Getting Data In

Community Activity

The Common Information Model, Syslog logs, and unsure where to go from here. Hey splunk>answers, As the title suggests I'm not sure what or how I should go about any of this. The long story sho... by tentontitan New Member in Getting Data In 01-30-2018 0 2	0	2
SEDCMD not executing I am trying to clean up some log data at index time using SEDCMD. I have a custom sourcetype (cloudfront_http) tha... by jcbrendsel Path Finder in Getting Data In 01-30-2018 0 8	0	8
How to use Splunk to check a directory to see if it exceeds 200 files to send an alert? Using Windows version of Splunk to check a directory and if it exceeds 200 files, send an alert. Thank you for your ... by Falcon1 New Member in Getting Data In 01-30-2018 0 5	0	5
How do we assign each JSON document to a distinct event? We have a case in which multiple json documents are being clamped together into one Splunk event. How do we untangle ... by ddrillic Ultra Champion in Getting Data In 01-30-2018 0 14	0	14
Monitoring large amounts of SCADA type data and producing reports Hi, I'd like to use Splunk to be able to monitor a large amount of SCADA type data e.g. a sensor which updates each... by streddy Explorer in Getting Data In 01-30-2018 1 4	1	4
Refresh Transform Hi I am trying to define a new transform.conf in SPLUNK 7 so that a lookup can take a wild character. The initial... by robertlynch2020 Influencer in Getting Data In 01-30-2018 0 1	0	1
Why does search via REST API only outputs internal debug data? Hi, we have a Splunk 5 system running. When we try to do a search via the REST API, we get debug output information b... by tpaulsen Contributor in Getting Data In 01-30-2018 0 2	0	2
AggregatorMiningProcessor - Log ERROR Hello all, I am facing the below error and I dont know the reason for that. Does someone know the possible reasons t... by danillopavan Communicator in Getting Data In 01-30-2018 0 4	0	4
File Monitor: Avoid indexing files during the copy process Hello, I have a problem with the file monitor. I guess it's not the right way using it, but I don't know any other m... by BMacher Path Finder in Getting Data In 01-30-2018 0 3	0	3
Why is the event line breaking not working properly for JSON format? I tried a few solutions but none worked for me so far: answer-614348 I have an application that writes in some sort... by fmorar Engager in Getting Data In 01-30-2018 0 2	0	2
HTTP Event Collector 400 Bad Request I am sending a request to Splunk using .NET code which returns a response of (400) Bad Request. The bytes are seen as... by KP2018 New Member in Getting Data In 01-29-2018 0 3	0	3
What happens when indexer encounters an event with timestamp older than configured retention period I had this particular scenario where I was not able to assert Splunk indexer behavior. Retention period for a index i... by immortalraghava Path Finder in Getting Data In 01-29-2018 0 4	0	4
Can we send an HTTP request to a tcp port? We opened a tcp connections and the client is sending an HTTP request. Is it "legal"? We see within Splunk - Al... by ddrillic Ultra Champion in Getting Data In 01-29-2018 0 2	0	2
How do I route pre-processed data to a specified index, based on field value? I have app data routing from one set of Relay Forwarders (DEV) into another set of Relay Forwarders (sandbox) and the... by atari1050 Path Finder in Getting Data In 01-29-2018 0 5	0	5
How to use Splunk to detect custom log pattern when using sleuth for traces? Sample log file output 2018-01-29 17:46:35.341 INFO [hello-service,ca62f5d265c65e37,ca62f5d265c65e37,true] 9404 ---... by volijaadu New Member in Getting Data In 01-29-2018 0 2	0	2
HTTP Event Collector and splunk index cluster Hello, We are running splunk version 6.3.3 with indexer clustering enabled. We have got 3 indexers in the cluster. W... by sim_tcr Communicator in Getting Data In 01-29-2018 0 7	0	7
Why is the interval of 1 second not working in input.conf? I want to run my script at every second, so I set the interval to 1 second in input.conf file. But the script is not ... by kaushal28 New Member in Getting Data In 01-29-2018 0 2	0	2
When installing UF, should THP be invalidated or not? It is related to the following answers, but is it recommended to invalidate THP after all? https://answers.splunk.co... by yutaka1005 Builder in Getting Data In 01-28-2018 0 4	0	4
How to forward data from my Splunk Enterprise instance to downstream third party SIEM appliance or LogLogic LMI? We are looking to send data from our Splunk enterprise to LogLogic LMI or a third party instance. Any idea how to do ... by mtadakam New Member in Getting Data In 01-28-2018 0 4	0	4
Help Using Props and/or Transforms to Mask sensitive field data at index time I have sensitive data that I'm attempting to mask at index time and I can't quite get the props and/or transforms to ... by johnward4 Communicator in Getting Data In 01-27-2018 0 13	0	13
O365 Message trace logs into Splunk Hi Team, We have a request to index the O365 Message trace logs from Splunk . So as recommended in Splunk blog we h... by anandhalagarasa Path Finder in Getting Data In 01-26-2018 0 4	0	4
How to log JSON to Splunk and optimize for spath? I am looking to reformat my log output. Right now it's pretty messy and does not follow Splunks parsing format. What... by thomasreggi New Member in Getting Data In 01-26-2018 0 3	0	3
Time Input - How to Add to Only 1 Panel, Not Every Panel I have a form with multiple panels, each panel using different inputs/tokens. Only one panel requires a time input, t... by mistydennis Communicator in Getting Data In 01-26-2018 0 6	0	6
Why is Splunk not showing full JSON data on search? I have a json file that contains 2000+ lines of data, it looks somewhat like this - [ { "line": 2, "elemen... by sdawsonkg Path Finder in Getting Data In 01-26-2018 1 3	1	3
indexer : local events vs incoming events Hi, when working on the indexer machine: how do I know if a specific configuration (like a input monitor stanza) is ... by fabien_picard New Member in Getting Data In 01-26-2018 0 4	0	4