Getting Data In

Community Activity

How to parse complete command line information into the event field ? Hi All, Today we got an request from a user to include the entire information provided in the command line, when che... by Hemnaath Motivator in Getting Data In 12-21-2017 0 16	0	16
field extraction disappeard, could this happen after a reinstall of the forwarder Hi, one of our admins has reinstalled a fowarder. No we have issues with data that is not coming through anymore but ... by Mike6960 Path Finder in Getting Data In 12-21-2017 0 5	0	5
Monitor log files with spaces in the file name hi, I am having issues with splunk universal forwarder monitoring log files with spaces in the name . The file is a... by nmohammed Builder in Getting Data In 12-21-2017 0 17	0	17
Is there an app that can restart the Splunk universal forwarder service on Windows every 30 minutes? Hi, I need to deploy an app from deplyment server which will restart the Splunkd UF application installed on Windows... by vikram_m Path Finder in Getting Data In 12-21-2017 0 7	0	7
Splunk Forwarding doesn't forward data We have a single data source from which we want to forward clone data to - splunk server 1(prod) and splunk server 2(... by ykpramodhcbt Path Finder in Getting Data In 12-20-2017 0 17	0	17
Routing received data TO an external HEC via HTTPS? Is it possible to route a stream of data from a heavy forwarder or indexer TO an external non-Splunk HTTPS endpoint (... by Beaker77 Explorer in Getting Data In 12-20-2017 0 2	0	2
Best way to load archived applcation log files without exceeding license? Our daily license is 15GB we use about 10GB on average. However I want to load our archived application log files whi... by neilli Engager in Getting Data In 12-20-2017 0 1	0	1
what is the best way to index a lot of data? Hello everybody, I will set up a platform for a future project and integrate Splunk to analyze all the generated log... by amir_thales Path Finder in Getting Data In 12-20-2017 0 12	0	12
2 clusters vs clustered and unclustered vs etc/system/local We are running a large multi-site clustered indexer environment which is maturing causing us to make some changes to ... by richkappler Path Finder in Getting Data In 12-20-2017 0 6	0	6
Cannot change host field in syslog data Hi Splunkers, I collect syslog（/var/log/messages） data by Universal Forwarder, not UDP like this. Sep 3 12:42:1... by sunrise Contributor in Getting Data In 12-20-2017 1 5	1	5
Why are blacklisted 4663 and 4660 events still showing up? I am hoping someone can help me out with a filtering blacklist issue I am having. I am currently filtering out event ... by zward Path Finder in Getting Data In 12-20-2017 0 4	0	4
Is there a config available that would push out the same format as Snare from a Heavy Forwarder? Is there a config available that would push out the same format as Snare from a Heavy Forwarder? i.e. UniversalForwar... by CletisNPT Explorer in Getting Data In 12-20-2017 0 4	0	4
UF compatability for Knoppix and Fedora Could you suggest the compatible UF package for the Operating system Knoppix and Fedora? I have checked on this link... by arunkumarvinoba New Member in Getting Data In 12-20-2017 0 2	0	2
Why splunk is not able to index large csv files, I'm trying to index a 3.5 GB csv file, but splunk is not reading it. Any clues ? by premforsplunk Explorer in Getting Data In 12-20-2017 0 3	0	3
CSV Import: fieds name are missing, but showing up while uploading process. Hi there, i tried to upload a csv-file. During Uploading I could separate the fields with a "comma" and the field n... by wes7bb New Member in Getting Data In 12-20-2017 0 3	0	3
Using Transforms.conf truncates my data at 3925 characters - Why? Ladies and Gents, I'm struggling trying to transform some of my data. props.conf [st1] NO_BINARY_CHECK = true SHOU... by kendrickt Path Finder in Getting Data In 12-19-2017 1 2	1	2
How to extract host field with many other fields in a single transformation step (DEST_KEY versus WRITE_META) I am playing with a custom format for data going into Splunk on Splunk 7.0, and I am trying to extract fields at inde... by rjthibod Champion in Getting Data In 12-19-2017 0 3	0	3
What happens if "DEST_KEY = MetaData:Host"? May I know the answers for the below questions. what happens if DEST_KEY = MetaData:Host? Does the Host metadata r... by ankithreddy777 Contributor in Getting Data In 12-19-2017 1 2	1	2
Apply multiple transforms to a single host How can I have multiple host stanzas in transforms.conf all be applied? I'd like to pull content out of some entries ... by timbCFCA Path Finder in Getting Data In 12-19-2017 0 6	0	6
Decrease bundle size The bundle in the search head has grown upto 776 MB. Its not getting pushed as a result. How to reduce the bundle si... by nawazns5038 Builder in Getting Data In 12-19-2017 0 7	0	7
Filtering data using SHOULD_LINEMERGE Hi all, I have configured the line breaking parameter as (SHOULD_LINEMERGE = true) to read a log file that contains ... by danillopavan Communicator in Getting Data In 12-19-2017 0 6	0	6
Combinate SHOULD_LINEMERGE with Filtering Hi all, I am trying to have a combination of SHOULD_LINEMERGE=true with filtering just to index some lines of the lo... by danillopavan Communicator in Getting Data In 12-19-2017 0 5	0	5
How can I get my TCP data into the metrics index? I am trying to pull incoming tcp data into the Metrics Store using this information: http://docs.splunk.com/Document... by walkerhound Path Finder in Getting Data In 12-19-2017 0 4	0	4
Using SEDCMD in Splunk Cloud Task: Mask PII data at Index Time Current Setup: Universal forwards to forward logs to Splunk Based on documentatio... by catchaj88 Explorer in Getting Data In 12-19-2017 0 4	0	4
When a universal forwarder is unable to connect to an indexer, will the forwarder still be collecting data from the server? Hi Team, We have an log file in one of the server and which is keep generated in the directory for every 10 mins on... by senthamilselvan Engager in Getting Data In 12-19-2017 0 5	0	5