Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
jeffbat

Unable to read large input file from Universal Forwarder

We have a Linux server which is receiving our syslog traffic and on that machine we have a universal forwarder runnin...
by jeffbat Path Finder in Getting Data In 12-27-2017
0 2
0
2
swetha1247

Error while trying to configure heavy forwarder as slave: "Uri should be in the form: ://:"

While trying to make heavy forwarder as slave we're receiving the below error: Bad Request — editTracker failed, rea...
by swetha1247 New Member in Getting Data In 12-27-2017
0 4
0
4
michaelrosello

Convert time to another timezone then remove timezone identifier

So I have multiple fields that have time value that looks like this. 2017-10-05T16:00:00Z What I want is to conver...
by michaelrosello Path Finder in Getting Data In 12-27-2017
0 4
0
4
tkwaller_2

How can I get my mvexpand to work

Hello I have a search I am having an issue with, I am trying to get the JSON array data in a table, efficiently. My ...
by tkwaller_2 Communicator in Getting Data In 12-26-2017
0 5
0
5
singhkrmanish76

Universal Forwarder Not sending my windows events log

Well! i have configured my suplunk server to accept logs on 9997 from remote. And i have configure my universal forwa...
by singhkrmanish76 New Member in Getting Data In 12-26-2017
0 2
0
2
gekoner

Setting other TZ in props.conf

Does anyone have a list of the valid stings for TZ = ? I would like to set TZ=GMT-0400 but setting that or any other ...
by gekoner Communicator in Getting Data In 12-26-2017
1 4
1
4
alvaro_garcia

Custom command arguments

Hello Splunkers! I have a custom command, that execute a perl script with argument. Script.pl ////////////// !/usr/b...
by alvaro_garcia Explorer in Getting Data In 12-25-2017
0 13
0
13
packet_hunter

What is the most efficient way to correlate fields from different sourcetypes in the same index by an asset_id key

I have some vulnerability and asset data I need to correlate but I am not sure of the best method to use... index=ra...
by packet_hunter Contributor in Getting Data In 12-22-2017
0 5
0
5
Log_wrangler

How to send syslog data to the indexer and another TCP listener? (Part 2)

my scenario: I have an APP that can only send syslog data to one destination. I have an HF configured to receive sys...
by Log_wrangler Builder in Getting Data In 12-22-2017
0 2
0
2
jwalzerpitt

How should I configure props/transforms.conf files to index Lancope Stealthwatch syslog in CEF format and OCLC EZProxy logs?

I am planning on ingesting syslog from Lancope Stealthwatch and OCLC EZProxy logs. Our environment is set up to send ...
by jwalzerpitt Influencer in Getting Data In 12-22-2017
1 6
1
6
Murali2888

MetaData Values: Is there a difference between DEST_KEY = _MetaData:Index versus DEST_KEY = MetaData:Index?

Is there any difference between the two below? DEST_KEY = _MetaData:Index DEST_KEY = MetaData:Index Also, I would l...
by Murali2888 Communicator in Getting Data In 12-22-2017
2 4
2
4
xiyangyang

Can a universal forwarder be restarted via REST API?

Can UF be restart via REST API? What other things can be done to UF via REST API?
by xiyangyang Path Finder in Getting Data In 12-22-2017
1 2
1
2
vicky05ssr

Why is my REST API call to pass the Job SID to another curl command inside the same shell not working as expected?

Hello All, I am trying to execute a savedsearch query through REST API call and passing the Job SID to another curl...
by vicky05ssr Explorer in Getting Data In 12-21-2017
0 2
0
2
edwinmae

Multiple fields extraction,m using props.conf

Hi, We have a search that extracts Customer and Country correctly index=aaa host="Host1" sourcetype=aaa_bbb | rex ...
by edwinmae Path Finder in Getting Data In 12-21-2017
1 11
1
11
ppanchal

Unable to change timezone of the logs

We have a host sending logs in UTC timezone and we want to display it in US/Central timezone. I have added the below ...
by ppanchal Path Finder in Getting Data In 12-21-2017
0 21
0
21
Log_wrangler

How to send syslog data to the indexer and another TCP listener?

Need a little help as I have not set this up before. Here is my scenario. I have an APP that can only send syslog da...
by Log_wrangler Builder in Getting Data In 12-21-2017
0 8
0
8
rhirasin

Why is the timestamp column missing? Search included "index=index_name"

timestamp column is missing in splunk . While I am searching index=index_name. first column should be with time-stamp...
by rhirasin Engager in Getting Data In 12-21-2017
0 2
0
2
marziaolla

Permanently delete events from an index

hi, i want to delete from an index only the events i dont need. i know that the delete command only hide events from...
by marziaolla Path Finder in Getting Data In 12-21-2017
2 3
2
3
Hemnaath

How to parse complete command line information into the event field ?

Hi All, Today we got an request from a user to include the entire information provided in the command line, when che...
by Hemnaath Motivator in Getting Data In 12-21-2017
0 16
0
16
Mike6960

field extraction disappeard, could this happen after a reinstall of the forwarder

Hi, one of our admins has reinstalled a fowarder. No we have issues with data that is not coming through anymore but ...
by Mike6960 Path Finder in Getting Data In 12-21-2017
0 5
0
5
nmohammed

Monitor log files with spaces in the file name

hi, I am having issues with splunk universal forwarder monitoring log files with spaces in the name . The file is a...
by nmohammed Builder in Getting Data In 12-21-2017
0 17
0
17
vikram_m

Is there an app that can restart the Splunk universal forwarder service on Windows every 30 minutes?

Hi, I need to deploy an app from deplyment server which will restart the Splunkd UF application installed on Windows...
by vikram_m Path Finder in Getting Data In 12-21-2017
0 7
0
7
ykpramodhcbt

Splunk Forwarding doesn't forward data

We have a single data source from which we want to forward clone data to - splunk server 1(prod) and splunk server 2(...
by ykpramodhcbt Path Finder in Getting Data In 12-20-2017
0 17
0
17
Beaker77

Routing received data TO an external HEC via HTTPS?

Is it possible to route a stream of data from a heavy forwarder or indexer TO an external non-Splunk HTTPS endpoint (...
by Beaker77 Explorer in Getting Data In 12-20-2017
0 2
0
2
neilli

Best way to load archived applcation log files without exceeding license?

Our daily license is 15GB we use about 10GB on average. However I want to load our archived application log files whi...
by neilli Engager in Getting Data In 12-20-2017
0 1
0
1
Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...
Top Solution Authors
View All