the interest...
by Hemnaath Motivator in Getting Data In 02-15-2018
0 29
0
29
samhodgson

How to map a custom App on a search head to a Remote Index on a indexer which is a separate physical server in a unclustered distributed deployment?

Hi, I've created a custom app on my search head and want to map it to an index on my indexer which is a separate phy...
by samhodgson Path Finder in Getting Data In 02-15-2018
0 0
0
0
hkmurali

Numpi import through Splunk script

I'm trying to parse a log file and written a python script to parse it However when I run it in Splunk search app, on...
by hkmurali New Member in Getting Data In 02-15-2018
0 3
0
3
rlaan

Linux servers: After upgrading from 6.2.0 to 7.2.0, will the 6.2.0 universal forwarders be able to communicate with the new 7.0.2 enterprise components?

We are considering upgrading from 6.2.0 to version 7.0.2 All the *nix servers will be upgraded but during the upgrade...
by rlaan Path Finder in Getting Data In 02-14-2018
0 4
0
4
ccsfdave

How to reduce the size of specific indexes?

Greetings, My indexers have run out of space and I have been reducing the maxHotSpanSecs, but it keeps filling up. ...
by ccsfdave Builder in Getting Data In 02-14-2018
0 6
0
6
kteng2024

How to create a search from multiple sourcetypes?

Hi, Below are the three different source types from which I am trying to get the specific values as highlighted. s...
by kteng2024 Path Finder in Getting Data In 02-14-2018
1 1
1
1
danje57

Why is there a problem parsing empty CSV file which only contain a header?

Hi, I receive log file from my servers. All files are CSVs. CSVs which contain header + data are well parsed. Howe...
by danje57 Path Finder in Getting Data In 02-14-2018
0 1
0
1
bteele

Why is the text Log Broken into Multiple Events?

We have Powershell logs being written to text files along with a Windows path. We have a Splunk app monitoring that ...
by bteele New Member in Getting Data In 02-14-2018
0 4
0
4
lightech1

Why does the .etl file stop receiving any new events on Windows 2012 Server on Splunk and is there another way to deliver DNS logs to Splunk?

Hello everyone, We have a universal forwarder installed on the Windows 2012 machine and we use the addons and PowerS...
by lightech1 Path Finder in Getting Data In 02-14-2018
0 0
0
0
aa123s

Why is Splunk not breaking each log line into single events?

Hello, After being loaded into Splunk, my event looks like this: EVENT BEGINNING [3c58db35-1eef-43a5-8b57-57081bec2...
by aa123s Explorer in Getting Data In 02-14-2018
0 9
0
9
Log_wrangler

Can a Universal or Heavy forwarder send (output) data to a dns name rather than an IP address?

I have a scenario where data from a fwdr needs to go to a dns name (load balancer) instead of IP. Please advise if ...
by Log_wrangler Builder in Getting Data In 02-14-2018
0 2
0
2
vrmandadi

how to get the list of sources and sourcetypes grouped by index for a specific app?

I am using the below query to get the list of all sourcetypes for a specific app | rest /services/saved/sourcetypes ...
by vrmandadi Builder in Getting Data In 02-14-2018
0 1
0
1
anandhalagarasa

How to Blacklist a hostname in inputs.conf?

Hi Team, In our environment, We have all apps in our deployment server and from there we used to deploy it so that i...
by anandhalagarasa Path Finder in Getting Data In 02-14-2018
0 2
0
2
wes7bb

JSON input: How can I split these values for each line break a new row is generated?

Hi there, I have a JSON input in Splunk and Splunk extracts the data. But it is not generating for each application ...
by wes7bb New Member in Getting Data In 02-14-2018
0 2
0
2
a212830

Efficient search?

Hi, I have the following search, which is taking quite a while, and was wondering if there are any obvious improveme...
by a212830 Champion in Getting Data In 02-14-2018
0 2
0
2
wsanderstii

Is enabling HTTP Event Collector in a cluster possible via master apps files only instead of the web interface?

I am trying to set up HEC in a cluster, but the cluster members do not seem to be listening on the port I have design...
by wsanderstii Path Finder in Getting Data In 02-13-2018
0 4
0
4
noybin

Is it possible to create a field alias by event type?

I need to create a field aliase by event type. I saw that it is possible to reference an eventtype from the props.con...
by noybin Communicator in Getting Data In 02-13-2018
1 6
1
6
georgecast123

Why are log entries that are sent through the http event collector in JSON format not found in Splunk?

We have am Splunk server in which one is configured the http event collector. We also created a new index for that an...
by georgecast123 New Member in Getting Data In 02-13-2018
0 4
0
4
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Developer Spotlight with Mika Borner

From Hackathon Winner to Enterprise Leader    Mika Borner, CEO and Founder of Datapunctum AG, has been ...
Top Solution Authors
View All