Getting Data In

Community Activity

Routing received data TO an external HEC via HTTPS? Is it possible to route a stream of data from a heavy forwarder or indexer TO an external non-Splunk HTTPS endpoint (... by Beaker77 Explorer in Getting Data In 12-20-2017 0 2	0	2
Best way to load archived applcation log files without exceeding license? Our daily license is 15GB we use about 10GB on average. However I want to load our archived application log files whi... by neilli Engager in Getting Data In 12-20-2017 0 1	0	1
what is the best way to index a lot of data? Hello everybody, I will set up a platform for a future project and integrate Splunk to analyze all the generated log... by amir_thales Path Finder in Getting Data In 12-20-2017 0 12	0	12
2 clusters vs clustered and unclustered vs etc/system/local We are running a large multi-site clustered indexer environment which is maturing causing us to make some changes to ... by richkappler Path Finder in Getting Data In 12-20-2017 0 6	0	6
Cannot change host field in syslog data Hi Splunkers, I collect syslog（/var/log/messages） data by Universal Forwarder, not UDP like this. Sep 3 12:42:1... by sunrise Contributor in Getting Data In 12-20-2017 1 5	1	5
Why are blacklisted 4663 and 4660 events still showing up? I am hoping someone can help me out with a filtering blacklist issue I am having. I am currently filtering out event ... by zward Path Finder in Getting Data In 12-20-2017 0 4	0	4
Is there a config available that would push out the same format as Snare from a Heavy Forwarder? Is there a config available that would push out the same format as Snare from a Heavy Forwarder? i.e. UniversalForwar... by CletisNPT Explorer in Getting Data In 12-20-2017 0 4	0	4
UF compatability for Knoppix and Fedora Could you suggest the compatible UF package for the Operating system Knoppix and Fedora? I have checked on this link... by arunkumarvinoba New Member in Getting Data In 12-20-2017 0 2	0	2
Why splunk is not able to index large csv files, I'm trying to index a 3.5 GB csv file, but splunk is not reading it. Any clues ? by premforsplunk Explorer in Getting Data In 12-20-2017 0 3	0	3
CSV Import: fieds name are missing, but showing up while uploading process. Hi there, i tried to upload a csv-file. During Uploading I could separate the fields with a "comma" and the field n... by wes7bb New Member in Getting Data In 12-20-2017 0 3	0	3
Using Transforms.conf truncates my data at 3925 characters - Why? Ladies and Gents, I'm struggling trying to transform some of my data. props.conf [st1] NO_BINARY_CHECK = true SHOU... by kendrickt Path Finder in Getting Data In 12-19-2017 1 2	1	2
How to extract host field with many other fields in a single transformation step (DEST_KEY versus WRITE_META) I am playing with a custom format for data going into Splunk on Splunk 7.0, and I am trying to extract fields at inde... by rjthibod Champion in Getting Data In 12-19-2017 0 3	0	3
What happens if "DEST_KEY = MetaData:Host"? May I know the answers for the below questions. what happens if DEST_KEY = MetaData:Host? Does the Host metadata r... by ankithreddy777 Contributor in Getting Data In 12-19-2017 1 2	1	2
Apply multiple transforms to a single host How can I have multiple host stanzas in transforms.conf all be applied? I'd like to pull content out of some entries ... by timbCFCA Path Finder in Getting Data In 12-19-2017 0 6	0	6
Decrease bundle size The bundle in the search head has grown upto 776 MB. Its not getting pushed as a result. How to reduce the bundle si... by nawazns5038 Builder in Getting Data In 12-19-2017 0 7	0	7
Filtering data using SHOULD_LINEMERGE Hi all, I have configured the line breaking parameter as (SHOULD_LINEMERGE = true) to read a log file that contains ... by danillopavan Communicator in Getting Data In 12-19-2017 0 6	0	6
Combinate SHOULD_LINEMERGE with Filtering Hi all, I am trying to have a combination of SHOULD_LINEMERGE=true with filtering just to index some lines of the lo... by danillopavan Communicator in Getting Data In 12-19-2017 0 5	0	5
How can I get my TCP data into the metrics index? I am trying to pull incoming tcp data into the Metrics Store using this information: http://docs.splunk.com/Document... by walkerhound Path Finder in Getting Data In 12-19-2017 0 4	0	4
Using SEDCMD in Splunk Cloud Task: Mask PII data at Index Time Current Setup: Universal forwards to forward logs to Splunk Based on documentatio... by catchaj88 Explorer in Getting Data In 12-19-2017 0 4	0	4
When a universal forwarder is unable to connect to an indexer, will the forwarder still be collecting data from the server? Hi Team, We have an log file in one of the server and which is keep generated in the directory for every 10 mins on... by senthamilselvan Engager in Getting Data In 12-19-2017 0 5	0	5
How do you run script WinNetMon on universal forwarder? I wanna to run WinNetMon on UF and I put to SplunkUniverstalForwarder\etc\system\local\inputs.conf by test_qweqwe Builder in Getting Data In 12-19-2017 0 1	0	1
Anonymize data is not working, hello, I made my Anonymize data based on this http://docs.splunk.com/Documentation/Splunk/7.0.0/Data/Anonymizedata a... by ahmadjabr Engager in Getting Data In 12-19-2017 0 9	0	9
Questions for large install admins: What's your best practice for log length (TRUNCATE) maximums? How much do you force devs to limit their event size? My current splunk install handles logs for about 80 different development groups. Each one with their own idea of wha... by twinspop Influencer in Getting Data In 12-18-2017 0 3	0	3
LineBreakingProcessor truncates long events and drops the next (related) Running Splunk Enterprise 6.5.6. I am parsing incoming events of sourcetype weblogic_stdout, and am having some trou... by rkilen Explorer in Getting Data In 12-18-2017 0 5	0	5
How to configure a forwarder to filter and send the specific events I want? I'm using a set of universal forwarders to send data to a central indexer. I would like to send events from "WinEven... by fernandoandre Communicator in Getting Data In 12-18-2017 0 14	0	14