Getting Data In

Ask a Question

Discussions

Thread Info

Shell script or python to to delete older than 6 months frozen data ?

Hello guys, Would you have an example of shell script or python to to delete older than 6 months frozen data? O...

by Motivator in

Why doesn't the LastLogon timestamp match betweeen the active directory (AD) and SA-LdapSearch information?

Good Morning, I have been using SA-LdapSearch for a project. I have had the same issue with the time for I see res...

by Communicator in

How to trouble shoot this ERROR TcpOutputFd - Connection to host=10.X.X.X failed ?

Hi All, Currently we have been informed that two of the Windows domain server is not reporting as expected, so when c...

by Motivator in

DATA filtering using Heavy forwarders

i was tyring to filter a set of data to indexer by filtering out few data and below are the sample logs and configura...

by Contributor in

Help in Configuring Indexes.conf

Hello Guys, I am trying to configure the indexes.conf, Here is the scenario, I need to have hot bucket for 6 month...

by New Member in

Whitelist Services? How

How do you whitelist services you wish to monitor and not forward redundant ones to the Splunk Server.... I've don...

by Path Finder in

Is Splunk planning to offer guidance on naming conventions in the Metrics Index in relation to CIM?

Splunk 7.0 introduced the Metrics Index feature and a whole new naming scheme. Is Splunk planning to use or offer ...

by Champion in

Why does the author appear as "nobody" from this search?

hi all~ | rest /services/apps/local author is nobody How do I find the real author?

by Engager in

What will be the final 6.x.x release prior to 7.0?

What will be the final 6.x.x release prior to 7.0? All of our servers are at 5.0.1 right now. At some point we'll upg...

by Path Finder in

CSV file import, problem with date format

I have been trying to onboard at custom dataset into splunk as a csv file. But the dateformat doesnt get right. 1...

by New Member in

How to get Cyberoam logs in splunk.?

please help me in detail step-by step i have no idea on Cyberoam.

by Engager in

What happens when the forwarder is configured to send data to a non-existent index?

Hello, I would like to know what happens when the forwarder is configured to send data to a non-existent index, ei...

by Explorer in

Testing props.conf file of app in $SPLUNK_HOME/etc/apps/my_app/local

I am having some issues breaking a multiline event properly. Each event starts with a 'Date ...' string that I can us...

by New Member in

Trying to ingest a stock price file into Splunk

Goodday, I am a Newbie. Am trying to ingest a stock price file into Splunk, I open Splunk by using http://localhos...

by New Member in

How to extract the Fields from .txt file

I am indexing Server.txt file from 1000+ forwarders. The file format is as below. I want to extract below header valu...

by Explorer in

Universal Forwarder, Server Class.

I install UF on linux client. Than I ./splunk set deploy-poll *.*.*.*:8089 Client did not appear in Forwarder...

by Builder in

Splunk Windows Firewall log file pfirewall.log

Hello, I'm very new to Splunk and trying to use it to gather local Windows Firewall Log file information. I thought ...

by New Member in

how route data to specific index when we use heavy forwarder?

I build distributed Splunk Enterprise network the network flow is like below UF--->HF------->IDX----->SH In which I m...

by Explorer in

How to move index from main to custom index?

Hello I failed and miss index for nginx and all logs saved to main. Now I created new index "nginx_logs" and how me m...

by Builder in

How to apply Time Zone TZ = UTC to only 14 hosts out of 16

Let's say we have 16 hosts with the same sourcetype=devicetype 14 hosts are in UTC, 2 hosts are in EST (local) time z...

by Builder in

Why is batch processing not removing files after indexing them in Splunk 6.2.1?

I have an app that is not removing/deleting the files after consuming them. They are indexed appropriately, but just ...

by Path Finder in

How to fix the renaming of sourcetypes, so that fields parsing for the other sourcetype name applies ?

Hi All, Currently facing an issue in parsing the data. We have customized Technology Add-on app called Test-TA-paloal...

by Motivator in

How to filter events on Linux Machine before forwarding them to Splunk?

Image attached is the following log I wish to forward but however I want to detect ONLY newly added Cronjobs (only th...

by Path Finder in

Where can I find a complete list of data source types that can be indexed in Splunk?

Hi, Could you tell me, do you have sort of "list of supported data sources"? Actually, I want to know complete list o...

by New Member in

Eval and Dedup date fields

I have the following search sourcetype=dhcp | stats earliest(_time) as FirstSeen, latest(_time) as LastSeen by IP_...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Shell script or python to to delete older than 6 months frozen data ?

Why doesn't the LastLogon timestamp match betweeen the active directory (AD) and SA-LdapSearch information?

How to trouble shoot this ERROR TcpOutputFd - Connection to host=10.X.X.X failed ?

DATA filtering using Heavy forwarders

Help in Configuring Indexes.conf

Whitelist Services? How

Is Splunk planning to offer guidance on naming conventions in the Metrics Index in relation to CIM?

Why does the author appear as "nobody" from this search?

What will be the final 6.x.x release prior to 7.0?

CSV file import, problem with date format

How to get Cyberoam logs in splunk.?

What happens when the forwarder is configured to send data to a non-existent index?

Testing props.conf file of app in $SPLUNK_HOME/etc/apps/my_app/local

Trying to ingest a stock price file into Splunk

How to extract the Fields from .txt file

Universal Forwarder, Server Class.

Splunk Windows Firewall log file pfirewall.log

how route data to specific index when we use heavy forwarder?

How to move index from main to custom index?

How to apply Time Zone TZ = UTC to only 14 hosts out of 16

Why is batch processing not removing files after indexing them in Splunk 6.2.1?

How to fix the renaming of sourcetypes, so that fields parsing for the other sourcetype name applies ?

How to filter events on Linux Machine before forwarding them to Splunk?

Where can I find a complete list of data source types that can be indexed in Splunk?

Eval and Dedup date fields

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Community Content Calendar, September edition

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Regex works but transforms.conf extracts only part...

Getting Data In

Are you a member of the Splunk Community?

Discussions