Getting Data In

Community Activity

Cannot change host field in syslog data Hi Splunkers, I collect syslog（/var/log/messages） data by Universal Forwarder, not UDP like this. Sep 3 12:42:1... by sunrise Contributor in Getting Data In 12-20-2017 1 5	1	5
Why are blacklisted 4663 and 4660 events still showing up? I am hoping someone can help me out with a filtering blacklist issue I am having. I am currently filtering out event ... by zward Path Finder in Getting Data In 12-20-2017 0 4	0	4
Is there a config available that would push out the same format as Snare from a Heavy Forwarder? Is there a config available that would push out the same format as Snare from a Heavy Forwarder? i.e. UniversalForwar... by CletisNPT Explorer in Getting Data In 12-20-2017 0 4	0	4
UF compatability for Knoppix and Fedora Could you suggest the compatible UF package for the Operating system Knoppix and Fedora? I have checked on this link... by arunkumarvinoba New Member in Getting Data In 12-20-2017 0 2	0	2
Why splunk is not able to index large csv files, I'm trying to index a 3.5 GB csv file, but splunk is not reading it. Any clues ? by premforsplunk Explorer in Getting Data In 12-20-2017 0 3	0	3
CSV Import: fieds name are missing, but showing up while uploading process. Hi there, i tried to upload a csv-file. During Uploading I could separate the fields with a "comma" and the field n... by wes7bb New Member in Getting Data In 12-20-2017 0 3	0	3
Using Transforms.conf truncates my data at 3925 characters - Why? Ladies and Gents, I'm struggling trying to transform some of my data. props.conf [st1] NO_BINARY_CHECK = true SHOU... by kendrickt Path Finder in Getting Data In 12-19-2017 1 2	1	2
How to extract host field with many other fields in a single transformation step (DEST_KEY versus WRITE_META) I am playing with a custom format for data going into Splunk on Splunk 7.0, and I am trying to extract fields at inde... by rjthibod Champion in Getting Data In 12-19-2017 0 3	0	3
What happens if "DEST_KEY = MetaData:Host"? May I know the answers for the below questions. what happens if DEST_KEY = MetaData:Host? Does the Host metadata r... by ankithreddy777 Contributor in Getting Data In 12-19-2017 1 2	1	2
Apply multiple transforms to a single host How can I have multiple host stanzas in transforms.conf all be applied? I'd like to pull content out of some entries ... by timbCFCA Path Finder in Getting Data In 12-19-2017 0 6	0	6
Decrease bundle size The bundle in the search head has grown upto 776 MB. Its not getting pushed as a result. How to reduce the bundle si... by nawazns5038 Builder in Getting Data In 12-19-2017 0 7	0	7
Filtering data using SHOULD_LINEMERGE Hi all, I have configured the line breaking parameter as (SHOULD_LINEMERGE = true) to read a log file that contains ... by danillopavan Communicator in Getting Data In 12-19-2017 0 6	0	6
Combinate SHOULD_LINEMERGE with Filtering Hi all, I am trying to have a combination of SHOULD_LINEMERGE=true with filtering just to index some lines of the lo... by danillopavan Communicator in Getting Data In 12-19-2017 0 5	0	5
How can I get my TCP data into the metrics index? I am trying to pull incoming tcp data into the Metrics Store using this information: http://docs.splunk.com/Document... by walkerhound Path Finder in Getting Data In 12-19-2017 0 4	0	4
Using SEDCMD in Splunk Cloud Task: Mask PII data at Index Time Current Setup: Universal forwards to forward logs to Splunk Based on documentatio... by catchaj88 Explorer in Getting Data In 12-19-2017 0 4	0	4
When a universal forwarder is unable to connect to an indexer, will the forwarder still be collecting data from the server? Hi Team, We have an log file in one of the server and which is keep generated in the directory for every 10 mins on... by senthamilselvan Engager in Getting Data In 12-19-2017 0 5	0	5
How do you run script WinNetMon on universal forwarder? I wanna to run WinNetMon on UF and I put to SplunkUniverstalForwarder\etc\system\local\inputs.conf by test_qweqwe Builder in Getting Data In 12-19-2017 0 1	0	1
Anonymize data is not working, hello, I made my Anonymize data based on this http://docs.splunk.com/Documentation/Splunk/7.0.0/Data/Anonymizedata a... by ahmadjabr Engager in Getting Data In 12-19-2017 0 9	0	9
Questions for large install admins: What's your best practice for log length (TRUNCATE) maximums? How much do you force devs to limit their event size? My current splunk install handles logs for about 80 different development groups. Each one with their own idea of wha... by twinspop Influencer in Getting Data In 12-18-2017 0 3	0	3
LineBreakingProcessor truncates long events and drops the next (related) Running Splunk Enterprise 6.5.6. I am parsing incoming events of sourcetype weblogic_stdout, and am having some trou... by rkilen Explorer in Getting Data In 12-18-2017 0 5	0	5
How to configure a forwarder to filter and send the specific events I want? I'm using a set of universal forwarders to send data to a central indexer. I would like to send events from "WinEven... by fernandoandre Communicator in Getting Data In 12-18-2017 0 14	0	14
extract key value pairs and timestamp field from nested json Hi, I need to read the below json file in python script and send each json to splunk. [[[ with open('sampledata... by sawgata12345 Path Finder in Getting Data In 12-18-2017 0 10	0	10
Configuring Cold To Frozen path if cold is on a C: drive and I want my frozen path to be on a newly created F: drive I created a new F: drive for my archiving or Frozen path. Currently everything is configured to the default and filli... by dbatts Explorer in Getting Data In 12-18-2017 0 2	0	2
Inputlookup usage I have an inputlookup table with list of email addresses . I already have a pre existing field called user . How do I... by Mohsin123 Path Finder in Getting Data In 12-18-2017 0 5	0	5
How to use the date in a CSV filename as the timestamp in events when there is no date or time field? Hi, We are monitoring a csv file which has date included in the filename, with the filename format: abc_xxx_yz-2017-... by nikita_p Contributor in Getting Data In 12-17-2017 0 5	0	5