Getting Data In

Community Activity

Best way to send Windows event logs from a Windows 12 server to indexers? Unfortunately I am not allowed to install a universal forwarder on Windows endpoints to send Windows event logs into ... by packet_hunter Contributor in Getting Data In 10-14-2017 0 9	0	9
Host name not showing correctly I have several VM servers from an image. The host names have been changed but somewhere the old host name is populat... by hartfoml Motivator in Getting Data In 10-13-2017 0 4	0	4
How can I keep track of IDs that come from different sources in the same index? I am trying in splunk to monitor the progress of certain id’s which come from two different sources but in the same i... by Mike6960 Path Finder in Getting Data In 10-13-2017 0 6	0	6
How to regularly write filtered events to a new index? if I have an index test, the index has too many events, I need to filter by keyword and write the result to the index... by xsstest Communicator in Getting Data In 10-13-2017 0 5	0	5
Detect/handle parsing error and log format change Hi, I have been asked about log parsing and parser error detection in Splunk. The questions are: In general - how c... by ikulcsar Communicator in Getting Data In 10-13-2017 0 2	0	2
How to make search using Splunk Rest API I have following search query that I run on the Splunk search UI & It works fine: index=cpaws source=PFT buildNumber... by neeldesai1992 Path Finder in Getting Data In 10-13-2017 0 10	0	10
Logs from rsyslog server stopped indexing My setup is FW, WAF and Web-proxy logs being pushed to my Rsyslog Fwd which has a UF installed to push to my indexer... by shaktik Explorer in Getting Data In 10-13-2017 0 4	0	4
Splunk Rest API: How to pass parameters in search HI, I have an requirement to create splunk rest api which can accept inputs and pass it to the search. Search will ac... by vaibhavagg2006 Communicator in Getting Data In 10-13-2017 0 4	0	4
Can I use != in blacklist? I only want to see cmd.exe and blacklist everything else for EventCode 4688. blacklist = EventCode="4688" Message="(... by benbabich Explorer in Getting Data In 10-13-2017 0 3	0	3
Why does my search that checks for extract yield events twice with two different timestamps? I recently setup Splunk Dashboard integrated with Tableau, when i run below mentioned query it gives me a count of su... by shakeel253 Explorer in Getting Data In 10-13-2017 0 2	0	2
Is there index shardings in Splunk space? Does Splunk 6.x support the index sharding across multiple indexers,e.g. I have an index called myindex, is it possib... by danielwan Explorer in Getting Data In 10-13-2017 0 5	0	5
Send data to heavy forwarder to filter events AND change sourcetype - help please Hello, As the question states, i'm looking to send events from a universal forwarder to a heavy forwarder to have fi... by johnmvang Path Finder in Getting Data In 10-13-2017 0 3	0	3
Adding additional column after grouping for JSON records The incoming logs are stored in Splunk in a JSON format. Example JSON records below. Entry 1 : { data:[ { ... by technie101 Explorer in Getting Data In 10-12-2017 0 5	0	5
Heavy Forwarder not showing in Deployment Server Hi Team, I am facing a very strange issue. I have two heavy forwarder, let say host1 and host2. I am getting data f... by ashish9433 Communicator in Getting Data In 10-12-2017 1 4	1	4
How to handle LINE_BREAKER regex for multiple capture groups? Specifically now that we are getting both ip4 and ip6 logs? In the past we had an easy LINE_BREAKER regex that broke on newlines where an ip4 was present ([\r\n]+)\d+.\d+.\d+.\d... by briancronrath Contributor in Getting Data In 10-12-2017 0 3	0	3
How to confirm a udp input is running? Hi, I'm having issues with what should be a very basic setup. I have an appliance sending syslog messages to a heav... by a212830 Champion in Getting Data In 10-12-2017 0 10	0	10
Some host's IP address not being resolved to hostname for syslog data sent to udp port 514 Prior to setting connection_host to DNS for udp:514, all my hosts sending data via syslog got indexed with the host f... by coleman07 Path Finder in Getting Data In 10-12-2017 0 3	0	3
How to prevent directory bombs on forwarders? Spent all day yesterday trying to figure out why a client's logs weren't indexing. Most of the time I had no access t... by twinspop Influencer in Getting Data In 10-12-2017 0 1	0	1
Search for account failing a log on at repeating intervals I'm trying to make a search that looks for an account trying to log onto a destination at a repeating interval. This ... by j4adam Communicator in Getting Data In 10-12-2017 0 3	0	3
How to change a host from test01 to test02 for a specific sourcetype ? Hi All, Currently we have request to change only the host from test01 to test02 for a sourcetype=sap:script:error an... by Hemnaath Motivator in Getting Data In 10-12-2017 0 2	0	2
Why is my forwarder missing from the list of forwarders? I have installed universal forwarders on all of the servers I want to monitor with Splunk. If I go on the Splunk Serv... by Hekmel Engager in Getting Data In 10-12-2017 0 4	0	4
Unable to install Splunk Universal Forwarder on Windows Server 2003 (32-bit) Hello, I'm currently facing a problem on installing splunk universal forwarder on 1 of our windows server, the insta... by dantimola Communicator in Getting Data In 10-12-2017 0 1	0	1
Splunk Plugin for Jenkins (DevOps): Why has the plugin stopped working on one of my cluster masters? Splunk (6.4.2) large cluster. Splunk Plugin for Jenkins 1.3.1 I have the Splunk plugin on 4 Jenkins masters. One of... by hal_boggess Explorer in Getting Data In 10-11-2017 0 5	0	5
Splunk search result to csv format Hello, We have requirement to have Splunk search/dashboard result data in csv format to be fed into another tool. Th... by hemendralodhi Contributor in Getting Data In 10-11-2017 0 2	0	2
transforms.conf returning events that match REGEX value as value of FORMAT key I am trying to build a filter so I only index events that match this regex: .[%]. I asked a question previousl... by JordanPeterson Path Finder in Getting Data In 10-11-2017 0 4	0	4