Getting Data In

Community Activity

Can my lookups be forwarded to a Splunk Cloud search head from a local forwarder? Hi, We are in process of migrating On-Premise Apps to Splunk Cloud. There is one App in which few scripts are there ... by bishtk Communicator in Getting Data In 11-20-2017 0 2	0	2
Universal Forwarderで時間指定のログ転送日本語ですみません。業務要件として、1日1回決められた時間（リアルタイムではなく）にUniversal Forwarderでログ転送する必要があります。 Universal Forwarderの機能で、決められた時間にログ転送する... by yutaka_yamauchi Engager in Getting Data In 11-19-2017 0 1	0	1
Json Event Breaking Issues Hi Folks, Splunk Ent V6.5.2 I have a curly one here. I have a Json file ( sample below). When the file is ingested ... by NickLaurent New Member in Getting Data In 11-19-2017 0 1	0	1
Match 2 stanzas in props.conf I have a requirement to send certain windows events to BOTH the indexers AND a remote syslog using TCP. - The indexer... by tlmayes Contributor in Getting Data In 11-19-2017 0 3	0	3
Deploy custom script, then upload the results Newbie here. How can I output the result of a bash script back into Splunk? The script periodically sends netstat com... by mlorrette Path Finder in Getting Data In 11-19-2017 0 2	0	2
Fields Extraction Issue - CSV file Batch Upload via a TA This is driving me nuts  Trying to index a CSV file which a server creates once an hour (in this case this is DHCP ... by 98123722 Explorer in Getting Data In 11-19-2017 2 3	2	3
CentOS 4 to forward syslog to Splunk Indexer but no data was forwarded after configuring I have already appended my Splunk IP Address and UDP port in /etc/syslog.conf "(asterisk).(asterisk) (asterisk)192.16... by Kitteh Path Finder in Getting Data In 11-19-2017 0 1	0	1
Is it okay to run a universal forwarder without an inputs.conf? I am the security guy and Splunk admin. I am running 6.6.x universal forwarders on all my windows servers. I just f... by xavierashe Contributor in Getting Data In 11-18-2017 0 6	0	6
Apache access_combined with X-Forwarded-For instead of host In our organization our apache log files are of type access_combined with the exception of the host field being repla... by geraldhanks New Member in Getting Data In 11-17-2017 0 5	0	5
How can I remove a string from a source name? below is my search source=abc-server I want to trim "-server" and I tried this \| eval source=trim("abc-server"... by navins007 New Member in Getting Data In 11-17-2017 0 3	0	3
How can we index complete BSM log data? Hi All, Currently we are facing an issue in getting the complete BSM logs data in to splunk. We have two remote hos... by Hemnaath Motivator in Getting Data In 11-17-2017 0 10	0	10
SPLUNK searches take long to complete. Hello Splunkers The actual time in job inspector seems to not be very long But usually there is long latency and j... by stanwin Contributor in Getting Data In 11-17-2017 0 2	0	2
I disabled an index, but still receiving data. Why ? I no longer wanted any data with index=windows, so I disabled it. However, I am still receiving data targeted at it. ... by damode Motivator in Getting Data In 11-17-2017 0 10	0	10
Urgent Help required , Splunk Indexer to forward data to syslog server(rsyslog or thrid party) Dear Experts, Currently we have test environment where we have one indexer and search head however we need to forwar... by sumitkathpal292 New Member in Getting Data In 11-17-2017 0 2	0	2
inputs.conf and Windows path I know this should be simple, but for whatever reason, it's not working Have a production Windows 2012 server where ... by tlmayes Contributor in Getting Data In 11-17-2017 0 2	0	2
Conf file precedence issue, JSON extraction props definition is below, when i save it in app\search\local directory it doesn't work as expected{events are not br... by apoorvaaj Engager in Getting Data In 11-17-2017 0 1	0	1
difference between index archiving (cold to Frozen) and archive to Hadoop via Hadoop Data Roll? I read splunk docs and understood the below: Splunk Index archiving from cold to frozen to a particular location ca... by Harishma Communicator in Getting Data In 11-17-2017 0 4	0	4
Is there a way to use syslog to send over logs to Splunk indexer instead of using a Splunk Forwarder to send? Hi I am trying to send logs files from Linux system to Splunk Indexers, is there a way to configure the syslog to do ... by Kitteh Path Finder in Getting Data In 11-16-2017 0 3	0	3
Search for all events for IP address within a CSV file I would like to know how we can search for all events for a list of IP in a CSV file. by umarfarooq Explorer in Getting Data In 11-16-2017 0 4	0	4
How can we apply TRUNCATE across many sourcetypes? We would like to set TRUNCATE=0 so we don't truncate the events at all. We normally use the sourcetype in props.conf.... by ddrillic Ultra Champion in Getting Data In 11-16-2017 0 4	0	4
What are the best way and practices to manage indexes Hi everyone! I would like to know what are the best practices to manage the index's size. I read in this post ( htt... by chlima Explorer in Getting Data In 11-16-2017 1 5	1	5
how get a single output from 2 different "stats count" Good morning, with the following search: index="app_dynatrace" sourcetype="pa" application="Saipemcom Prod" "dimensi... by antoniofacchi New Member in Getting Data In 11-16-2017 0 5	0	5
Config data Hot Warm Cold ? Can anyone teach or show me some way to config data age of Hot Warm Cold with each indexs ? And how to check it succe... by nnips Engager in Getting Data In 11-16-2017 0 5	0	5
If we make changes in .conf files is there a way not to restart entire splunk? In general if we make changes in .conf files we need to restart splunk. Suppose splunk is deployed in production envi... by kanamarlapudi New Member in Getting Data In 11-16-2017 0 5	0	5
Index only one column from csv input I wanted to index only "Date" column from this CSV file. I don't want any of the other columns to be indexed and want... by vinaykata Path Finder in Getting Data In 11-15-2017 0 1	0	1