Getting Data In

Discussions

Thread Info

How do I only see the latest data from a dynamically changing CSV file?

I have a customer's CSV file that is dynamically updated. By that' what i mean is that the last row is sometimes dele...

by SplunkTrust in

How do I configure Splunk to extract the timestamp from a new log file I'm trying to index?

Hello, Splunkers! I'm trying to add a new log file, but I can't extract the correct timestamp. Help me to write an...

by Path Finder in

How to get data from a Rest API in Splunk 6.3?

I am trying to get data from a Rest Site. Splunk 6.3 no longer has the modular input that handles it. I went through ...

by Explorer in

How to change DELIMS in transforms.conf to use multiple white space?

We have a system that sends logs with extra white space, causing everything to be off by 1. When the day of month cha...

by Explorer in

HTTP Event Collector: Can I set up a farm of Splunk 6.3 forwarders and send them to to 6.1 indexers?

Hi, I have customers interested in using the HTTP event collector, but I'm still running 6.1 indexers and search h...

by Champion in

How do I edit my props.conf and transforms.conf to do a reverse DNS Lookup on a certain field?

I'm trying to do a reverse DNS lookup on a field in Splunk called client_ip. I'm running Splunk version 6.2.4. I've a...

by New Member in

How do I configure Splunk for proper line breaking of my sample JSON event into multiple events?

I am trying to break this into multiple events. Each event starts with clouds. This is JSON format, but Splunk is not...

by Path Finder in

How to get large a JSON file recognized as JSON in Splunk Web and prevent it from being truncated?

We're pushing a few different JSON files to our Splunk server via a Splunk Forwarder running on a different machine. ...

by Explorer in

Is it possible to migrate data collected on a Linux Splunk installation to Windows?

Just curious if it is possible to take data collected on a Linux install and migrate it to a new Windows install.

by New Member in

Splunk universal forwarder v6.2.6.274160, how can I verify which version of SSL it's using?

We continue to get the freak vulnerability security item show up on our scans and the ssl version of splunk was ident...

by New Member in

No Data reports- any way to not send email?

Looking for a way to prevent Splunk from sending an email with a blank report. In our case certain reports run every ...

by Path Finder in

REST API Modular Input - Polling Interval is not working

Hello Everyone, I try to use the REST Api Input in my splunk account but i have an issue. The "Polling Interval" ...

by Engager in

How to troubleshoot why a universal forwarder lost data when forwarding to an indexer?

I deploy a universal forwarder on SUSE Linux server, and monitor a log file. This forwarder forwards data to an index...

by New Member in

After upgrading Splunk from 4.3.3 to 6.2.0, why did a single Universal Forwarder suddenly stop translating local SIDs to Account Names in Windows security logs?

I have a single UniversalForwarder which has stopped translating local SIDs to account names in the Windows Security ...

by Communicator in

How to mask SSN at index-time using SEDCMD in props.conf?

I'm trying to mask SSN using the SEDCMD command, but it isn't working. My search: sourcetype = my_source_type ...

by Path Finder in

Why are the timestamps different when indexing CSV files locally versus being sent via universal forwarder?

I'm having an issues with timestamps on CSV files. Here is what a sample of raw data looks like: DATE,HOUR,WOR...

by SplunkTrust in

Is KV Store better than a state CSV file when I need high availability in a Search Head Cluster?

http://blogs.splunk.com/2011/01/11/maintaining-state-of-the-union/ http://dev.splunk.com/view/SP-CAAAEY7 Is KV sto...

by Contributor in

Splunk For IIS?

Is there a Splunk for IIS that can be used on version 4.x? Thanks.

by Engager in

Why are timestamps parsed correctly for only one of two inputs? Do TIME_FORMAT & TIME_PREFIX work on a Universal Forwarder?

I stumbled across an interesting issue and need some advice / hints here. I have two sourcetypes where I need some...

by Path Finder in

Why does INDEXED_EXTRACTIONS=JSON not extract all fields from our JSON data?

Hello, We are trying to index long JSON files. Each JSON file is one event. As performance is more important to us...

by Explorer in

Getting Data In

Discussions

How do I only see the latest data from a dynamically changing CSV file?

How do I configure Splunk to extract the timestamp from a new log file I'm trying to index?

How to get data from a Rest API in Splunk 6.3?

How to change DELIMS in transforms.conf to use multiple white space?

HTTP Event Collector: Can I set up a farm of Splunk 6.3 forwarders and send them to to 6.1 indexers?

How do I edit my props.conf and transforms.conf to do a reverse DNS Lookup on a certain field?

How do I configure Splunk for proper line breaking of my sample JSON event into multiple events?

How to get large a JSON file recognized as JSON in Splunk Web and prevent it from being truncated?

Is it possible to migrate data collected on a Linux Splunk installation to Windows?

Splunk universal forwarder v6.2.6.274160, how can I verify which version of SSL it's using?

No Data reports- any way to not send email?

REST API Modular Input - Polling Interval is not working

How to troubleshoot why a universal forwarder lost data when forwarding to an indexer?

After upgrading Splunk from 4.3.3 to 6.2.0, why did a single Universal Forwarder suddenly stop translating local SIDs to Account Names in Windows security logs?

How to mask SSN at index-time using SEDCMD in props.conf?

Why are the timestamps different when indexing CSV files locally versus being sent via universal forwarder?

Is KV Store better than a state CSV file when I need high availability in a Search Head Cluster?

Splunk For IIS?

Why are timestamps parsed correctly for only one of two inputs? Do TIME_FORMAT & TIME_PREFIX work on a Universal Forwarder?

Why does INDEXED_EXTRACTIONS=JSON not extract all fields from our JSON data?

Is there any chunk size applied while reading the...

TcpOutputProc - The TCP output processor has pause...

Getting Data from OpenVMS into Splunk Cloud

when to use http event collector api to create ven...

Splunk cloud and Microsoft Infrastructure