Getting Data In

Community Activity

Does Splunk have an option to only index part of a JSON file? My json file is very long but most of the information in there is redundant. I just want to get all the segments that... by tamduong16 Contributor in Getting Data In 10-30-2017 0 6	0	6
What are the main differences between the Universal forwarder and Heavy forwarder? Can someone explain me in simply english the difference between there two forwards and where they are using? by test_qweqwe Builder in Getting Data In 10-30-2017 0 1	0	1
What is best process of sending logs from Splunk to syslogng server ? Hi, We are planning to forward Windows events logs from Splunk to RSA. https://answers.splunk.com/answers/581066/how-... by splunker969 Communicator in Getting Data In 10-30-2017 1 4	1	4
I need to get Windows event details index="wineventlog" sourcetype="wineventlog:security" \| search (action=failure OR action=success) \| search (EventCode... by rahul_acc_splun New Member in Getting Data In 10-30-2017 0 1	0	1
CSV lookup, search unstructured index, find matches and return the statistics I posted a comment on https://answers.splunk.com/answers/468612/how-to-search-a-lookup-table-and-return-the-matchi.ht... by msichani Explorer in Getting Data In 10-30-2017 0 4	0	4
Splunk and AIDE -- How do I ignore the first line of an AIDE log file? Right now AIDE runs a check every 5 minutes and comes back with the same results each time of files Added, Removed, o... by matthewssa Path Finder in Getting Data In 10-30-2017 0 2	0	2
New logs not feeding into Splunk I have a Red Hat server running rsyslog. Everything is logging but 1 log is not feeding into Splunk. The rsyslog.conf... by andsmith2 Explorer in Getting Data In 10-30-2017 0 9	0	9
Universal forwarder deprecated for Windows 2008 on Splunk 7.0.0? we are in the process of rolling SPLUNK to production very soon and we going with SPLUNK Enterprise 6.6.3 as we stood... by pfabrizi Path Finder in Getting Data In 10-30-2017 0 4	0	4
How to extract time log from JSON data for event _time? Team, In my JSON data, there is below line which I want to be my event time (_time). "eventDateTime" : "2017-24-08... by anantdeshpande Path Finder in Getting Data In 10-30-2017 0 2	0	2
CSV files indexing with a second structure (new header) with associated values Hi ! Currently working for a quite complex Application, i am indexing many csv files contains within Zip files. Thi... by guilmxm Influencer in Getting Data In 10-30-2017 0 5	0	5
Why isn't my data sorting in ascending order? Hi All, My dashboard is working fine and as expected for a month now. My dashboard is about incident management for ... by NicoloPunzalan2 Engager in Getting Data In 10-29-2017 0 7	0	7
Heavy forwarder not sending logs (Windows) I've got an issue with HF not sending the logs to indexer. Does anyone have experience with something like this? HF ... by hkizuka Explorer in Getting Data In 10-29-2017 0 4	0	4
Is there any advantage to sending data from universal forwarder to an intermediate heavy forwarder instead of directly to indexers? Is there any advantage to sending data from UFs to an intermediate HF instead of directly to indexers? I recall read... by packet_hunter Contributor in Getting Data In 10-29-2017 0 8	0	8
deploy server.conf via deployment server and point individual ssl certs hi all I am a splunk noob. I have created individual server.pem files that are sha256 compliant from my windows ca ... by leonaheidern New Member in Getting Data In 10-29-2017 0 3	0	3
Indexers on windows and linux for same environment We have 2 indexers running on Windows to monitor our production network. A search head distributes the searches acros... by sdevadas Path Finder in Getting Data In 10-29-2017 1 3	1	3
Using Splunk heavy forwarder - Filter data before TCP routing - What's wrong with my configuration? Hi, I'm using a Splunk Heavy Forwarder with props.conf, transforms.conf and outputs.conf to selectively send events ... by patouellet Path Finder in Getting Data In 10-27-2017 0 8	0	8
Are there pre-defined props and transforms.conf configurations for Equallogic and Compellent syslog parsing? Equallogic and Compellent use non-standard syslog formats when sending events. Are there pre-defined Splunk configura... by wightjw New Member in Getting Data In 10-27-2017 0 9	0	9
How to avoid or minimize duplication of data during the switch of data input of the same data from heavy forwarder to syslogger? We have our Heavy forwarder server monitoring a shared directory for proxy data log file provided by our proxy team. ... by mlevsh Builder in Getting Data In 10-27-2017 0 3	0	3
What is the best way to send data to Splunk HTTP Event collector? UDP vs forwarder? Hi, Can someone please help guide me based on experience? What is the best mechanism to stream data to Splunk? As par... by pimco_rgoyal Observer in Getting Data In 10-27-2017 0 2	0	2
VMware ESXi Syslog Events Showing Up Under Multiple Time Stamps I currently have the following in my props.conf (real values were replaced by x's) which matches the names of all my ... by stevenbright New Member in Getting Data In 10-26-2017 0 3	0	3
How to configure 2 Universal Forwarder instances (Splunk 6.1.3 and 6.3.0) on a single AIX machine? Hi All, I am planning to configure two Splunk Universal Forwarder instances on one of our AIX machines. Version of S... by bharathkumarnec Contributor in Getting Data In 10-26-2017 1 14	1	14
Parsing out a 32-char GUID from a nested JSON array I have a JSON object in Splunk that looks something like this: { "myArr": [ [ "redbull", "2;2cf77a... by nickchow New Member in Getting Data In 10-26-2017 0 1	0	1
Is it possible to combine these two search results to create 1 alert? I have two very different search queries that I am having a hard time combining into one search. Search 1 yields res... by jimmerb83 New Member in Getting Data In 10-26-2017 0 1	0	1
JSON extractions duplicates. Distributed environment. Hello, I have in props.conf this configuration (Universal Forwarder) : INDEXED_EXTRACTIONS = json KV_MODE = none DAT... by Rialf1959 Explorer in Getting Data In 10-26-2017 0 1	0	1
Best Practice for ingesting script as data input in indexing cluster We have an index cluster with two indexers, a cluster master, and a cluster search head. We want to deploy scripts t... by EricLloyd79 Builder in Getting Data In 10-26-2017 0 4	0	4

