Getting Data In

Community Activity

File not being read by Splunk in a directory while others are Hi, I have a directory which is defined in inputs.conf on a host (which has UF running), directory is: /var/middlewa... by SirHill17 Communicator in Getting Data In 10-25-2017 1 17	1	17
How to update indexes.conf files on unclustered production indexers? I have to define some new indexes on production indexers (in the indexes.conf). I have 4 indexers running. Someone el... by packet_hunter Contributor in Getting Data In 10-25-2017 0 5	0	5
How can I combine two CSV files? Hi Everyone, I want to combine data from two .csv files which are "CBIG-SIN Updated" and "Hostnames Files" files nam... by Sagar0511 Explorer in Getting Data In 10-24-2017 0 6	0	6
Can I enable distributed indexer using Enterprise Trial license ? Hi - I am using Splunk Enterprise Trial license at home network for learning purpose. I have installed Splunk(Linux)... by manojgeorge007 New Member in Getting Data In 10-24-2017 0 6	0	6
Anonymize data Hi, How would I anonymize the following example: BankName=South!@Indian!@Bank I want everything to the right of t... by jdomin30 New Member in Getting Data In 10-24-2017 0 1	0	1
Why isnt't our firewall showing events? We're sending syslogs to a UDP port Good afternoon, We have 3 firewalls that are sending their syslogs to a udp port. 2 are showing events, one is not. ... by jb1982 Path Finder in Getting Data In 10-24-2017 0 20	0	20
Best way to deal with the \local configuration files after deploying new configuration files under \apps? I have integrated a deployment client into my environment to manager the configuration files but now I am having mult... by avalle Path Finder in Getting Data In 10-24-2017 0 4	0	4
How to use pipeline to get results which match the timestamp? Hi All, I have a particular situation in which two logs lines which are related, have only the timestamp in common, ... by sagarms27 New Member in Getting Data In 10-24-2017 0 1	0	1
No data being received form syslog server New Splunk environment just stood up. All was working well on Friday, came back after the weekend and now getting an ... by dharvey32 New Member in Getting Data In 10-24-2017 0 3	0	3
inputs.conf and outputs.conf for SSL encryption Hi, Can someone share with me the recent inputs & outputs conf file for SSL encryption? I am having some trouble for... by chintan_shah Path Finder in Getting Data In 10-24-2017 0 2	0	2
Where does the forwarder enqueue files? We see the following messages in the forwarder - 10-18-2017 11:15:29.630 -0500 WARN TailReader - Enqueuing a very ... by ddrillic Ultra Champion in Getting Data In 10-23-2017 0 5	0	5
How can I set an alert for max thruput? What is the search query to alert when the forwarder reaches max thruput? by mamir32825 New Member in Getting Data In 10-23-2017 0 3	0	3
Extracting specific JSON field where duplicate exists within array I have a JSON feed that I'm trying to parse fields in and the event contains fields with identical names but are diff... by greatapoc New Member in Getting Data In 10-23-2017 0 2	0	2
Can we rename fields in transforms.conf? In the following thread we extracted the name value pairs from the embedded json document - How can we extract a json... by ddrillic Ultra Champion in Getting Data In 10-23-2017 1 2	1	2
Help with props.conf configuration to remove outer curly bracket before ingesting JSON file to get event ID props.conf to remove outer curly bracket before ingesting json file from {<!-- --> "filters": [ {<!-- --> "id": "9496071... by lim2 Communicator in Getting Data In 10-23-2017 0 8	0	8
How to omit a field from search on a text input if the field is blank/null Hello all, Fairly new to Splunk and have a question. I am trying to build what seemed like a fairly simple tool but... by gulelin10 Engager in Getting Data In 10-23-2017 0 3	0	3
How to reduce the daily ingestion on Splunk cloud? Hi, We use splunk cloud and our daily ingestion limit is 800 GB, we are ingesting about 100 GB over the limit. I'm l... by VinodTiwari New Member in Getting Data In 10-23-2017 0 3	0	3
earliest_time not working in REST post data, but working in search I am sending a POST request to Splunk REST 'services/search/jobs' endpoint. If I submit with 'earliest_time' paramet... by shikhanshu Path Finder in Getting Data In 10-23-2017 0 5	0	5
What is the best way to stream data out of one Splunk instance to another? All, We have some highly unstructured data I'd like to export from one Splunk instance to another one for testing r... by daniel333 Builder in Getting Data In 10-23-2017 1 2	1	2
Capture second timestamp that includes subseconds Here's an example beginning of an event line Oct 20 20:57:03 sfo-prd-wsux02 apache2: [Fri Oct 20 20:57:03.398765 201... by vlicoupons Engager in Getting Data In 10-23-2017 0 5	0	5
How do you transfer indexes stored in a search head to other search peers? We have a Splunk environment with 1 search head, multiple indexers, and search peers. Currently search head stores a ... by charleschen8 Engager in Getting Data In 10-23-2017 0 1	0	1
Custom date format extraction using datetime.xml A colleague was tying to use Splunk to ingest a log file with a unusual date/time format. The DATE of the event is d... by dshakespeare_sp Splunk Employee in Getting Data In 10-23-2017 2 1	2	1
Inputlookup subsearch to match on field A and output field B in CSV file Im trying to correlate info based on a lookup file and no matter how I try, I cant make it work. I have a CSV with v... by christoffertoft Communicator in Getting Data In 10-23-2017 0 10	0	10
REST call to show the number of logged-in users in a clustered environment? I've got a cluster question regarding REST calls and translation into a clustered environment. I have multiple searc... by sheltomt Path Finder in Getting Data In 10-23-2017 0 1	0	1
Splunk is ingesting archived data from our syslog servers. How do I stop this? We have a syslog server with universal forwarder (UF) installed on it and my inputs.conf states /opt/splunk/syslogs/c... by hrithiktej Communicator in Getting Data In 10-23-2017 0 4	0	4