Getting Data In

Ask a Question

Discussions

Thread Info

Why am I seeing "WARN DateParserVerbose - Failed to parse timestamp"?

I have an event like: {"app":"EventHub Service","caller":"kafka.go:110","fn":"gi.build.com/predix-data-services/ev...

by Builder in

Extract some lines of an event from a CSV file and index in separate sourcetype OR Index

Hi guys, Please provide your input on the below scenario. I have some events like below. Here , I want to extract ...

by Explorer in

Is it possible to index a CSV file making column A be the header?

Have a bunch of CSV files that were generated (and will continue to be generated) based on a human readable form that...

by SplunkTrust in

Can I have two apps that have two different indexers and indexes for the SAME Windows Event Log monitor stanza?

I have an app with an inputs.conf that has a stanza for [WinEventLog://Microsoft-Security-Logs] to an index and uses ...

by Path Finder in

How to forward data from a syslog collection server to a third party server?

Hey everyone, I currently have several devices forwarding syslog data to a syslog server. All of the devices data ...

by Path Finder in

Configure selective indexing to send all logs to a dev indexer

i am bit lost on selective indexing. I wanted to configure on of my prod indexers to send logs to a dev indexer and a...

by Contributor in

Metadata showing wrong last Indexed time

I have a query that runs once a day to tell me if certain source types have no data coming in after X time. The quer...

by Path Finder in

Transform to replace index does not work for two hosts

Due to certain reasons, we have a number of destination indexes that need to be rewritten before indexing. Basically ...

by Builder in

How do I send Cisco Meraki FW logs?

I am trying to send logs from Cisco Meraki FW to our Splunk instance. No universal forwarder is on the FW. Can I stil...

by New Member in

Having troubles extracting a time stamp.

Hello all, I'm having an issue with my environment while trying to index a set of logs i get from a file nightly a...

by Explorer in

Can you group configuration files to simplify each app in Splunk (search head, indexer, forwarder)?

Is there any guideline or best practice what .conf to put in gui/indexer/forwarder level? I mean each .conf has it...

by Path Finder in

Extracting date from file name via custom datetime.xml not working...

All, Here is the file name and my datetime.xml config. When I apply this and try to import the data, Splunk gets s...

by Splunk Employee in

Where do I edit props.conf in a cluster?

If I'm using an index time props.conf setting (in this case SEDCMD) do I edit props.conf on the master or do I have t...

by Explorer in

Will the configuration for indexes created on Search Heads be reflected in indexers?

We have a indexer cluster{10 indexers] in our environment, and 2 search heads. If we create indexes on a search head ...

by Explorer in

Why is my sourcetype on the indexer when I import a JSON file?

I am trying to import JSON file on Splunk Enterprise, my sourcetype is below: CHARSET=UTF-8 INDEXED_EXTRACTIONS=js...

by Explorer in

Data is sent to main index only - RESOLVED

in system/local directory below is the configuration. [monitor:\{Log Location}] sourcetype=test index=chilqa disab...

by Path Finder in

Can I change the management port 8089 on only the vCenter universal forwarders?

Hi - I've seen various discussions on this topic, namely 8089 used by vCenter as well as SPLUNK's deployment server b...

by Engager in

Is it possible to set a timestamp to year value only?

Hey everyone, i know Splunk is only for machine data, but I was trying to use it for some other non-machine data that...

by Engager in

Universal forwarder stopped sending data after a reinstall

We were facing issue in Splunk log forwarding to IDXer cluster. I found that our enterprise instance servers are 6...

by Path Finder in

Migrating Splunk Enterprise from one machine to other

Hi, I need to migrate Splunk Enterprise from one machine to other machine. Currently I am running Splunk 6.4 and w...

by Path Finder in

Trying to capture cisco syslog errors

I just installed Splunk, and pointed my Cisco switch and router at the Splunk server IP, and told the server to liste...

by New Member in

How can it be that a source type in use isn't listed in Settings: (Data) Source types?

We have a single Splunk instance (the server) with a number of Forwarders on remote machines (the clients). I've inst...

by Contributor in

How to detect users using DNS different than organization DNS

Dear All Good Day I need search detect users using DNS different than Organization DNS. Please share me your ideas ...

by New Member in

What happens when I update maxTotalDataSizeMB in a live environment

Hi guys, We are running a multi site index cluster with 12 indexers (6 across 2 sites). Our goal is to limit the ...

by Communicator in

Uploaded a large dataset (CSV file) and the data is not displaying correctly

Hi I have upload a CSV file with a lot of data. In one of the column value about more then 1000 characters (with s...

by Explorer in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why am I seeing "WARN DateParserVerbose - Failed to parse timestamp"?

Extract some lines of an event from a CSV file and index in separate sourcetype OR Index

Is it possible to index a CSV file making column A be the header?

Can I have two apps that have two different indexers and indexes for the SAME Windows Event Log monitor stanza?

How to forward data from a syslog collection server to a third party server?

Configure selective indexing to send all logs to a dev indexer

Metadata showing wrong last Indexed time

Transform to replace index does not work for two hosts

How do I send Cisco Meraki FW logs?

Having troubles extracting a time stamp.

Can you group configuration files to simplify each app in Splunk (search head, indexer, forwarder)?

Extracting date from file name via custom datetime.xml not working...

Where do I edit props.conf in a cluster?

Will the configuration for indexes created on Search Heads be reflected in indexers?

Why is my sourcetype on the indexer when I import a JSON file?

Data is sent to main index only - RESOLVED

Can I change the management port 8089 on only the vCenter universal forwarders?

Is it possible to set a timestamp to year value only?

Universal forwarder stopped sending data after a reinstall

Migrating Splunk Enterprise from one machine to other

Trying to capture cisco syslog errors

How can it be that a source type in use isn't listed in Settings: (Data) Source types?

How to detect users using DNS different than organization DNS

What happens when I update maxTotalDataSizeMB in a live environment

Uploaded a large dataset (CSV file) and the data is not displaying correctly

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

DNS logs - INFO [:12345] Script exceeded maximum r...

Onboard Unknown Source to SC4S

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions