Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
sawgata12345

extract key value pairs and timestamp field from nested json

Hi, I need to read the below json file in python script and send each json to splunk. [[[ with open('sampledata...
by sawgata12345 Path Finder in Getting Data In 12-18-2017
0 10
0
10
dbatts

Configuring Cold To Frozen path if cold is on a C: drive and I want my frozen path to be on a newly created F: drive

I created a new F: drive for my archiving or Frozen path. Currently everything is configured to the default and filli...
by dbatts Explorer in Getting Data In 12-18-2017
0 2
0
2
Mohsin123

Inputlookup usage

I have an inputlookup table with list of email addresses . I already have a pre existing field called user . How do I...
by Mohsin123 Path Finder in Getting Data In 12-18-2017
0 5
0
5
nikita_p

How to use the date in a CSV filename as the timestamp in events when there is no date or time field?

Hi, We are monitoring a csv file which has date included in the filename, with the filename format: abc_xxx_yz-2017-...
by nikita_p Contributor in Getting Data In 12-17-2017
0 5
0
5
clamendola

Event not showing full log entry.. newline issue?

For some reason Splunk is indexing one of my log files a bit oddly. In the following excerpt, the Splunk event is onl...
by clamendola New Member in Getting Data In 12-17-2017
0 3
0
3
HIBE151

Why are props and transforms preconfigured to sanitize the hostname for pretrained sourcetypes like 'syslog' and 'linux_syslog_messages'?

Hello, Just a simple question about pretrained sourcetypes like 'syslog' and 'linux_syslog_messages'. Why are those ...
by HIBE151 Explorer in Getting Data In 12-16-2017
0 3
0
3
hchoisori

After installing Splunk SDK for Python, why am I getting "ImportError: No module named spluklib.client" in my python code?

Hi, I just started trying Splunk SDK in Windows. I installed Python and Splunk SDK. However I have an error "ImportE...
by hchoisori Engager in Getting Data In 12-16-2017
0 2
0
2
project9433

Heavy forwarder isn't forwarding data from UDP port to indexer

Hello team, I have a HF in place and it is supposed to listen to a UDP port and forward the data to the indexer. Its ...
by project9433 Engager in Getting Data In 12-15-2017
0 1
0
1
lksridhar

How to configure the timestamp configuration on below event types.

Hi Folks, i have events on below format which does not have time stamp on first 20 lines and i tried to create the c...
by lksridhar Explorer in Getting Data In 12-15-2017
0 5
0
5
fredzhang

How to disable Windows universal forwarder service auto start after first installation?

I am using Citrix provisioning system to install Windows UFW (Universal Forwarder) 6.5.2 and got an issue: after ins...
by fredzhang New Member in Getting Data In 12-15-2017
0 3
0
3
linush

DB Connect 3.1 Errors

Our Splunk (6.2.2) is running on a Linux box. I downloaded Java JDK 1.8 131 and verified: Java(TM) SE Runtime Enviro...
by linush Engager in Getting Data In 12-15-2017
2 3
2
3
alfiyashaikh

monitor - File& directories - file is not getting updated on recent changes

I have added file ABC.csv from my local directory and uploaded it on splunk by "monitor" adding data option. source=...
by alfiyashaikh New Member in Getting Data In 12-15-2017
0 7
0
7
basu42002

Getting this error version `OPENSSL_1.0.0' not found

Can any one please suggest, how to fix this error: ERROR BucketMover - coldToFrozenScript /usr/bin/python: /opt/splun...
by basu42002 Path Finder in Getting Data In 12-14-2017
0 3
0
3
thol

JSON timestamp not parsed via HTTP Event Collector in Splunk cluster

I have a similar issue as described in another question "JSON timestamps not parsed via HTTP Event Collector". But I'...
by thol Explorer in Getting Data In 12-14-2017
0 1
0
1
uthornander_spl

How to get the Multiselect input to create a search without " when selecting multiple values

I'm trying to create a training dashboard based on Multiselect and the HTTP status code. If I create the Multiselect ...
by uthornander_spl Splunk Employee Splunk Employee in Getting Data In 12-14-2017
0 6
0
6
Hemnaath

How to filter out only the accelerated reports in splunk ?

Hi All, I need to filter out only the reports that are configured as Accelerated Reports in searches,Reports and Aler...
by Hemnaath Motivator in Getting Data In 12-13-2017
0 11
0
11
AnmolKohli

Blacklist regular expression not working

I want to blacklist below 2 files: op_fe-run_autostat*.log op_fe-proteus_prod_archive*.log here can be any number/c...
by AnmolKohli Explorer in Getting Data In 12-13-2017
0 3
0
3
ZimmermanC1

How can I index events with the real date while using the timestamp from the log?

I have a Splunk instance in a Development & Test lab that uses what we call "repeatable time" to test software update...
by ZimmermanC1 Explorer in Getting Data In 12-13-2017
0 2
0
2
HyderAli

http event collector in monitoring - kuberentes, not posting data

Hi, I have gone through this tutorial https://www.outcoldsolutions.com/docs/monitoring-kubernetes/ for monitoring ku...
by HyderAli New Member in Getting Data In 12-13-2017
0 3
0
3
tdotrob

Best way to extract mix of positional and kv from csv?

My CSV log file has three fields that are positional followed by a variable mix of K=V pairs like so: 2017/12/11 20:...
by tdotrob Engager in Getting Data In 12-13-2017
0 1
0
1
ktn01

How to forward _internal to defaultGroup

Hello, I have the following outputs defined on all my universal forwarders: [tcpout] defaultGroup = prod-group, vali...
by ktn01 Path Finder in Getting Data In 12-13-2017
2 6
2
6
ludoz13

Logs with parameter INDEXED_EXTRACTIONS on UF could no be forwarded from indexer via syslog

Hello splunker, I have some trouble to forward data to third-party systems via syslog. All logs are forwarded via sy...
by ludoz13 Path Finder in Getting Data In 12-13-2017
1 4
1
4
maniu1609

Issue with log rotation

We have log files that are being monitored. Log files are deleted every 1 hour. We noticed that at the time of log ro...
by maniu1609 Path Finder in Getting Data In 12-13-2017
0 3
0
3
a212830

Help with regex on whitelist

Hi, I need to whitelist on the following: SIPServer-RTP-Routing1-PR-001.20171212_124642_595.log Anything that has ...
by a212830 Champion in Getting Data In 12-12-2017
0 4
0
4
damode

No persistentqueue attributes in outputs.conf. How to configure data buffering on Heavy Forwarder ?

I was referring to this link, https://wiki.splunk.com/Community:Best_Practice_For_Configuring_Syslog_Input to configu...
by damode Motivator in Getting Data In 12-12-2017
0 6
0
6
Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...
Top Solution Authors
View All