Getting Data In

Discussions

Thread Info

How to add a timestamp to a CSV file that will display the creation time instead of default modtime when parsing?

I have the following problem: I receive some text files (comma separated) which I need to index and search. Proble...

by New Member in

How to Read a CSV file (with time-stamped data for past 24 hours) and Index the data

Hello All, My client's machine generates a daily data log (in csv format). How do one configure splunk to read & inde...

by Path Finder in

timestamp recognition on a split date and time with no prefix

I have events that start with a format similar to: 14-Jul-17,7:23:00 PM,7:23:36 PM,7:23:36 PM,-36,206 where the...

by Splunk Employee in

Calculating latency based on uuid

I'm trying to calculate request times for a web app to analyze latency. When a user clicks a button in the client UI,...

by New Member in

Upgrading Universal Forwarder from 5.0.2 to 6.5.4

Hello Splunk Experts, Recently, I've been tasked to upgrade a distributed Splunk environment with the condition as...

by Communicator in

What does splunk-parameter "--auto-ports"do?

This parameter is used in auto-install-scripts for the Universal Forwarder but I could not find any information about...

by Communicator in

Extract values for fields with the same name, but specifics come after value.

I'm using splunk to search my Cisco ISE logs. There is an ISE app, which is great, but has a pretty significant probl...

by Path Finder in

How can I tell if a heavy forwarder or universal forwarder was installed on a box?

I have a box that I didn't install that has a forwarder on it, but I'm not certain whether it's a Heavy Forwarder or ...

by Communicator in

What are consideration when integrating with ServiceNow

Please advise on the best practices for ServiceNow integration. How to integrate and enable auto ticket creation.

by Engager in

About distributed search.

In my environment, I have two indexers for one Search head. I think that these commands like "search", "dedup", "t...

by Builder in

Can an intermediate Heavy Forwarder forward data to a third party system without indexing?

Can I forward data from the universal forwarders using an intermediate heavy weight forwarder to a third-party system...

by Engager in

Structured data (TSV) configured on UNiversal Forwarder with Transform applied on Indexer

I have some TSV files that I am forwarding with a Universal Forwarder. I have props.conf configured on the UF with th...

by Communicator in

How to collect logs from a DC with a Splunk Universal Forwarder and with a 3rd party WMI at the same time?

Hi, Our customer has several DC (Domain Controllers). They already collect logs from DC using SyslogNG Agent over ...

by Communicator in

Splunk Monitor Stazas

Hi Team, We have a distributed environment with several forwarders managed by Deployment Server. Recently, I have ...

by Path Finder in

REST API is not shown in Data Inputs

I am really trying to follow this link (below) for getting a twitter feed into Splunk: https://discoveredintelligence...

by New Member in

connection refused: What may be the root cause?

Hi, I am getting Connection refused error, for one of the host. Is it because of firewall issue's? . Please guid...

by New Member in

CSV Headers appearing as events

My events are appearing on Splunk and the fields are getting extracted however the header is appearing as an event ev...

by New Member in

duplicated events when monitoring from log file

Hi, I have a script that pulls oracle events and write them to a file called ora.log.The script runs at 5 min inte...

by Contributor in

How can I filter windows XML event logs?

I have the following inputs.conf stanza: [WinEventLog://Security] disabled = 0 start_from = oldest current_only = ...

by Path Finder in

CSV and TSV File Inputs on Universal Forwarder - Do I need to configure both INDEXED_EXTRACTIONS and FIELD_DELIMITER?

I am going to be forwarding CSV and TSV files, and was wondering if I need to configure both INDEXED_EXTRACTIONS and ...

by Communicator in

How do I prevent indexing duplicate data with CLONE_SOURCETYPE and_SYSLOG_ROUTING in transforms.conf?

Hello, I am experiencing unexpected behavior with the CLONE_SOURCETYPE attribute in transforms. When I use CLONE_...

by Explorer in

index esxi logs on central syslog-ng/splunk host

Hi there we're running a central syslog-ng host where we collect all logs relevant to us. usually delivered by sys...

by Engager in

How to get HTTP Event Collectors enabled in Splunk Cloud?

We are investigating Splunk Cloud for our browser apps performance and logging. To see if the HTTP Event Collectors w...

by Engager in

How to index a simple dir in Windows Environment

Hi guys. A simple question (i hope  ). I need to index in a single event this very very simple Windows .cmd outp...

by Builder in

Coalesce and CIM Compliant Fields

Hello, From a reporting perspective, I have apache logs in a company standard format. Due to load balancing configura...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to add a timestamp to a CSV file that will display the creation time instead of default modtime when parsing?

How to Read a CSV file (with time-stamped data for past 24 hours) and Index the data

timestamp recognition on a split date and time with no prefix

Calculating latency based on uuid

Upgrading Universal Forwarder from 5.0.2 to 6.5.4

What does splunk-parameter "--auto-ports"do?

Extract values for fields with the same name, but specifics come after value.

How can I tell if a heavy forwarder or universal forwarder was installed on a box?

What are consideration when integrating with ServiceNow

About distributed search.

Can an intermediate Heavy Forwarder forward data to a third party system without indexing?

Structured data (TSV) configured on UNiversal Forwarder with Transform applied on Indexer

How to collect logs from a DC with a Splunk Universal Forwarder and with a 3rd party WMI at the same time?

Splunk Monitor Stazas

REST API is not shown in Data Inputs

connection refused: What may be the root cause?

CSV Headers appearing as events

duplicated events when monitoring from log file

How can I filter windows XML event logs?

CSV and TSV File Inputs on Universal Forwarder - Do I need to configure both INDEXED_EXTRACTIONS and FIELD_DELIMITER?

How do I prevent indexing duplicate data with CLONE_SOURCETYPE and_SYSLOG_ROUTING in transforms.conf?

index esxi logs on central syslog-ng/splunk host

How to get HTTP Event Collectors enabled in Splunk Cloud?

How to index a simple dir in Windows Environment

Coalesce and CIM Compliant Fields

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

UF

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout