Getting Data In

Community Activity

How can we apply TRUNCATE across many sourcetypes? We would like to set TRUNCATE=0 so we don't truncate the events at all. We normally use the sourcetype in props.conf.... by ddrillic Ultra Champion in Getting Data In 11-16-2017 0 4	0	4
What are the best way and practices to manage indexes Hi everyone! I would like to know what are the best practices to manage the index's size. I read in this post ( htt... by chlima Explorer in Getting Data In 11-16-2017 1 5	1	5
how get a single output from 2 different "stats count" Good morning, with the following search: index="app_dynatrace" sourcetype="pa" application="Saipemcom Prod" "dimensi... by antoniofacchi New Member in Getting Data In 11-16-2017 0 5	0	5
Config data Hot Warm Cold ? Can anyone teach or show me some way to config data age of Hot Warm Cold with each indexs ? And how to check it succe... by nnips Engager in Getting Data In 11-16-2017 0 5	0	5
If we make changes in .conf files is there a way not to restart entire splunk? In general if we make changes in .conf files we need to restart splunk. Suppose splunk is deployed in production envi... by kanamarlapudi New Member in Getting Data In 11-16-2017 0 5	0	5
Index only one column from csv input I wanted to index only "Date" column from this CSV file. I don't want any of the other columns to be indexed and want... by vinaykata Path Finder in Getting Data In 11-15-2017 0 1	0	1
How can the forwarder detect available indexers? We hard-code the indexers in the outputs.conf at the moment. How can we detect the indexers automatically by the forw... by ddrillic Ultra Champion in Getting Data In 11-15-2017 0 2	0	2
Scripted data input producing output not appearing in Splunk I am completely baffled on why some of the output I am producing from a script (its key-value pairs) is not appearing... by EricLloyd79 Builder in Getting Data In 11-15-2017 0 1	0	1
Forwarding and Indexing Large Files Anyone have any experience with fowarding and indexing files larger than 200mb every minute? I'm curious if there are... by rbarajas Explorer in Getting Data In 11-15-2017 0 2	0	2
How to add log file in whitelist for date append file? How to add log file in whitelist for date append file? Below is the file with date. Please help us to add those file... by karthi2809 Builder in Getting Data In 11-15-2017 0 1	0	1
Need some help with event breaks Hi all, I was hoping someone might be able to point me in the right direction for where to set this and how exactly ... by Lazarix Communicator in Getting Data In 11-15-2017 0 10	0	10
How to open the file in a web server Hi Team, I have a file in a web server. The file can be opened in browser using link http://www.abcde.com/sample.txt... by 10306629 New Member in Getting Data In 11-14-2017 0 2	0	2
How to get two lines of JSON to break as two events? I am using a simple receiver to upload some lines of JSON. The input file has one JSON object (hash) per line, termin... by fitterman Explorer in Getting Data In 11-14-2017 1 6	1	6
Why Splunkd does not automatically restart when Windows server is rebooted and how to fix? Hello, When I go to services.msc I have splunkd set up to restart as a user with a u/n and p/w. However, it does no... by AlexMcDuffMille Communicator in Getting Data In 11-14-2017 1 3	1	3
Custom timestamps for csv format? I have the following data from csv file that I want to index into splunk. I want to set the timestamp to be the hig... by tamduong16 Contributor in Getting Data In 11-14-2017 0 3	0	3
How do I unzip a file when pulling it from REST API? So the rest API that I set up in Splunk will go out to this rest endpoint and the file that it will receive is a zip ... by tamduong16 Contributor in Getting Data In 11-14-2017 0 8	0	8
Using alternate Python for script data inputs We are trying to do some snmp queries using Python and input the output key-value pairs into Splunk. We want to use p... by EricLloyd79 Builder in Getting Data In 11-14-2017 0 2	0	2
Why am I only getting 3 days worth of logs? Hi, i am monitoring IIS logs for my environment and i want to ignore the older log files.i just want the files for t... by carlyleadmin Contributor in Getting Data In 11-14-2017 0 2	0	2
How to get results only from the last source file? Hi, I got an index which continuously receive new source file automatically, what I want is to my search to only ret... by bruno_eduardo Path Finder in Getting Data In 11-14-2017 0 11	0	11
Create a Report of lookup table values minus search results I have a search returning all the uuids of firewall policies used in the last 30 days: sourcetype=fortinet_fortigate... by ejwade Contributor in Getting Data In 11-13-2017 0 2	0	2
Splunk Rest calls not available We have splunk enterprise 6.5.2. We are trying to access Splunk Rest API curl -u : -k http://:8089/services/alerts/... by rbathla New Member in Getting Data In 11-13-2017 0 2	0	2
How does Splunk divide events? There is an application putting SOAP logs, request and response, in a small delay of 0 ~10 secs into the log file - I... by sylim_splunk Splunk Employee in Getting Data In 11-13-2017 1 3	1	3
Can Splunk Enterprise hosted on Windows Ingest Linux Apache TomCat Data? Is it possible to pull in Data from Apache Tomcat servers into Splunk that's sitting on a windows box? I believe the... by Jarohnimo Builder in Getting Data In 11-13-2017 0 4	0	4
Can we install a universal forwarder on a 2016 Windows server with SCCM? Is it possible to get a UF installed on a 2016 Windows server with sccm or do we have to use a chef recipe? by jdomin30 New Member in Getting Data In 11-13-2017 0 1	0	1
How do you convert an indexer into a heavy forwarder? Hello all, We are replacing our single Splunk indexer with a pair of new indexers and have migrated all the indexes ... by PCT80000 Explorer in Getting Data In 11-13-2017 0 10	0	10