Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Hemnaath

Unable to ingest the data in to splunk from syslogs servers ?

Hi All, Currently got a request from the client to ingest the mguard data from newly set plant into splunk. I could s...
by Hemnaath Motivator in Getting Data In 10-09-2017
0 6
0
6
nabhosal

Will configuring a Universal forwarder to send the same logs to two different Splunk instances cause performance issues?

Hi All, We are planning to configure a universal forwarder to send logs to two different Splunk instances i.e.to clo...
by nabhosal New Member in Getting Data In 10-09-2017
0 2
0
2
aferone

Where do I put props.conf and transforms.conf stanzas to parse custom IIS and firewall fields? Will this impact previously indexed data?

I am trying to parse custom IIS and Windows Firewall fields using props and transforms. Our Universal Forwarders fir...
by aferone Builder in Getting Data In 10-06-2017
0 4
0
4
dbcase

Why does my sample data not show up in search after using the "Add Data" function?

Hi, I have the below data that I'm trying to import into Splunk. Right now I'm working with a sample file only 10 e...
by dbcase Motivator in Getting Data In 10-06-2017
0 7
0
7
tpaulsen

How to configure a heavy forwarder to reroute data from a universal forwarder into a special index different from the one specified in the UF's inputs.conf?

Hi, We need some help with rerouting data from a universal forwarder via a heavy forwarder into a different index th...
by tpaulsen Contributor in Getting Data In 10-06-2017
1 3
1
3
chintan_shah

How can I identity forwarder data rate and index data rate (to identify a lag and prioritize logs)?

Hi, Is there any way where we can identify how much data the forwarder is sending and how much data is being indexed ...
by chintan_shah Path Finder in Getting Data In 10-06-2017
0 1
0
1
chintan_shah

Convert multiple fields as timestamp in csv file

I have a file with multiple fields as timestamp in the format of "Oct 2 2017 1:22:21:000PM". Can someone suggest ho...
by chintan_shah Path Finder in Getting Data In 10-06-2017
0 5
0
5
nk-1

Calculating bandwidth usage of Windows machines using WMI and Splunk

In C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\local\inputs.conf: [perfmon://Network Interf...
by nk-1 Path Finder in Getting Data In 10-06-2017
0 1
0
1
rajnish1202

Unable to parse key-value pair from JSON log data

Hi all, I am trying to parse key-value pair from my JSON log data. I am unable to parse JSON logs into our Splunk ins...
by rajnish1202 Explorer in Getting Data In 10-06-2017
0 9
0
9
pholderness

Accessing bash variables via a universal forwarder scripted input

When using a shell script on my splunk server I am able to access variables with no problem ie #!/bin/bash java -jar...
by pholderness New Member in Getting Data In 10-06-2017
0 1
0
1
RAYUDU_NARA

SSL Error in Splunk indexer

Hi, Recently we upgraded Splunk indexer from the version 6.5.2 to 6.6.3. Now we have many SSL errors are there in lo...
by RAYUDU_NARA Explorer in Getting Data In 10-05-2017
0 1
0
1
biec1

Access JSON data

This is in follow-up to https://answers.splunk.com/answers/578105/help-with-search-to-access-json-data.html#comment-5...
by biec1 Explorer in Getting Data In 10-05-2017
0 1
0
1
mrigs

MVINDEX not working well with SPACE separated values

Hello All, For an event like this - CPU uPct nPct sPct wPct iPct all 0.63 0.00 0.38 ...
by mrigs New Member in Getting Data In 10-04-2017
0 4
0
4
chintan_shah

Splunk Universal Forwarder 6.5.2 -- 100% CPU Solaris

Can someone help me in resolving the issue? Splunkd Universal Forwarder is taking 100% process. I am monitoring aroun...
by chintan_shah Path Finder in Getting Data In 10-04-2017
0 1
0
1
dhotlosz

Indexer issue: problem parsing indexes.conf

I'm getting this error where on the indexer Problem parsing indexes.conf: Cannot load IndexConfig: stanza=clustering...
by dhotlosz Explorer in Getting Data In 10-04-2017
0 1
0
1
takaakinakajima

VM templating of Splunk instances

We plan to create Splunk pre-installed virtual machine (VM) templates for internal use. We have assumed the followin...
by takaakinakajima Path Finder in Getting Data In 10-04-2017
0 2
0
2
ddrillic

Why isn't the timestamp being recognized ?

We have a case that looks like this - So, the events are not broken by the timestamp. Is it because of the undersc...
by ddrillic Ultra Champion in Getting Data In 10-04-2017
0 6
0
6
ellissa

When I delete an old version of Splunk does it delete the old indexes and hosts?

Hi All, I've recently had to reinstall Splunk on my server. It was using an index called "index2", I've since removed...
by ellissa New Member in Getting Data In 10-04-2017
0 1
0
1
sudarshan391

How to deal with data that was uploaded twice?

Hi Experts, I am now in a strange situation, we have a index in which we uploaded .csv files for every month and for...
by sudarshan391 Path Finder in Getting Data In 10-04-2017
1 2
1
2
yrb6924

Search for a list of installed packages with version numbers for a host

I've managed to create a search which will list for me all installed packages on a particular host, but I need to hav...
by yrb6924 New Member in Getting Data In 10-04-2017
0 3
0
3
pfabrizi

Windows Events Not showing Up on Indexer

A UF was installed on 2 Windows domain Controllers. These are in a different windows forest than my other devices. I ...
by pfabrizi Path Finder in Getting Data In 10-04-2017
0 3
0
3
claudio_manig

Doing stats on multivalued JSON fields (mxexpand is too slow)

Hi Ninjas I'm dealing with some deeply nested JSON events like: "sendTime":"2017-09-21T17:02:06.583+02:00","running...
by claudio_manig Communicator in Getting Data In 10-04-2017
0 7
0
7
Mohsin123

: skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block10

skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk s...
by Mohsin123 Path Finder in Getting Data In 10-04-2017
0 1
0
1
newbie2tech

inputs.conf stanza to monitor only current data after changes are pushed to production (ignoring historical data)?

Hi All, I want to ingest the log files from an application server directory using universal forwarder. Log file nam...
by newbie2tech Communicator in Getting Data In 10-04-2017
0 2
0
2
yutaka1005

How to stop line breaking twice? First line feed is CR format and the second line feed is CRLF format

In my environment the following servers exist. windows 2012 R2 Splunk 6.5.2 On this server, when trying to export lo...
by yutaka1005 Builder in Getting Data In 10-04-2017
0 2
0
2
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...
Top Solution Authors
View All