Getting Data In

Discussions

Thread Info

transforms.conf returning events that match REGEX value as value of FORMAT key

I am trying to build a filter so I only index events that match this regex: .*[%].* I asked a question previ...

by Path Finder in

Forwarder management: deployment server vs Chef

I have very little experience with chef. I have a client with very high security requirements. I was wondering if any...

by Builder in

More linebreaking issues

I'm having some issues with linebreaks in one of our logs. I used LINE_BREAKER = WSDL(,\s*) that covered most of the ...

by Explorer in

DNS lookup failing

Hi I read http://www.splunk.com/base/Documentation/4.2.2/Knowledge/Addfieldsfromexternaldatasources and see my de...

by Explorer in

How do I use lookup to filter results? Need search to contain (not equal) a value

I am looking to filter events in splunk by values in a lookup table. I implemented the solution from this question, a...

by Path Finder in

Can I create indexes.conf and inputs.conf files on my search heads to send /var/log/ logs to my indexer cluster?

My SHC of 3 members is Linux. I need to create an inputs.conf to ingest /var/log/* and send them to my indexer-cluste...

by Path Finder in

Help searching a CSV file with multiple conditions

Hi, I spent a lot of hours to find the request I need with no success so I ask your help. My goal is to build a...

by New Member in

Performance impact of using ignoreOlderThan on forwarder

Hi So we have a server which writes out thousands of files a day. Over course of two months we can have 70K+ files...

by Contributor in

Managing SPLUNK in an Enterprise environment

Good morning everyone, I have a question. We have Enterprise apps like Microsoft Exchange and we would like specif...

by Explorer in

Having source ip from 3 sourcetypes, how do I combine them all in one field and table the results?

I have source ips from 3 different log sources with 3 different field names. I want to have all the values from the 3...

by Path Finder in

What are the differences between heavy forwarder and universal forwarder?

hi, we are currently monitoring windows security event logs across 3000 machines in our organization using UF's, t...

by Path Finder in

How to configure different timezones requirement for different apps , running on same server such that same user has access to multiple apps?

Hi , We are working on a clustered environment, having multiple apps all running on default server timezone (Europe/L...

by Path Finder in

REST API Modular Input - 401 Client Unauthorized

I'm trying to get the REST Input to work with Google Nest API which has a space in one of the headers which I think i...

by Explorer in

Is it possible to find values that are wrapped by quotation marks in a lookup table?

I have a lookup table that has values that are wrapped by quotations. For example: "fw: Help". If I try to search for...

by New Member in

Time format throwing error

Hello All, i have a sourcetype with timestamp as "2017-10-10T18:55:47.425Z" and i defined TIME_FORMAT as "%Y-%m-%d...

by Path Finder in

Is it normal behavior for a Windows universal forwarder to have multiple Splunk processes in a terminated state?

Why does the universal forwarder generate many splunk.exe processes and terminate them? i have a plain installation o...

by Communicator in

Override host field with event data

Hello, I am indexing some data from a file monitor and i want to override the host field with data that lays insid...

by Explorer in

How can I break up one long line into multiple events?

I have a file that contains one really long line, see below Example: ["2017-10-09 13:05",976.0,"OK"],["2017-10-09 ...

by Path Finder in

My local Universal Forwarder to AWS Splunk Instance

I have a splunk instance running on Amazon AWS for testing. I'm trying to configure my home pc to forward (universal ...

by New Member in

Splunk timezone change for a specific sourcetye

Hi, I am using the timezone converting attribute " _tzhint" to convert EDT to UTC . This attribute was able to con...

by Path Finder in

Do I need to update inputs.conf to include new indexes to forward data to the new index?

Hi all, Just need help understanding deployment servers better and how you are able to forwarder data to a 'specif...

by Engager in

Earliest event in a sourcetype

Is there a way to know the earliest event of a specific sourcetype and if the actual event can be viewed for validati...

by Communicator in

How can I view scan logs from Windows Defender?

Hi, I have installed the SplunkUniversalForwarder and ave sucessfully got data into Splunk. However, i want to vie...

by Explorer in

Single host is showing up as multiple sources (i.e. server1 and ip-server1). How can I clean this up?

Greetings, In splunk search, some of the hosts are showing under multiple host names. I would like to combine the...

by New Member in

Why am I seeing multiple host names with duplicate client names in forwarder management?

I am seeing multiple Host Names with duplicate Client Names in Forwarder Management. Why is this happening and how do...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

transforms.conf returning events that match REGEX value as value of FORMAT key

Forwarder management: deployment server vs Chef

More linebreaking issues

DNS lookup failing

How do I use lookup to filter results? Need search to contain (not equal) a value

Can I create indexes.conf and inputs.conf files on my search heads to send /var/log/ logs to my indexer cluster?

Help searching a CSV file with multiple conditions

Performance impact of using ignoreOlderThan on forwarder

Managing SPLUNK in an Enterprise environment

Having source ip from 3 sourcetypes, how do I combine them all in one field and table the results?

What are the differences between heavy forwarder and universal forwarder?

How to configure different timezones requirement for different apps , running on same server such that same user has access to multiple apps?

REST API Modular Input - 401 Client Unauthorized

Is it possible to find values that are wrapped by quotation marks in a lookup table?

Time format throwing error

Is it normal behavior for a Windows universal forwarder to have multiple Splunk processes in a terminated state?

Override host field with event data

How can I break up one long line into multiple events?

My local Universal Forwarder to AWS Splunk Instance

Splunk timezone change for a specific sourcetye

Do I need to update inputs.conf to include new indexes to forward data to the new index?

Earliest event in a sourcetype

How can I view scan logs from Windows Defender?

Single host is showing up as multiple sources (i.e. server1 and ip-server1). How can I clean this up?

Why am I seeing multiple host names with duplicate client names in forwarder management?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions