Getting Data In

Community Activity

Which index does search.log data populates in, in splunk? Hi , Does anyone know which index does search.log data populates in? I find search.log during a job inspect, mostly... by Mohsin123 Path Finder in Getting Data In 02-15-2018 1 3	1	3
How to overwrite the host field value with dvc field value ? Hi All, I have a request from the client to overwrite the host field value with the dvc field value from the interest... by Hemnaath Motivator in Getting Data In 02-15-2018 0 29	0	29
How to map a custom App on a search head to a Remote Index on a indexer which is a separate physical server in a unclustered distributed deployment? Hi, I've created a custom app on my search head and want to map it to an index on my indexer which is a separate phy... by samhodgson Path Finder in Getting Data In 02-15-2018 0 0	0	0
Numpi import through Splunk script I'm trying to parse a log file and written a python script to parse it However when I run it in Splunk search app, on... by hkmurali New Member in Getting Data In 02-15-2018 0 3	0	3
Linux servers: After upgrading from 6.2.0 to 7.2.0, will the 6.2.0 universal forwarders be able to communicate with the new 7.0.2 enterprise components? We are considering upgrading from 6.2.0 to version 7.0.2 All the *nix servers will be upgraded but during the upgrade... by rlaan Path Finder in Getting Data In 02-14-2018 0 4	0	4
How to reduce the size of specific indexes? Greetings, My indexers have run out of space and I have been reducing the maxHotSpanSecs, but it keeps filling up. ... by ccsfdave Builder in Getting Data In 02-14-2018 0 6	0	6
How to create a search from multiple sourcetypes? Hi, Below are the three different source types from which I am trying to get the specific values as highlighted. s... by kteng2024 Path Finder in Getting Data In 02-14-2018 1 1	1	1
Why is there a problem parsing empty CSV file which only contain a header? Hi, I receive log file from my servers. All files are CSVs. CSVs which contain header + data are well parsed. Howe... by danje57 Path Finder in Getting Data In 02-14-2018 0 1	0	1
Why is the text Log Broken into Multiple Events? We have Powershell logs being written to text files along with a Windows path. We have a Splunk app monitoring that ... by bteele New Member in Getting Data In 02-14-2018 0 4	0	4
Why does the .etl file stop receiving any new events on Windows 2012 Server on Splunk and is there another way to deliver DNS logs to Splunk? Hello everyone, We have a universal forwarder installed on the Windows 2012 machine and we use the addons and PowerS... by lightech1 Path Finder in Getting Data In 02-14-2018 0 0	0	0
Why is Splunk not breaking each log line into single events? Hello, After being loaded into Splunk, my event looks like this: EVENT BEGINNING [3c58db35-1eef-43a5-8b57-57081bec2... by aa123s Explorer in Getting Data In 02-14-2018 0 9	0	9
Can a Universal or Heavy forwarder send (output) data to a dns name rather than an IP address? I have a scenario where data from a fwdr needs to go to a dns name (load balancer) instead of IP. Please advise if ... by Log_wrangler Builder in Getting Data In 02-14-2018 0 2	0	2
how to get the list of sources and sourcetypes grouped by index for a specific app? I am using the below query to get the list of all sourcetypes for a specific app \| rest /services/saved/sourcetypes ... by vrmandadi Builder in Getting Data In 02-14-2018 0 1	0	1
How to Blacklist a hostname in inputs.conf? Hi Team, In our environment, We have all apps in our deployment server and from there we used to deploy it so that i... by anandhalagarasa Path Finder in Getting Data In 02-14-2018 0 2	0	2
JSON input: How can I split these values for each line break a new row is generated? Hi there, I have a JSON input in Splunk and Splunk extracts the data. But it is not generating for each application ... by wes7bb New Member in Getting Data In 02-14-2018 0 2	0	2
Efficient search? Hi, I have the following search, which is taking quite a while, and was wondering if there are any obvious improveme... by a212830 Champion in Getting Data In 02-14-2018 0 2	0	2
Is enabling HTTP Event Collector in a cluster possible via master apps files only instead of the web interface? I am trying to set up HEC in a cluster, but the cluster members do not seem to be listening on the port I have design... by wsanderstii Path Finder in Getting Data In 02-13-2018 0 4	0	4
Is it possible to create a field alias by event type? I need to create a field aliase by event type. I saw that it is possible to reference an eventtype from the props.con... by noybin Communicator in Getting Data In 02-13-2018 1 6	1	6
Why are log entries that are sent through the http event collector in JSON format not found in Splunk? We have am Splunk server in which one is configured the http event collector. We also created a new index for that an... by georgecast123 New Member in Getting Data In 02-13-2018 0 4	0	4
Cisco AMP for Endpoints: How to get a clear view (via API) of how many agents are currently installed in the environment(Phone Home Event type)? App: Cisco AMP for Endpoints ver 1.1.0 Splunk: Cloud 6.6.3.2 (ES) I'm attempting to find a way to get the total numb... by nicholas_bergma New Member in Getting Data In 02-13-2018 0 1	0	1
Is there a way to reindex the data from 2/1 to today without reindexing the other files? Hello So I have some data for some reason that did not get index in my monitored filepath. I have a feeling it has so... by tkwaller_2 Communicator in Getting Data In 02-13-2018 0 2	0	2
How can I delete the data, which is coming from SH and the UF via the host field when there shouldn't be any files to monitor? Hello I have to be doing something incorrectly. I have an indexes app that stores our index configs. Small environme... by tkwaller_2 Communicator in Getting Data In 02-13-2018 0 2	0	2
Heavy Forwarder: How do I get traffic to a specific index on my indexer? Hi Folks - testing the product out and trying to figure out this scenario. Windows Server w/ Universal Forwarder -->... by catsmeowor Explorer in Getting Data In 02-13-2018 0 5	0	5
Why is the _time value changing in the summary index? I try to use summary indexing to improve search efficiency, but it's resulting in an error because of the wrong _time... by Wendy1990 New Member in Getting Data In 02-13-2018 0 1	0	1
change extracted event timezone Hi guys i've a scritpt on a linux forwarder to monitor a load balancer, it's log is a txt file in UTC format, i need ... by davidepala Path Finder in Getting Data In 02-13-2018 1 11	1	11

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Getting Data In

Which index does search.log data populates in, in splunk?

How to overwrite the host field value with dvc field value ?

How to map a custom App on a search head to a Remote Index on a indexer which is a separate physical server in a unclustered distributed deployment?

Numpi import through Splunk script

Linux servers: After upgrading from 6.2.0 to 7.2.0, will the 6.2.0 universal forwarders be able to communicate with the new 7.0.2 enterprise components?

How to reduce the size of specific indexes?

How to create a search from multiple sourcetypes?

Why is there a problem parsing empty CSV file which only contain a header?

Why is the text Log Broken into Multiple Events?

Why does the .etl file stop receiving any new events on Windows 2012 Server on Splunk and is there another way to deliver DNS logs to Splunk?

Why is Splunk not breaking each log line into single events?

Can a Universal or Heavy forwarder send (output) data to a dns name rather than an IP address?

how to get the list of sources and sourcetypes grouped by index for a specific app?

How to Blacklist a hostname in inputs.conf?

JSON input: How can I split these values for each line break a new row is generated?

Efficient search?

Is enabling HTTP Event Collector in a cluster possible via master apps files only instead of the web interface?

Is it possible to create a field alias by event type?

Why are log entries that are sent through the http event collector in JSON format not found in Splunk?

Cisco AMP for Endpoints: How to get a clear view (via API) of how many agents are currently installed in the environment(Phone Home Event type)?

Is there a way to reindex the data from 2/1 to today without reindexing the other files?

How can I delete the data, which is coming from SH and the UF via the host field when there shouldn't be any files to monitor?

Heavy Forwarder: How do I get traffic to a specific index on my indexer?

Why is the _time value changing in the summary index?

change extracted event timezone

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

SC4S postfilter not dropping Fortigate east-west t...

Transilience AI threat intel feed integration

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation