Getting Data In

Community Activity

universal forwarder vs. dedicated rsyslog/syslog-ng servers to forward syslog to splunk indexer Conventional wisdom for collecting syslog data from external sources (network equipment, etc) was to put a couple of ... by jeff Contributor in Getting Data In 01-10-2018 5 5	5	5
Why is the forwarder sending data to dev? Our forwarder has the following - $ cat /opt/splunk/splunkforwarder/etc/system/local/deploymentclient.conf [target-b... by ddrillic Ultra Champion in Getting Data In 01-10-2018 0 6	0	6
How to configure inputs.conf to send data from 1 directory to 2 different clusters with different index/sourcetype We have a scenario where we need to forward data from 1 directory to 2 different indexer clusters. While this is achi... by tusharsaran1 Path Finder in Getting Data In 01-10-2018 0 9	0	9
Please provide the time_prefix and time_format for below event type. Hi folks, Could you please anyone provide the TIME_PREFIX and TIME_FORMAT for below events type. 10.30.3.247 - - [0... by lksridhar Explorer in Getting Data In 01-10-2018 0 4	0	4
Explanation of Checksum for seekptr didn't match, will re-read entire file Fellow Splunkers, I've been lurking most of the topics related to the re-indexing of log files and Splunk creating ... by ten_yard_fight Path Finder in Getting Data In 01-09-2018 3 7	3	7
Applying timezone on basis of sourcetype and hostname Hello, I have requirement for applying time-zone on incoming data on basis of source type and host location both. ... by pranitprakash Explorer in Getting Data In 01-09-2018 0 2	0	2
unarchive_cmd with Java on a Windows system Hello, I have a question for the property unarchive_cmd. I want to parse a textfile and recombine info to a new Log b... by SK8 Explorer in Getting Data In 01-09-2018 0 3	0	3
REST API to check persistent queue file size Hi all, As per the title, may I know if there is any REST API to get the persistent queue size in Heavy Forwarder? ... by JohannLiebert92 Path Finder in Getting Data In 01-08-2018 1 0	1	0
How to configure Latin accents? Hi, I have accentes in my logs like ç, ã, õ and I need to configure the sourcetype to understand it right. I have tri... by cappta Engager in Getting Data In 01-08-2018 0 2	0	2
JSON event breaks not working - sometimes I have a log file of properly formatted JSON events, but the event break is not working properly. Sometimes it separa... by Branden Builder in Getting Data In 01-05-2018 0 5	0	5
Sending Perfmon data to metrics index I would like to collect my windows perfmon data into a metrics index. Is this feature planned for the near future? T... by andreasz Path Finder in Getting Data In 01-05-2018 0 7	0	7
Splunk .bat script file not getting triggered I'm having a simple alert (for POC, so checking with _internal data) and on alert action there is 'add to triggered a... by sandyasampath New Member in Getting Data In 01-05-2018 0 0	0	0
Getting duplicate record after uploading json (even dedup not working) Hi, I have uploaded a json file to splunk and using spath command to get output, but the output shows two rows for a ... by sawgata12345 Path Finder in Getting Data In 01-05-2018 0 8	0	8
CSV numbers imported as strings... and tonumber() returning null I'm a Splunk newbie. I'm trying to import a CSV, including both strings and numbers, with source="csv": while string... by CarmineCalo Path Finder in Getting Data In 01-04-2018 0 1	0	1
Add new indexers to existing indexer cluster Hello I am having Splunk Enterprise 6.5.1. Now there is a task to add 2 more indexers to the Indexer cluster(6 Indexe... by vicky05ssr04 Engager in Getting Data In 01-04-2018 1 2	1	2
Changing Index for ActiveDirectory Sourcetype within Splunk_TA_windows Hello All, I'm using the Splunk_TA_windows app from Splunk to understand windows data. I've modified the app to pour... by Jarohnimo Builder in Getting Data In 01-04-2018 0 2	0	2
How to upload log files to Splunk using REST API? Hi , I want to upload log files using Splunk Rest APIs. Can you please share how I can do that by dilippanwar Engager in Getting Data In 01-04-2018 2 13	2	13
Assigning sourcetype to a source in HeavyForwarder props.conf is not working Shouldn't this work ? Only If I assign the sourcetype in the inputs.conf of the Universal forwarder this works.. But ... by greggz Communicator in Getting Data In 01-04-2018 0 3	0	3
Why is the timestamp showing up in the future on some sourcetypes? Hi Team, Currently we are having issue for certain sourcetype the indexed events are with the future time stamp. The... by Hemnaath Motivator in Getting Data In 01-04-2018 0 10	0	10
JSON transformations Hi. I have a problem with transformations in Splunk: Example event(small part of it): Dec 1 22:29:42 127.0.0.1 1 20... by jackson_storm Explorer in Getting Data In 01-04-2018 0 8	0	8
Rename an index in 4.1.8 We've renamed an environment that was indexing to an identically named index. Currently, the renamed environment is i... by cosmic_cow Engager in Getting Data In 01-03-2018 3 5	3	5
Can we add indexers with smaller storage? We are about to add a couple of indexers but they have fewer TBs for storage. Is it ok? How would it work out? They s... by ddrillic Ultra Champion in Getting Data In 01-03-2018 1 6	1	6
Splunk Upgrade to 7.0 TLS and SSL on Windows Server 2008R2 question I am in the process of planning an upgrade from 6.5.2 to 7.0.1 and am looking at the Windows-specific changes listed ... by mdsnmss SplunkTrust in Getting Data In 01-03-2018 0 0	0	0
How to fix a timestamp issue for Symantec logs? Hi All, Currently we are facing an problem in time stamp for a Symantec log data. Problem: When we search with the b... by Hemnaath Motivator in Getting Data In 01-03-2018 0 10	0	10
What is the best timestamp format to use for my custom log to be indexed by Splunk? What is the best timestamp format to use for my custom log to be indexed by Splunk? Sensible choices are: Round-tri... by ftk Motivator in Getting Data In 01-03-2018 14 7	14	7