Getting Data In

Community Activity

inputs.conf and outputs.conf for SSL encryption Hi, Can someone share with me the recent inputs & outputs conf file for SSL encryption? I am having some trouble for... by chintan_shah Path Finder in Getting Data In 10-24-2017 0 2	0	2
Where does the forwarder enqueue files? We see the following messages in the forwarder - 10-18-2017 11:15:29.630 -0500 WARN TailReader - Enqueuing a very ... by ddrillic Ultra Champion in Getting Data In 10-23-2017 0 5	0	5
How can I set an alert for max thruput? What is the search query to alert when the forwarder reaches max thruput? by mamir32825 New Member in Getting Data In 10-23-2017 0 3	0	3
Extracting specific JSON field where duplicate exists within array I have a JSON feed that I'm trying to parse fields in and the event contains fields with identical names but are diff... by greatapoc New Member in Getting Data In 10-23-2017 0 2	0	2
Can we rename fields in transforms.conf? In the following thread we extracted the name value pairs from the embedded json document - How can we extract a json... by ddrillic Ultra Champion in Getting Data In 10-23-2017 1 2	1	2
Help with props.conf configuration to remove outer curly bracket before ingesting JSON file to get event ID props.conf to remove outer curly bracket before ingesting json file from {<!-- --> "filters": [ {<!-- --> "id": "9496071... by lim2 Communicator in Getting Data In 10-23-2017 0 8	0	8
How to omit a field from search on a text input if the field is blank/null Hello all, Fairly new to Splunk and have a question. I am trying to build what seemed like a fairly simple tool but... by gulelin10 Engager in Getting Data In 10-23-2017 0 3	0	3
How to reduce the daily ingestion on Splunk cloud? Hi, We use splunk cloud and our daily ingestion limit is 800 GB, we are ingesting about 100 GB over the limit. I'm l... by VinodTiwari New Member in Getting Data In 10-23-2017 0 3	0	3
earliest_time not working in REST post data, but working in search I am sending a POST request to Splunk REST 'services/search/jobs' endpoint. If I submit with 'earliest_time' paramet... by shikhanshu Path Finder in Getting Data In 10-23-2017 0 5	0	5
What is the best way to stream data out of one Splunk instance to another? All, We have some highly unstructured data I'd like to export from one Splunk instance to another one for testing r... by daniel333 Builder in Getting Data In 10-23-2017 1 2	1	2
Capture second timestamp that includes subseconds Here's an example beginning of an event line Oct 20 20:57:03 sfo-prd-wsux02 apache2: [Fri Oct 20 20:57:03.398765 201... by vlicoupons Engager in Getting Data In 10-23-2017 0 5	0	5
How do you transfer indexes stored in a search head to other search peers? We have a Splunk environment with 1 search head, multiple indexers, and search peers. Currently search head stores a ... by charleschen8 Engager in Getting Data In 10-23-2017 0 1	0	1
Custom date format extraction using datetime.xml A colleague was tying to use Splunk to ingest a log file with a unusual date/time format. The DATE of the event is d... by dshakespeare_sp Splunk Employee in Getting Data In 10-23-2017 2 1	2	1
Inputlookup subsearch to match on field A and output field B in CSV file Im trying to correlate info based on a lookup file and no matter how I try, I cant make it work. I have a CSV with v... by christoffertoft Communicator in Getting Data In 10-23-2017 0 10	0	10
REST call to show the number of logged-in users in a clustered environment? I've got a cluster question regarding REST calls and translation into a clustered environment. I have multiple searc... by sheltomt Path Finder in Getting Data In 10-23-2017 0 1	0	1
Splunk is ingesting archived data from our syslog servers. How do I stop this? We have a syslog server with universal forwarder (UF) installed on it and my inputs.conf states /opt/splunk/syslogs/c... by hrithiktej Communicator in Getting Data In 10-23-2017 0 4	0	4
How can we split the lines in logs as individual events? Hi Team, Currently we have the logs getting indexed into Splunk in this format but we require that each line has to ... by anandhalagarasa Path Finder in Getting Data In 10-23-2017 0 2	0	2
Delay in Splunk purging old events My Splunk is a single Splunk 6.5.x instance, which needs to retain the last 30 days events, so I configured frozenTi... by danielwan Explorer in Getting Data In 10-23-2017 0 2	0	2
Performance / Design recommendations for dimensions in Metrics Index Does Splunk have any guidelines or limitations on the number of dimensions (i.e., cardinality) that the new Metrics I... by rjthibod Champion in Getting Data In 10-23-2017 0 11	0	11
Cron for Interval not working in inputs.conf where a digit amount is Hi all, I may be missing something here and I apologize but I have searched quite a bit. I want my inputs.conf to ... by joshuayourth Explorer in Getting Data In 10-23-2017 0 7	0	7
List just indexers that are offline I am working on my AWS scaling scripts and wanted to know if anyone knows of a way I can just list cluster-peers that... by brent_weaver Builder in Getting Data In 10-23-2017 0 1	0	1
HTTP Event Collector -- How to specify folder or path name to store logs on heavy forwarder before being sent to indexer? Hi All, Could you please help me with the query regarding collecting data using the HTTP Event Collector? I am tryin... by siva_cg Path Finder in Getting Data In 10-23-2017 0 4	0	4
secure splunk web with signed certificate I generate Key & csr files from my splunk machine then got the signed certificate from .pem & root , sub certificates... by MAShawky Explorer in Getting Data In 10-22-2017 0 7	0	7
journalctl dhcpd log import? My linux-based DHCP server running ISC DHCPD is running systemd and puts the dhcpd logs into the central logging syst... by splunkjosef Explorer in Getting Data In 10-22-2017 0 1	0	1
Free disk space (5000MB) reached solved but storage did not reduce Hi, I just set my retirement policy due to space issue (reference: https://answers.splunk.com/answers/583891/which-in... by wuming79 Path Finder in Getting Data In 10-22-2017 0 10	0	10