Getting Data In

Community Activity

Help Using Props and/or Transforms to Mask sensitive field data at index time I have sensitive data that I'm attempting to mask at index time and I can't quite get the props and/or transforms to ... by johnward4 Communicator in Getting Data In 01-27-2018 0 13	0	13
O365 Message trace logs into Splunk Hi Team, We have a request to index the O365 Message trace logs from Splunk . So as recommended in Splunk blog we h... by anandhalagarasa Path Finder in Getting Data In 01-26-2018 0 4	0	4
How to log JSON to Splunk and optimize for spath? I am looking to reformat my log output. Right now it's pretty messy and does not follow Splunks parsing format. What... by thomasreggi New Member in Getting Data In 01-26-2018 0 3	0	3
Time Input - How to Add to Only 1 Panel, Not Every Panel I have a form with multiple panels, each panel using different inputs/tokens. Only one panel requires a time input, t... by mistydennis Communicator in Getting Data In 01-26-2018 0 6	0	6
Why is Splunk not showing full JSON data on search? I have a json file that contains 2000+ lines of data, it looks somewhat like this - [ { "line": 2, "elemen... by sdawsonkg Path Finder in Getting Data In 01-26-2018 1 3	1	3
indexer : local events vs incoming events Hi, when working on the indexer machine: how do I know if a specific configuration (like a input monitor stanza) is ... by fabien_picard New Member in Getting Data In 01-26-2018 0 4	0	4
Forwarding data from Splunk to some other exernal SQL server ! Hello Team , we have some requirement to send data to externally hosted SQL server not all but some fields data ca... by SunilMaharishi Path Finder in Getting Data In 01-25-2018 0 1	0	1
How do I get a case insensitive host answer from the metadata command? When I use metadata type=hosts I get data for host names that are all uppercase and data for host names that are all ... by HMTODD Explorer in Getting Data In 01-25-2018 0 2	0	2
What is the best way to blacklist, in GUI compared with inputs.conf? We have a cluster of three indexers, a Cluster Master, a Search Head/License Master, and a Heavy forwarder. What is ... by saeedb101 New Member in Getting Data In 01-25-2018 0 3	0	3
Why is the sourcetype not reporting in Onelogin Application issue? We have one login app installed on our heavy forwarder and our indexers and search head is in Spunk Managed cloud. ... by raomu Explorer in Getting Data In 01-25-2018 0 0	0	0
Why is my props.conf for a specific sourcetype not working as expected? When placing my props and transforms on my production system, I am not getting expected results. It should be taking... by matt144 Explorer in Getting Data In 01-25-2018 0 9	0	9
How to calculate my total indexer storage capacity? Hello community. Thank you for looking at my question, I am a Splunk newbie and probably have the dumbest question e... by jesusgalloEMC Explorer in Getting Data In 01-25-2018 0 1	0	1
Load Balance UDP syslog across an F5 to multiple heavy forwarders The goal is to have all of our syslogging devices point to a VIP on the F5 which will then load balance across multip... by pjaramillo Engager in Getting Data In 01-25-2018 3 2	3	2
What is the best way to fix hostname for windows diskless clients? We have a diskless windows infrastructure that has non-writable images. The splunk agent is installed in the image, a... by conner9 Path Finder in Getting Data In 01-25-2018 0 1	0	1
Why is my tsv data out of order Hello We are parsing data from a TSV source The data file has a header that is very long, about 281 columns. What... by tkwaller_2 Communicator in Getting Data In 01-25-2018 0 1	0	1
REST API endpoint to access to "What to Search" events Hi I was looking for an endpoint to be able to get amount of available Events in "Splunk/App Search & Reporting/What... by xaruman New Member in Getting Data In 01-25-2018 0 1	0	1
Active Directory User Lockout Report Good morning. I hope you can help? I have an existing dashboard which reports on user lock out orientated event cod... by soniquella Path Finder in Getting Data In 01-24-2018 0 1	0	1
Error when configuring LDAP authentication over SSL to Windows 2012R2 Active Directory I tried to enable LDAP over SSL to Windows 2012R2 Active Directory via port 636, got the following error message. 01... by daniel_splunk Splunk Employee in Getting Data In 01-24-2018 0 1	0	1
How to do new User-Setup Windows Event Logs from Universal Forwarder to Different Index? Sorry for this question as I know it is probably simple, but I can't figure it out. I have a single windows server r... by ghostdog920 Path Finder in Getting Data In 01-24-2018 0 1	0	1
Cold to frozen script, simply moving to thawed folder- how to genericize? I want to use the coldToFrozenScript to simply move from cold to my thawed path. Great, my shell script simply contai... by tedder Communicator in Getting Data In 01-24-2018 1 3	1	3
How can SEDCMD be used to extract and modify KV pairs from multiline events? Here is a sample event I am attempting to parse and substitute 'SomeData=.*Transaction Type : ' with 'TxnType=' DT=2... by crisjnelson Explorer in Getting Data In 01-24-2018 0 2	0	2
Map with inputlookup not working I have a dataset 1 like: VID A212 A213 B151 B153 Dataset 2 like: QID Solution 2145 text contains A212 2155 tex... by nsraoch1975 New Member in Getting Data In 01-24-2018 0 1	0	1
Perfmon process elapsed time not showing individual instances Inputs.conf shows: [perfmon://Process] object = Process interval = 120 counters = Elapsed Time instances = w3wp* Pe... by cn_jluke New Member in Getting Data In 01-24-2018 0 0	0	0
Correctly ingest Puma / Rails logs Hello, I have been fighting with this issue for the past few says and still cannot manage to solve it. After reading... by aa123s Explorer in Getting Data In 01-24-2018 1 4	1	4
Is it possible to have a separate log file for errors occurring only within a specific Splunk App? Hi all, I am posting this question because I was not able to find the answer so far. I know that Splunk logs a lot a... by mariasudolska New Member in Getting Data In 01-24-2018 0 2	0	2