Getting Data In

Community Activity

Anonymize -p password I need to anonymize -p passwords that are appearing in syslog. Used props.conf [syslog_log_control] source::/var/... by narenpalepu New Member in Getting Data In 01-31-2018 0 3	0	3
How to configure indexes.conf to keep large volume of data? Hi, We have cluster indexer setup with 5 indexers on separate ESX Servers each with 12TB HDD and 128GB RAM. The clu... by balachandar Engager in Getting Data In 01-31-2018 0 4	0	4
How to improve forwarding performance when importing data from Hadoop? Hi all, we have a big problem with our forwarder. We need to be able to index about 600GB/day and we have 10 indexers... by eylonronen Explorer in Getting Data In 01-31-2018 2 0	2	0
How to handle large amount of log volume and reduce single points of failure running Splunk Enterprise on AWS EC2? We're currently running Splunk Enterprise on AWS EC2 as a single instance deployment. We have ~ 10,000 forwarders pu... by rosenzw New Member in Getting Data In 01-31-2018 0 7	0	7
Is it possible to add comments to lines in a CSV file? Is it possible to add comments to lines in a csv file? I'd like to be able to #comment. For example, csv list of IP ... by mikesangray Path Finder in Getting Data In 01-31-2018 0 6	0	6
How to edit props.conf to exclude headers in CSV files from getting indexed? Hi, I have a CSV file with header that is monitored by Splunk. Rows are correctly read, but the headers are also inc... by SirHill17 Communicator in Getting Data In 01-31-2018 0 9	0	9
What can be done with an indexer in a "hung" state? We reach situations where one out of the ten indexers reaches a "hung" state. All the large queues are filled up for... by ddrillic Ultra Champion in Getting Data In 01-31-2018 0 4	0	4
Can a Heavy Forwarder both be a receiver and a forwarder? We currently use nxlog on our Windows domain controllers to forward logs one destination. With nxlog I can forward... by jwalzerpitt Influencer in Getting Data In 01-31-2018 0 5	0	5
What is the difference between splunk forwarder and syslog diversion to index? Hi , I would like to know the difference between Splunk forwarder and syslog diversion to indexer . I use Linux and... by rageshkg New Member in Getting Data In 01-31-2018 0 1	0	1
Why am I unable to receive logs after a new index is configured in my environment? A new index is configured in our environment and all required settings are being made. But we are still not receiving... by Utkarsh_Singh New Member in Getting Data In 01-31-2018 0 3	0	3
Props/transforms issue with host extraction and Line breaking Transforms.conf [force_host_for_testdata] DEST_KEY = MetaData:Host REGEX = server:([^\]+) FORMAT = host::$1 [force_... by sidhantbhayana Path Finder in Getting Data In 01-30-2018 0 6	0	6
SPECIFIC sourcetypes are not forwarded while everything is forwarded.Splunk Forwarder is showing that log file is emptyline as a WARN message in Splunkd.log as Follow : Splunk Forwarder is showing that log file is emptyline as a WARN message in Splunkd.log as Follow : 01-23-2018 20:5... by akhil36109 New Member in Getting Data In 01-30-2018 0 0	0	0
Configure SYSLog on a Windows Server Hello, my question might be dumb but it is worth to ask, On a Windows Servers, how do i configure to send the authe... by jesusgalloEMC Explorer in Getting Data In 01-30-2018 0 1	0	1
How to pass Auth Key in Threat Intelligence Download URL? I created a 'Threat Intelligence Download' mod input and I am needing to pass Auth Key as I was getting an error as "... by harish_ka Communicator in Getting Data In 01-30-2018 1 1	1	1
What conf files must I update to change the 50000 limit for external scripts? Hello, I currently have an external python script that is called by my search to manipulate data. Everything works ... by andrewtrobec Motivator in Getting Data In 01-30-2018 0 2	0	2
Splunkforwarder not collecting some logging data from host? Running Splunk 6.5.0, host in question is a linux box, seeing that it's collecting _internal logs, other defined "app... by joesrepsol Path Finder in Getting Data In 01-30-2018 0 2	0	2
The Common Information Model, Syslog logs, and unsure where to go from here. Hey splunk>answers, As the title suggests I'm not sure what or how I should go about any of this. The long story sho... by tentontitan New Member in Getting Data In 01-30-2018 0 2	0	2
SEDCMD not executing I am trying to clean up some log data at index time using SEDCMD. I have a custom sourcetype (cloudfront_http) tha... by jcbrendsel Path Finder in Getting Data In 01-30-2018 0 8	0	8
How to use Splunk to check a directory to see if it exceeds 200 files to send an alert? Using Windows version of Splunk to check a directory and if it exceeds 200 files, send an alert. Thank you for your ... by Falcon1 New Member in Getting Data In 01-30-2018 0 5	0	5
How do we assign each JSON document to a distinct event? We have a case in which multiple json documents are being clamped together into one Splunk event. How do we untangle ... by ddrillic Ultra Champion in Getting Data In 01-30-2018 0 14	0	14
Monitoring large amounts of SCADA type data and producing reports Hi, I'd like to use Splunk to be able to monitor a large amount of SCADA type data e.g. a sensor which updates each... by streddy Explorer in Getting Data In 01-30-2018 1 4	1	4
Refresh Transform Hi I am trying to define a new transform.conf in SPLUNK 7 so that a lookup can take a wild character. The initial... by robertlynch2020 Influencer in Getting Data In 01-30-2018 0 1	0	1
Why does search via REST API only outputs internal debug data? Hi, we have a Splunk 5 system running. When we try to do a search via the REST API, we get debug output information b... by tpaulsen Contributor in Getting Data In 01-30-2018 0 2	0	2
AggregatorMiningProcessor - Log ERROR Hello all, I am facing the below error and I dont know the reason for that. Does someone know the possible reasons t... by danillopavan Communicator in Getting Data In 01-30-2018 0 4	0	4
File Monitor: Avoid indexing files during the copy process Hello, I have a problem with the file monitor. I guess it's not the right way using it, but I don't know any other m... by BMacher Path Finder in Getting Data In 01-30-2018 0 3	0	3