Getting Data In

Discussions

Thread Info

How can we create multiline events based on the value of a field?

We have json source data with a MESSAGE field that has the actual log entry we want to collect. Each event also has a...

by Path Finder in

How to combine common fields in 2 sourcetypes without using the join command?

I am using Splunk Enterprise. Here are 2 sourcetype A and B and they share a same fileld UserName. The search time ra...

by Engager in

host name extraction during data upload

Just trying to manually add data with different host names in the logs. (with the "add data wizard") What is the bes...

by Splunk Employee in

I have a csv file which contains random data in two rows, and has structured data from 3rd row , How can I blacklist top two rows get data in splunk csv format

Ex: a, b, c, d, e, f , g name, class, year, branch abc, 1,2016, maths I want to blacklist a,b,c ,d, e ,f and...

by Explorer in

Process for Data retenetion policies

Hi, I wanted to apply data retention policy on splunk enterprise for the first time (as of now this is default) as...

by Path Finder in

How do i set frozenTimePeriodInSec to specefic index

Hi, I wanted to apply a retention policy on a specific index which where i wanted to set frozenTimePeriodInSec = 315...

by Path Finder in

About datamodel in deploy environment.

In my environment, I have two indexers for one Search head and I created a data model in Search head for accelerating...

by Builder in

Are there any easier way to check file monitoring status beside using TailingProcessor:FileStatus output

I know I can use this command to check the file monitoring status, however, it give a huge output. ./splunk _inter...

by Splunk Employee in

How to validate text field inputs?

I have a dashboard with text field inputs. I would like to perform a check using the value that is entered in this te...

by New Member in

Timestamp extraction

Hi, I've got a csv file with the a date field against events in the format 1-July-2016. Can I create a sourcetype ...

by Communicator in

Indexing data on Cold Bucket (log source based)

Hi, We are considering to index some of our data directly on cold buckets. They will not search frequently and we ...

by Path Finder in

Summary Index vs Report Acceleration?

I have DNS logs from both Windows and Unix BIND. What I am trying to do is create a quick way for admins to query 90 ...

by Explorer in

Splunk forwarder not releasing files

All, I am trying to figure out if there is a setting I may have missed somewhere or if this is just a Splunk prob...

by Explorer in

How to forward sourcetype from a heavy forwarder to a separate Splunk instance?

I have two Splunk search heads and indexers. Currently, all of the data sourcetypes get indexed on primary Splunk ins...

by New Member in

How can I get Splunk to access and forward Windows Events from a remote laptop?

How can I get Windows Events forwarded to a Splunk Enterprise Instance I just set up on a different laptop? Thank ...

by New Member in

Unable to get day value padding to work via the props.conf

Unable to get day value padding to work via the props.conf. The log file looks as follows: Jul 5 20:51:28 abcdenc...

by Path Finder in

How to perform a database cleanup on Windows?

Hello! Looking in the community, unfortunately I was confused and found only for Linux versions. And I installed it i...

by New Member in

Powershell unattended installation

How would you go about creating an unattend intallation on a Windows. I need a script for hte following reason: co...

by Champion in

index the same logs to multiple indexes - good or bad?

Hi There, I would like to know if it's not recommended to index the same logs to two different indexes? We actuall...

by Explorer in

Simple XML: How to pass timestamps to a drilldown?

Running Splunk 6.3.10 I'm running into an issue trying pass a custom time to a drilldown for a table. The search r...

by Explorer in

Lookup in props using combined columns

While writing props/transforms for an in house TA, i'm stuck with a tricky situation. I'm making use of lookup file t...

by Super Champion in

Rename sourcetype to keep all the same no -too_small or -2,-3 added

We have a 3 index/3 search head cluster with master and deployment server. I have a inputs.conf with [monitor:L...

by New Member in

How to create a summary index for my csv file

On a daily basis I have a CSV loaded into splunk. I want to create a summary index so that this CSV will have histori...

by Contributor in

Splunk Cloud Trial and Http Event Collector - NOT WORKING

I have the 15 day trial version of Splunk Cloud. The Http Event Collector documentation http://dev.splunk.com/view/ev...

by Contributor in

At what point do you need to consider scaling horizontally for Syslog collection and what would that architecture look like?

I started a thread a while ago about UDP errors with syslog (http://answers.splunk.com/answers/42645/log-dropping-in-...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How can we create multiline events based on the value of a field?

How to combine common fields in 2 sourcetypes without using the join command?

host name extraction during data upload

I have a csv file which contains random data in two rows, and has structured data from 3rd row , How can I blacklist top two rows get data in splunk csv format

Process for Data retenetion policies

How do i set frozenTimePeriodInSec to specefic index

About datamodel in deploy environment.

Are there any easier way to check file monitoring status beside using TailingProcessor:FileStatus output

How to validate text field inputs?

Timestamp extraction

Indexing data on Cold Bucket (log source based)

Summary Index vs Report Acceleration?

Splunk forwarder not releasing files

How to forward sourcetype from a heavy forwarder to a separate Splunk instance?

How can I get Splunk to access and forward Windows Events from a remote laptop?

Unable to get day value padding to work via the props.conf

How to perform a database cleanup on Windows?

Powershell unattended installation

index the same logs to multiple indexes - good or bad?

Simple XML: How to pass timestamps to a drilldown?

Lookup in props using combined columns

Rename sourcetype to keep all the same no -too_small or -2,-3 added

How to create a summary index for my csv file

Splunk Cloud Trial and Http Event Collector - NOT WORKING

At what point do you need to consider scaling horizontally for Syslog collection and what would that architecture look like?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures