Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
DrFedtke

Field extraction with props.conf and transforms.conf

Hi all, I tried to find a way to extract fields automatically after adding new data. The input is of the type: Log...
by DrFedtke Explorer in Getting Data In 09-28-2017
0 3
0
3
daniel333

Will I be able to upgrade indexers in a cluster without any downtime?

All, A bit concern for us lately is Splunk downtime. Search head clustering has been helpful, so now we're looking ...
by daniel333 Builder in Getting Data In 09-28-2017
0 4
0
4
freedg

Splunk 7.0 installation failed to complete

I am upgrading to Splunk 7.0. The installer hangs and does not complete. Running Win10 1703 on vmware 12 looking fo...
by freedg Engager in Getting Data In 09-28-2017
1 5
1
5
vaibhavagg2006

Issue with Blacklist in Inputs.conf

Hi Experts I have following monitor stanza . I want to blacklist "data/xyz/logs/router.jar.log" but want to monitor "...
by vaibhavagg2006 Communicator in Getting Data In 09-28-2017
0 6
0
6
cdstealer

Why are all of our JSON fields alphanumeric strings?

Hi, I'm ingesting data in pure json and all fields are being extracted. However, all fields are strings regardle...
by cdstealer Contributor in Getting Data In 09-27-2017
0 3
0
3
chintan_shah

How can I index data in real time?

I have created an alert which checks if logs are not present in last 20 mins per source. I have around 32 source file...
by chintan_shah Path Finder in Getting Data In 09-27-2017
0 2
0
2
ahmedhassanean

How do you increase retention time of Splunk monitoring console reports?

How to increase the retention time of Splunk monitoring console Reports in distributed environment?
by ahmedhassanean Explorer in Getting Data In 09-27-2017
0 4
0
4
hrithiktej

Props.conf timezone settings for Eastern? And do I need to reboot any peers?

In our Slave-Apps directory on the 2 peers/indexers we have a custom app created by the prev admin which has setting ...
by hrithiktej Communicator in Getting Data In 09-27-2017
1 24
1
24
RexStout

How can I use my billing info to create a prediction for the future?

I've asked about this before and now I've re-loaded the raw data without any modifications. It looks like this (wit...
by RexStout Explorer in Getting Data In 09-27-2017
0 5
0
5
Hemnaath

How can I change my alerts so they do not resend once they've already been triggered?

Hi All, We have the below query which is getting triggered everyday based on the missing UF server from the lookup ta...
by Hemnaath Motivator in Getting Data In 09-27-2017
0 13
0
13
templier

WinEventLog:security - re-indexing after SplunkForwarder service is restarted

Hello. Again the question from me.=) Noticed such a feature, if restart SplunkForwarder service, security event log...
by templier Communicator in Getting Data In 09-27-2017
0 2
0
2
ctaf

What are the MaxDataSize recommendations for a single indexer?

Hi, We usually say that if we index more than 10GB per day per index, we should put maxDataSize = auto_high_volume ...
by ctaf Contributor in Getting Data In 09-27-2017
0 3
0
3
Hemnaath

How to modify the network devices which are pointing from one sourcetype to another sourcetype in the same index?

Hi All, Currently I have request from the network team that they wanted to point the site 03r & 04r from index=net so...
by Hemnaath Motivator in Getting Data In 09-26-2017
0 10
0
10
lksridhar

Why are we getting "failed to parse timestamp defaulting to file mtime error" for events with no timestamp logs?

Hi Folks, we have below format logs and there is no time stamp on first 5 lines and we are getting error "failed to ...
by lksridhar Explorer in Getting Data In 09-26-2017
0 1
0
1
mrtolu6

How to search for matching fields using 2 different host with same sourcetype?

I'm looking to find matching field (lets call this field action) from 2 different host with the same sourcetype. exa...
by mrtolu6 Path Finder in Getting Data In 09-26-2017
0 1
0
1
Mohsin123

How to subtract 15 hours from my event timestamp

Hi, i'm making a batch job status panel for websphere team . i need to show those jobs as pending state who are runni...
by Mohsin123 Path Finder in Getting Data In 09-26-2017
0 6
0
6
Mohsin123

How do you btool inputs.conf?

hi, can you please tell me what is the right way to btool inputs.conf for a specific app context. I want to troublesh...
by Mohsin123 Path Finder in Getting Data In 09-26-2017
0 3
0
3
Jordan54

Why are some Windows Security events not logging in Splunk?

I have a UF setup on a windows 2012 server. I am logging Win sec logs but I see some in the event viewer that are not...
by Jordan54 New Member in Getting Data In 09-26-2017
0 1
0
1
MHibbin

Index freezing - event or bucket timestamp

Hi there, Quick one, does Splunk freeze data based on bucket timestamp or event timestamp? Cheers, MHibbin
by MHibbin Influencer in Getting Data In 09-26-2017
0 2
0
2
dantimola

How to automate Splunk Universal Forwarder installation on Windows script?

Hi, Seeking for an assistance on how can I automate splunk forwarder installation using windows script? Can I add th...
by dantimola Communicator in Getting Data In 09-26-2017
0 1
0
1
some_guy

How will removing a heavy forwarder from my current environment affect indexing performance?

My clustered index sizes/event counts seem to occasionally mismatch a bit from indexer-to-indexer. This might result...
by some_guy Path Finder in Getting Data In 09-26-2017
1 5
1
5
ZimmermanC1

Linux_audit wont transfrom node field into host

Hello all, I collect all of my *nix logs into a central server that I has a UF installed on it. I have the splunk_ta...
by ZimmermanC1 Explorer in Getting Data In 09-26-2017
0 1
0
1
pfabrizi

Help with installing two universal forwarders on the same Windows box - service shutting down on second install

I need to install 2 separate universal forwarders on the same Windows box. I have the install built, one via msi and ...
by pfabrizi Path Finder in Getting Data In 09-26-2017
0 2
0
2
hrithiktej

Why isn't whitelisting for universal forwarder working in Splunk v6.6.3?

I am using UF 6.6.3.0 on my domain controller and following is my inputs.conf. The whitelisting part is not working I...
by hrithiktej Communicator in Getting Data In 09-26-2017
1 3
1
3
brucelloyd1

Why can't I start the Splunk Forwarder on a local computer? (Error 1069, login failure)

Splunk Version 6.2.9.276372 Windows could not start the SplunkForwarder service on local computer. Error 1069: The ...
by brucelloyd1 Engager in Getting Data In 09-25-2017
0 3
0
3
Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...
Top Solution Authors
View All