Getting Data In

Ask a Question

Discussions

Thread Info

Forwarding specific data?

Hi Guys, My question is, is it possible to only forward specific data to my Splunk environment? So my situati...

by Communicator in

Need help executing a script with powershell v3 Modular Input

Could somebody help me with this problem, i have simple powershell script: Write-Host "Num Args:" $args.Length; fo...

by Engager in

How To Compare Dates Between Two Different Sourcetypes

I want to calculate how long it takes until a event from one sourcetype switches to another sourcetype. For example e...

by Path Finder in

How to request an accelerated report via REST?

Hi, We have a requirement to pull data out of a report that they want updated at (near-enough) real time, so we've...

by Communicator in

Why do we need to set up same instances on every Indexer for Distributed search?

Let' s say 2 servers behaving as Indexers which have Splunk Enterprise already deployed on them. There is one For...

by Explorer in

event duplication every time I update my Json input file. Can I avoid or do I even need to care (ie I can 'dedup' my searches)?

I am a new user to Splunk and had the assumption that when using a json file as a continuously monitored datasource S...

by New Member in

How to line break this structured log?

I have a script generating an output, however all my output is being registered as one event. I am trying to break ea...

by Path Finder in

Field Extraction

I am trying to extract a field but it is not working properly. I am able to extract single words but when spaces gets...

by Path Finder in

License usage for one index broken down by sourcetype

How can I get a license usage for one index broken down by sourcetype? I know this question came up recently in diffe...

by Ultra Champion in

How to monitor Microsoft SQL server using the Splunk Add-on for Microsoft SQL server ?

Hi All, I have a requirement from data base team to monitor bunch of Microsoft SQL server in our organization. I had ...

by Motivator in

How to monitor a Error Log file on Remote Windows machine via the inputs.conf ?

Hi All, We have more than 100 + servers that needs to be monitored via splunk to capture SQL Error logs from these se...

by Motivator in

How do I monitor only the changes to Windows Registry?

How do I monitor only the changes (add, delete, change value) to Windows Registry? I am only interested in seeing cha...

by Explorer in

How to integrate Splunk with Netcool OMNIbus?

Hi, We are looking to integrate Splunk 6.x with Netcool OMNIbus. Please help us how can we proceed. Thanks!!

by New Member in

Splunk Query Fails When I use '/' in Query

I have a query as follows: index="idx" sourcetype="st" host="host" |search Port=1/0/23 It shows "No Results Found"...

by Contributor in

Exchange Reputation Setup

I am trying to configure the Exchange Reputation piece in Splunk and am a little confused by the instructions. In ...

by Explorer in

Splunk 6.5.3 curl

I am using Splunk 6.5.3 ES and I don't have curl command. Does curl not ship with Splunk? If not, how I can use it? P...

by New Member in

How do I blacklist multiple events on same line: Can I use '-'?

I want to blacklist 4698, 4699, 4700, 4701,4702 if they contain 'Microsoft\Windows' in the Task Name. Would either...

by Explorer in

IIS Logs question

Hey Guys, i am forwarding iis logs from our web servers.And from what i read so far that people are saying that th...

by Contributor in

Windows version of Splunk installed on E: drive and Splunk reporting error: "paging file is too small"

Based on this answer link text Looks like there is not enough disk space for the window swap file. Splunk is in...

by Contributor in

inputs..conf and sourcetypes - Can't override the sourcetype

We have the need to set a high level sourcetype in the inputs.conf to one sourcetype and override some of those sourc...

by Engager in

Why PREAMBLE_REGEX doesn't work on my indexer?

I want to index 'earthquake' data. Source is "https://earthquake.usgs.gov/fdsnws/event/1/query?format=xml&starttime=2...

by Explorer in

Has anyone had issues with Splunk not indexing any new data from a particular index for a prolonged period of time when there have been updates on the data source?

Our Splunk instance stopped indexing data from a particular index over 72 hours ago. There have been many updates fro...

by New Member in

Running a Custom Script

In one of my alert I want to a trigger a script (to reboot the Linux sever) when a specific condition is met. I have ...

by Contributor in

How can I mask email id's when indexing?

Hi All, I want to mask email id from Message tracking logs,but it mask the whole event.Could you pelase help me in...

by Motivator in

Can my lookups be forwarded to a Splunk Cloud search head from a local forwarder?

Hi, We are in process of migrating On-Premise Apps to Splunk Cloud. There is one App in which few scripts are ther...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Forwarding specific data?

Need help executing a script with powershell v3 Modular Input

How To Compare Dates Between Two Different Sourcetypes

How to request an accelerated report via REST?

Why do we need to set up same instances on every Indexer for Distributed search?

event duplication every time I update my Json input file. Can I avoid or do I even need to care (ie I can 'dedup' my searches)?

How to line break this structured log?

Field Extraction

License usage for one index broken down by sourcetype

How to monitor Microsoft SQL server using the Splunk Add-on for Microsoft SQL server ?

How to monitor a Error Log file on Remote Windows machine via the inputs.conf ?

How do I monitor only the changes to Windows Registry?

How to integrate Splunk with Netcool OMNIbus?

Splunk Query Fails When I use '/' in Query

Exchange Reputation Setup

Splunk 6.5.3 curl

How do I blacklist multiple events on same line: Can I use '-'?

IIS Logs question

Windows version of Splunk installed on E: drive and Splunk reporting error: "paging file is too small"

inputs..conf and sourcetypes - Can't override the sourcetype

Why PREAMBLE_REGEX doesn't work on my indexer?

Has anyone had issues with Splunk not indexing any new data from a particular index for a prolonged period of time when there have been updates on the data source?

Running a Custom Script

How can I mask email id's when indexing?

Can my lookups be forwarded to a Splunk Cloud search head from a local forwarder?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Using different indexes in splunk app for jenkins

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions