Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to fix a timestamp issue for Symantec logs?

Hi All, Currently we are facing an problem in time stamp for a Symantec log data. Problem: When we search with the b...

by Motivator in

What is the best timestamp format to use for my custom log to be indexed by Splunk?

What is the best timestamp format to use for my custom log to be indexed by Splunk? Sensible choices are: Round...

by Motivator in

How to delete 'DONE' jobs in a Search Head Cluster

Hi guys, Is there a way to delete a DONE or running job in a Search Head Cluster? Currently some of my users co...

by Contributor in

Uninstall universal forwarder error: "Splunk Installer was unable to enable event log monitoring. Splunk exitcode='1'"

I am trying to uninstall Universal Forwarder 6.1.3 and it gives me an error "Splunk Installer was unable to enable ev...

by New Member in

How to index full json data and automatically extract fields without using field extraction

Here's the format of the data i have been working on. i've tried using INDEXED_EXTRACTIONS=JSON in props but the even...

by New Member in

What's the best method to update/replace indexer cluster members?

We will be getting another batch of indexers in shortly, and each will have substantially more drive space than the o...

by Influencer in

How do I exclude service accounts that match the computer name in search results?

I have not been successful in building a search query that excludes results of a service account that matches the com...

by Explorer in

How to get complete event information in to the command field ?

HI All, For past one week, I am trying to get an answer for my problem, but haven't got a good fix for the issue stil...

by Motivator in

Universal forwarder is listening to the wrong port for the splunkd process

We are rolling out the UF to our windows servers, no apps yet, just the UF. The deploymentclient.conf only has the de...

by Path Finder in

Why am I getting an error telling me the Pass4SymmKey is wrong, preventing me from adding a new peer to an existing indexer cluster?

I am in a sandbox playing with indexer cluster server management. My end goal is to play with and set up indexer disc...

by Builder in

forward-server listed as inactive

Hi guys, i have been working on the creation of a deployment server with universal forwarders, and the outputs.conf ...

by New Member in

inputs.conf monitor stanza for a remote Windows server

Hello, In the inputs.conf of a deployment app, i need to monitor multiple files on numerous remote servers. What...

by New Member in

What is the difference between index and indexer?

What is the difference between INDEX and INDEXER in SPLUNK

by New Member in

Changing Time Format

Hi, I have a search that displays the "UserID Expiration Date" field as "12/6/2019 21:01" I would like to conve...

by Path Finder in

License Usage by sourcetype in 6.6

I just upgraded from 6.5.6 to 6.6.5, and some searches I was doing in my personal dashboard stopped working. Throu...

by Explorer in

Does an indexer write its queues to disk when we shut it down?

I wonder whether the contents of the Indexing queue is being written to disk when we shut down the indexer? Also, wha...

by Ultra Champion in

Splunk monitoring Android

Hi, splunkers! I wanna monitoring my phone by Splunk? What can u advice? How can I realize it?

by Builder in

metrics - individual events

Hi Splunkers, We are evaluating moving to metrics events for our existing apps. In our apps, we have to display th...

by Path Finder in

Upgraded from MS Exchange 2010 to 2013 and now I no longer get any data from the eventtype=msexchange-admin-audit?

All of the other data from all previous eventtypes is coming through just fine, except the msexchnage-admin-audit. We...

by New Member in

Extract index from filename in inputs.conf

We have a splunkforwarder DaemonSet in Kubernetes, which is forwarding node logs to our splunk server. We want to ...

by Engager in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to fix a timestamp issue for Symantec logs?

What is the best timestamp format to use for my custom log to be indexed by Splunk?

How to delete 'DONE' jobs in a Search Head Cluster

Uninstall universal forwarder error: "Splunk Installer was unable to enable event log monitoring. Splunk exitcode='1'"

How to index full json data and automatically extract fields without using field extraction

What's the best method to update/replace indexer cluster members?

How do I exclude service accounts that match the computer name in search results?

How to get complete event information in to the command field ?

Universal forwarder is listening to the wrong port for the splunkd process

Why am I getting an error telling me the Pass4SymmKey is wrong, preventing me from adding a new peer to an existing indexer cluster?

forward-server listed as inactive

inputs.conf monitor stanza for a remote Windows server

What is the difference between index and indexer?

Changing Time Format

License Usage by sourcetype in 6.6

Does an indexer write its queues to disk when we shut it down?

Splunk monitoring Android

metrics - individual events

Upgraded from MS Exchange 2010 to 2013 and now I no longer get any data from the eventtype=msexchange-admin-audit?

Extract index from filename in inputs.conf

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

SSL: UNKNOWN_PROTOCOL Error with Gitlab Auditor TA

Help with MSSQL JDBC driver incompatibility error?

How to configure Azure functions to pass the loggi...

Is it possible to send Jenkins custom logger to Sp...

Why do I receive SSL alert number 40 with selfsign...