Getting Data In

Community Activity

Assigning sourcetype to a source in HeavyForwarder props.conf is not working Shouldn't this work ? Only If I assign the sourcetype in the inputs.conf of the Universal forwarder this works.. But ... by greggz Communicator in Getting Data In 01-04-2018 0 3	0	3
Why is the timestamp showing up in the future on some sourcetypes? Hi Team, Currently we are having issue for certain sourcetype the indexed events are with the future time stamp. The... by Hemnaath Motivator in Getting Data In 01-04-2018 0 10	0	10
JSON transformations Hi. I have a problem with transformations in Splunk: Example event(small part of it): Dec 1 22:29:42 127.0.0.1 1 20... by jackson_storm Explorer in Getting Data In 01-04-2018 0 8	0	8
Rename an index in 4.1.8 We've renamed an environment that was indexing to an identically named index. Currently, the renamed environment is i... by cosmic_cow Engager in Getting Data In 01-03-2018 3 5	3	5
Can we add indexers with smaller storage? We are about to add a couple of indexers but they have fewer TBs for storage. Is it ok? How would it work out? They s... by ddrillic Ultra Champion in Getting Data In 01-03-2018 1 6	1	6
Splunk Upgrade to 7.0 TLS and SSL on Windows Server 2008R2 question I am in the process of planning an upgrade from 6.5.2 to 7.0.1 and am looking at the Windows-specific changes listed ... by mdsnmss SplunkTrust in Getting Data In 01-03-2018 0 0	0	0
How to fix a timestamp issue for Symantec logs? Hi All, Currently we are facing an problem in time stamp for a Symantec log data. Problem: When we search with the b... by Hemnaath Motivator in Getting Data In 01-03-2018 0 10	0	10
What is the best timestamp format to use for my custom log to be indexed by Splunk? What is the best timestamp format to use for my custom log to be indexed by Splunk? Sensible choices are: Round-tri... by ftk Motivator in Getting Data In 01-03-2018 14 7	14	7
How to delete 'DONE' jobs in a Search Head Cluster Hi guys, Is there a way to delete a DONE or running job in a Search Head Cluster? Currently some of my users consta... by season88481 Contributor in Getting Data In 01-02-2018 2 5	2	5
Uninstall universal forwarder error: "Splunk Installer was unable to enable event log monitoring. Splunk exitcode='1'" I am trying to uninstall Universal Forwarder 6.1.3 and it gives me an error "Splunk Installer was unable to enable ev... by maroex77 New Member in Getting Data In 01-02-2018 0 3	0	3
How to index full json data and automatically extract fields without using field extraction Here's the format of the data i have been working on. i've tried using INDEXED_EXTRACTIONS=JSON in props but the even... by splunkt0n New Member in Getting Data In 01-02-2018 0 12	0	12
What's the best method to update/replace indexer cluster members? We will be getting another batch of indexers in shortly, and each will have substantially more drive space than the o... by twinspop Influencer in Getting Data In 01-02-2018 3 6	3	6
How do I exclude service accounts that match the computer name in search results? I have not been successful in building a search query that excludes results of a service account that matches the com... by RedHonda03 Explorer in Getting Data In 01-02-2018 0 4	0	4
How to get complete event information in to the command field ? HI All, For past one week, I am trying to get an answer for my problem, but haven't got a good fix for the issue stil... by Hemnaath Motivator in Getting Data In 01-02-2018 0 8	0	8
Universal forwarder is listening to the wrong port for the splunkd process We are rolling out the UF to our windows servers, no apps yet, just the UF. The deploymentclient.conf only has the d... by pfabrizi Path Finder in Getting Data In 01-02-2018 0 14	0	14
Why am I getting an error telling me the Pass4SymmKey is wrong, preventing me from adding a new peer to an existing indexer cluster? I am in a sandbox playing with indexer cluster server management. My end goal is to play with and set up indexer disc... by brent_weaver Builder in Getting Data In 01-02-2018 0 3	0	3
forward-server listed as inactive Hi guys, i have been working on the creation of a deployment server with universal forwarders, and the output... by miceli New Member in Getting Data In 01-02-2018 0 9	0	9
inputs.conf monitor stanza for a remote Windows server Hello, In the inputs.conf of a deployment app, i need to monitor multiple files on numerous remote servers. What s... by eli9714 New Member in Getting Data In 01-02-2018 0 4	0	4
What is the difference between index and indexer? What is the difference between INDEX and INDEXER in SPLUNK by davidsplunk100 New Member in Getting Data In 01-02-2018 0 2	0	2
Changing Time Format Hi, I have a search that displays the "UserID Expiration Date" field as "12/6/2019 21:01" I would like to convert t... by ajdyer2000 Path Finder in Getting Data In 01-01-2018 0 3	0	3
License Usage by sourcetype in 6.6 I just upgraded from 6.5.6 to 6.6.5, and some searches I was doing in my personal dashboard stopped working. Through... by rkilen Explorer in Getting Data In 01-01-2018 0 2	0	2
Does an indexer write its queues to disk when we shut it down? I wonder whether the contents of the Indexing queue is being written to disk when we shut down the indexer? Also, wha... by ddrillic Ultra Champion in Getting Data In 01-01-2018 0 5	0	5
Splunk monitoring Android Hi, splunkers! I wanna monitoring my phone by Splunk? What can u advice? How can I realize it? by test_qweqwe Builder in Getting Data In 01-01-2018 0 5	0	5
metrics - individual events Hi Splunkers, We are evaluating moving to metrics events for our existing apps. In our apps, we have to display the ... by ykpramodhcbt Path Finder in Getting Data In 12-30-2017 0 1	0	1
Upgraded from MS Exchange 2010 to 2013 and now I no longer get any data from the eventtype=msexchange-admin-audit? All of the other data from all previous eventtypes is coming through just fine, except the msexchnage-admin-audit. We... by avf925 New Member in Getting Data In 12-29-2017 0 10	0	10