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Getting Data In

Does Splunk have an option to only index part of a JSON file?

What are the main differences between the Universal forwarder and Heavy forwarder?

What is best process of sending logs from Splunk to syslogng server ?

I need to get Windows event details

CSV lookup, search unstructured index, find matches and return the statistics

Splunk and AIDE -- How do I ignore the first line of an AIDE log file?

New logs not feeding into Splunk

Universal forwarder deprecated for Windows 2008 on Splunk 7.0.0?

How to extract time log from JSON data for event _time?

CSV files indexing with a second structure (new header) with associated values

Why isn't my data sorting in ascending order?

Heavy forwarder not sending logs (Windows)

Is there any advantage to sending data from universal forwarder to an intermediate heavy forwarder instead of directly to indexers?

deploy server.conf via deployment server and point individual ssl certs

Indexers on windows and linux for same environment

Using Splunk heavy forwarder - Filter data before TCP routing - What's wrong with my configuration?

Are there pre-defined props and transforms.conf configurations for Equallogic and Compellent syslog parsing?

How to avoid or minimize duplication of data during the switch of data input of the same data from heavy forwarder to syslogger?

What is the best way to send data to Splunk HTTP Event collector? UDP vs forwarder?

VMware ESXi Syslog Events Showing Up Under Multiple Time Stamps

How to configure 2 Universal Forwarder instances (Splunk 6.1.3 and 6.3.0) on a single AIX machine?

Parsing out a 32-char GUID from a nested JSON array

Is it possible to combine these two search results to create 1 alert?

JSON extractions duplicates. Distributed environment.

Best Practice for ingesting script as data input in indexing cluster

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Sophos xg firewall logs not parsed completely

10.2.4- Search Head unable to connect to Indexers

SC4S postfilter not dropping Fortigate east-west t...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

Getting Data In

Join the Conversation