Getting Data In

Community Activity

How do you transfer indexes stored in a search head to other search peers? We have a Splunk environment with 1 search head, multiple indexers, and search peers. Currently search head stores a ... by charleschen8 Engager in Getting Data In 10-23-2017 0 1	0	1
Custom date format extraction using datetime.xml A colleague was tying to use Splunk to ingest a log file with a unusual date/time format. The DATE of the event is d... by dshakespeare_sp Splunk Employee in Getting Data In 10-23-2017 2 1	2	1
Inputlookup subsearch to match on field A and output field B in CSV file Im trying to correlate info based on a lookup file and no matter how I try, I cant make it work. I have a CSV with v... by christoffertoft Communicator in Getting Data In 10-23-2017 0 10	0	10
REST call to show the number of logged-in users in a clustered environment? I've got a cluster question regarding REST calls and translation into a clustered environment. I have multiple searc... by sheltomt Path Finder in Getting Data In 10-23-2017 0 1	0	1
Splunk is ingesting archived data from our syslog servers. How do I stop this? We have a syslog server with universal forwarder (UF) installed on it and my inputs.conf states /opt/splunk/syslogs/c... by hrithiktej Communicator in Getting Data In 10-23-2017 0 4	0	4
How can we split the lines in logs as individual events? Hi Team, Currently we have the logs getting indexed into Splunk in this format but we require that each line has to ... by anandhalagarasa Path Finder in Getting Data In 10-23-2017 0 2	0	2
Delay in Splunk purging old events My Splunk is a single Splunk 6.5.x instance, which needs to retain the last 30 days events, so I configured frozenTi... by danielwan Explorer in Getting Data In 10-23-2017 0 2	0	2
Performance / Design recommendations for dimensions in Metrics Index Does Splunk have any guidelines or limitations on the number of dimensions (i.e., cardinality) that the new Metrics I... by rjthibod Champion in Getting Data In 10-23-2017 0 11	0	11
Cron for Interval not working in inputs.conf where a digit amount is Hi all, I may be missing something here and I apologize but I have searched quite a bit. I want my inputs.conf to ... by joshuayourth Explorer in Getting Data In 10-23-2017 0 7	0	7
List just indexers that are offline I am working on my AWS scaling scripts and wanted to know if anyone knows of a way I can just list cluster-peers that... by brent_weaver Builder in Getting Data In 10-23-2017 0 1	0	1
HTTP Event Collector -- How to specify folder or path name to store logs on heavy forwarder before being sent to indexer? Hi All, Could you please help me with the query regarding collecting data using the HTTP Event Collector? I am tryin... by siva_cg Path Finder in Getting Data In 10-23-2017 0 4	0	4
secure splunk web with signed certificate I generate Key & csr files from my splunk machine then got the signed certificate from .pem & root , sub certificates... by MAShawky Explorer in Getting Data In 10-22-2017 0 7	0	7
journalctl dhcpd log import? My linux-based DHCP server running ISC DHCPD is running systemd and puts the dhcpd logs into the central logging syst... by splunkjosef Explorer in Getting Data In 10-22-2017 0 1	0	1
Free disk space (5000MB) reached solved but storage did not reduce Hi, I just set my retirement policy due to space issue (reference: https://answers.splunk.com/answers/583891/which-in... by wuming79 Path Finder in Getting Data In 10-22-2017 0 10	0	10
ESXi Hosts logs are not forwarding to Splunk Hi, I am trying to get the logs from ESXi hosts to Splunk without using the vmware app. There is no intermediate s... by deepak_negi02 New Member in Getting Data In 10-22-2017 0 2	0	2
Calculate Age from 2 Timestamp fields Hi All! I have a field in my data which represents DOB in a YYYYMMDD format. I'm trying to compare that DOB Timesta... by ctripod Explorer in Getting Data In 10-20-2017 0 2	0	2
What REST API call can I use to find if a role has any read/write permissions on any Splunk objects? Hello, I want to find if a role has any Read/Write permissions on any Splunk objects using REST API. Which REST API ... by GauriSplunk Path Finder in Getting Data In 10-20-2017 0 3	0	3
Heavy Forwarder send events to remote syslog I am being asked to forward events from a Heavy Forwarder, to a remote ArcSight server as raw events. Our HF's recei... by tlmayes Contributor in Getting Data In 10-20-2017 0 4	0	4
Can a Splunk forwarder send data to Apache Kafka and then to our Splunk cluster? Bonus: Are heavy forwarders deprecated? Hi Due to architecture reasons I need to use Apache Kafka as a message broker between Splunk Forwarders and Splunk c... by ESMaletMa Explorer in Getting Data In 10-20-2017 1 3	1	3
Archive raw and/or indexed data to external syslog server Hi all, Our Splunk server is getting data through several channels, e.g. universal forwarders, TCP input (e.g. OPSEC... by stwong Communicator in Getting Data In 10-20-2017 0 6	0	6
Index override on heavy forwarder data Hi, There is situation where we have installed DB connect on HF and then the HF sends that data to 2 sets of differe... by yu94 New Member in Getting Data In 10-20-2017 0 4	0	4
Will universal forwarder installs only work on specific OS versions? I was told that it didn't matter what version of the Universal forwarder I installed on my servers. Does it matter t... by kekac00 Explorer in Getting Data In 10-19-2017 0 3	0	3
What are all those brackets inside indexes.conf? Hi, Is there a documentation that explains what are [_internal], [introspection] , [_splunklogger], etc? I'm trying ... by wuming79 Path Finder in Getting Data In 10-19-2017 0 2	0	2
Splunk Universal Forwarder -- installing additional roles? I had installed the Universal Forwarder 6.5.1 a while back and set it to connect to a deployment server / Splunk inst... by cutright_jm New Member in Getting Data In 10-19-2017 0 2	0	2
Is it safe to delete manually frozen buckets while indexer cluster is up and running? Is it safe to delete all frozen buckets from coldToFrozenDir manually from the indexers, while the cluster is up and ... by bamthauer Explorer in Getting Data In 10-19-2017 0 1	0	1