Getting Data In

Discussions

Thread Info

Sourcetypes with Docker and HTTP Event Collector

(Trying to pull a few similar discussions together and recorded for posterity) Challenge The current Docker Log...

by Ultra Champion in

Carriage return newline (\r\n) not working as delimiter for makemv

I am trying to break a field (httpRequest), into a multivalue field and then extract the value of one of the values. ...

by Engager in

Why is Splunk index evaluation of _time inconsistent with timestamp in log file?

The splunk index evaluation of _time is not consistent with what is in the log. See the two entries below. Both are f...

by Explorer in

log file parsing on IDX

Hello, I just want to parse a log file. I try every solution found on forum but never work. (Splunk 7.3.3) Log: ...

by Path Finder in

using rex mode="sed" to remove strings surrounded by # characters

Hi, I have a series of log entries that are in the form #4 MyApp\Framework\DB\Adapter\Pdo\Mysql->_query('SELECT...

by New Member in

Is it a valid configuration to have indexers on different IP subnets/vlans for a single site in a multisite cluster?

We have nine sites in a multi-site cluster with indexers at each site ranging from three to 15 servers. Each site's i...

by Path Finder in

Using Splunk Universal Forwarder to collect from ElasticSearch/Logstash

one of our end-user clients have massive information stored in ELK stack. Our company needs to collect those data int...

by Super Champion in

Send files from to Splunk server from Jenkins

Hello, I want to send report files which is in XML format from Jenkins to Splunk server. I am using Jenkins send f...

by New Member in

Event Timestamp mismatch with Index Timestamp

Last year 2019 we have deployed Splunk Cloud in our environment . Post which we have configured the logs into Splunk ...

by Explorer in

How to delete data / index (reset start from scratch)

From UI it seems easy to add data but I don't see an option to delete existing data from index. I need the quick an d...

by Explorer in

windows 2003 servers monitor using Splunk 8.0

I know both Microsoft and Splunk not supporting OS and UF(6.x) for windows 2003.And not compatible to send 6.x UF dat...

by Motivator in

Performing procedural search on daily indexed data, appending results as they appear.

Just looking for the best practice solution to the below problem. I'm pretty new to Splunk, so I feel the answer migh...

by Engager in

How do we limit the length of json events?

In Does TRUNCATE specify the ultimate size of an event? we looked at standard logging and we are good with TRUNCATE f...

by Motivator in

How to filter windows event logs in forwarder based on event codes.

Hi, I am trying to pull event logs from remote machines using universal forwarders. I have done the configuration ...

by Engager in

Does TRUNCATE specify the ultimate size of an event?

We are not clear whether setting TRUNCATE to a certain value guarantees that the event won't exceed this size in byte...

by Motivator in

Unbalanced search load on indexer cluster

I have six indexers, one search head and a cluster manager on different hardware. During quiet times in terms of u...

by Path Finder in

Issue on file monitoring using forwader

i have these 2 directories being monitored by a forwarder. One i indexing and another is not. They have the same root...

by New Member in

REST API - JSON Invalid format

Hi, I was trying to get the data from Splunk using curl REST API with the following detail:- curl -k -u myusername...

by Engager in

Using Ansible uri module to add users to splunk via REST API

So I want to elist Ansible to help me manage splunk users across 100's of Splunk servers around the world. I know how...

by Builder in

Index Data Retention

Splunk Query to check what is the Data retention set for hot/warm , cold for each index

by Engager in

Getting Data In

Discussions

Sourcetypes with Docker and HTTP Event Collector

Carriage return newline (\r\n) not working as delimiter for makemv

Why is Splunk index evaluation of _time inconsistent with timestamp in log file?

log file parsing on IDX

using rex mode="sed" to remove strings surrounded by # characters

Is it a valid configuration to have indexers on different IP subnets/vlans for a single site in a multisite cluster?

Using Splunk Universal Forwarder to collect from ElasticSearch/Logstash

Send files from to Splunk server from Jenkins

Event Timestamp mismatch with Index Timestamp

How to delete data / index (reset start from scratch)

windows 2003 servers monitor using Splunk 8.0

Performing procedural search on daily indexed data, appending results as they appear.

How do we limit the length of json events?

How to filter windows event logs in forwarder based on event codes.

Does TRUNCATE specify the ultimate size of an event?

Unbalanced search load on indexer cluster

Issue on file monitoring using forwader

REST API - JSON Invalid format

Using Ansible uri module to add users to splunk via REST API

Index Data Retention

DataParserVerbose - Accepted time format has chang...

how to extract json fields in a mixed type log out...

Cisco CNAE problems with script data input

Best Practice for Adding a Transforms on Indexers

(Caused by ProxyError('Cannot connect to proxy.', ...