Getting Data In

Community Activity

I disabled an index, but still receiving data. Why ? I no longer wanted any data with index=windows, so I disabled it. However, I am still receiving data targeted at it. ... by damode Motivator in Getting Data In 11-17-2017 0 10	0	10
Urgent Help required , Splunk Indexer to forward data to syslog server(rsyslog or thrid party) Dear Experts, Currently we have test environment where we have one indexer and search head however we need to forwar... by sumitkathpal292 New Member in Getting Data In 11-17-2017 0 2	0	2
inputs.conf and Windows path I know this should be simple, but for whatever reason, it's not working Have a production Windows 2012 server where ... by tlmayes Contributor in Getting Data In 11-17-2017 0 2	0	2
Conf file precedence issue, JSON extraction props definition is below, when i save it in app\search\local directory it doesn't work as expected{events are not br... by apoorvaaj Engager in Getting Data In 11-17-2017 0 1	0	1
difference between index archiving (cold to Frozen) and archive to Hadoop via Hadoop Data Roll? I read splunk docs and understood the below: Splunk Index archiving from cold to frozen to a particular location ca... by Harishma Communicator in Getting Data In 11-17-2017 0 4	0	4
Is there a way to use syslog to send over logs to Splunk indexer instead of using a Splunk Forwarder to send? Hi I am trying to send logs files from Linux system to Splunk Indexers, is there a way to configure the syslog to do ... by Kitteh Path Finder in Getting Data In 11-16-2017 0 3	0	3
Search for all events for IP address within a CSV file I would like to know how we can search for all events for a list of IP in a CSV file. by umarfarooq Explorer in Getting Data In 11-16-2017 0 4	0	4
How can we apply TRUNCATE across many sourcetypes? We would like to set TRUNCATE=0 so we don't truncate the events at all. We normally use the sourcetype in props.conf.... by ddrillic Ultra Champion in Getting Data In 11-16-2017 0 4	0	4
What are the best way and practices to manage indexes Hi everyone! I would like to know what are the best practices to manage the index's size. I read in this post ( htt... by chlima Explorer in Getting Data In 11-16-2017 1 5	1	5
how get a single output from 2 different "stats count" Good morning, with the following search: index="app_dynatrace" sourcetype="pa" application="Saipemcom Prod" "dimensi... by antoniofacchi New Member in Getting Data In 11-16-2017 0 5	0	5
Config data Hot Warm Cold ? Can anyone teach or show me some way to config data age of Hot Warm Cold with each indexs ? And how to check it succe... by nnips Engager in Getting Data In 11-16-2017 0 5	0	5
If we make changes in .conf files is there a way not to restart entire splunk? In general if we make changes in .conf files we need to restart splunk. Suppose splunk is deployed in production envi... by kanamarlapudi New Member in Getting Data In 11-16-2017 0 5	0	5
Index only one column from csv input I wanted to index only "Date" column from this CSV file. I don't want any of the other columns to be indexed and want... by vinaykata Path Finder in Getting Data In 11-15-2017 0 1	0	1
How can the forwarder detect available indexers? We hard-code the indexers in the outputs.conf at the moment. How can we detect the indexers automatically by the forw... by ddrillic Ultra Champion in Getting Data In 11-15-2017 0 2	0	2
Scripted data input producing output not appearing in Splunk I am completely baffled on why some of the output I am producing from a script (its key-value pairs) is not appearing... by EricLloyd79 Builder in Getting Data In 11-15-2017 0 1	0	1
Forwarding and Indexing Large Files Anyone have any experience with fowarding and indexing files larger than 200mb every minute? I'm curious if there are... by rbarajas Explorer in Getting Data In 11-15-2017 0 2	0	2
How to add log file in whitelist for date append file? How to add log file in whitelist for date append file? Below is the file with date. Please help us to add those file... by karthi2809 Builder in Getting Data In 11-15-2017 0 1	0	1
Need some help with event breaks Hi all, I was hoping someone might be able to point me in the right direction for where to set this and how exactly ... by Lazarix Communicator in Getting Data In 11-15-2017 0 10	0	10
How to open the file in a web server Hi Team, I have a file in a web server. The file can be opened in browser using link http://www.abcde.com/sample.txt... by 10306629 New Member in Getting Data In 11-14-2017 0 2	0	2
How to get two lines of JSON to break as two events? I am using a simple receiver to upload some lines of JSON. The input file has one JSON object (hash) per line, termin... by fitterman Explorer in Getting Data In 11-14-2017 1 6	1	6
Why Splunkd does not automatically restart when Windows server is rebooted and how to fix? Hello, When I go to services.msc I have splunkd set up to restart as a user with a u/n and p/w. However, it does no... by AlexMcDuffMille Communicator in Getting Data In 11-14-2017 1 3	1	3
Custom timestamps for csv format? I have the following data from csv file that I want to index into splunk. I want to set the timestamp to be the hig... by tamduong16 Contributor in Getting Data In 11-14-2017 0 3	0	3
How do I unzip a file when pulling it from REST API? So the rest API that I set up in Splunk will go out to this rest endpoint and the file that it will receive is a zip ... by tamduong16 Contributor in Getting Data In 11-14-2017 0 8	0	8
Using alternate Python for script data inputs We are trying to do some snmp queries using Python and input the output key-value pairs into Splunk. We want to use p... by EricLloyd79 Builder in Getting Data In 11-14-2017 0 2	0	2
Why am I only getting 3 days worth of logs? Hi, i am monitoring IIS logs for my environment and i want to ignore the older log files.i just want the files for t... by carlyleadmin Contributor in Getting Data In 11-14-2017 0 2	0	2