Getting Data In

Community Activity

Can I call REST Endpoint of Universal Forwarder to pass log data from code? Hi Can I call REST Endpoint of Universal Forwarder to pass log data from code? * not creating new monitor configurat... by Splunk_Shinobi Splunk Employee in Getting Data In 08-25-2017 0 3	0	3
How to change settings on a forwarder via REST API? How can I change settings on a forwarder via REST? Settings I want to be able to modify are: - deploy.poll frequenc... by dominiquevocat SplunkTrust in Getting Data In 08-25-2017 0 3	0	3
How can we monitor changes to inputs.conf file on our universal forwarders? Using Splunk Enterprise 6.2.2 The Problem: No data ingested. We have several deployed APPs and would like to monitor... by halbeisendv Path Finder in Getting Data In 08-25-2017 1 4	1	4
Universal forwarder on Windows servers We are in the process of planning our Splunk deployment. We have some where around 5,000 Windows servers that will be... by pfabrizi Path Finder in Getting Data In 08-25-2017 0 5	0	5
Blacklisting directories without read permission Hi. I have configured a 6.5.3 Linux Universal Forwarder with an inputs.conf like this: [monitor:///www/*/logs/access... by _smp_ Builder in Getting Data In 08-25-2017 0 6	0	6
Indexer error message: " Truncating line because limit of 10000 bytes has been exceeded" I made some changes to some properties files on my deployment server: etc/system/local/serverclass.conf - added a new... by pfabrizi Path Finder in Getting Data In 08-25-2017 0 2	0	2
Log file monitoring, wrong parsing Hy guys, I've a nodejs application which is logging in a text file in JSON format using the winston library. As you ... by faustf Communicator in Getting Data In 08-25-2017 0 4	0	4
How can I show the host values under selected fields for syslog? I'm currently forwarding all network device logs (syslog) from a syslog server (rsyslog - running on RHEL 7) to an in... by pil321 Communicator in Getting Data In 08-25-2017 0 6	0	6
Can I use a diff command to compare which Windows host values are logging week over week? I am in need of assistance/guidance in creating a query that will compare the windows logging hosts from previous wee... by naqviah Explorer in Getting Data In 08-25-2017 0 2	0	2
How do you exclude log lines from being indexed? Hi, I am using Splunk 6.5. How can I exclude lines containing a pattern from being indexed? In my case I have IIS acc... by krisbent New Member in Getting Data In 08-25-2017 0 1	0	1
What are possible files to clear disk space in Splunk indexer? Hi, In my production environment we allocated disk space around 800GB but still it's not enough. It is eating lot of... by RAYUDU_NARA Explorer in Getting Data In 08-25-2017 0 2	0	2
Setting the time-stamp recognition We have"event": 1503162120.971 event=login fI="2017-05-31 23:21:22.000"... u_wl=25 uid=6da2479a-2b79-3c7a-8450-30c2d... by fridays Explorer in Getting Data In 08-25-2017 0 3	0	3
How to check license consumption of an index each day Can i please know the query to find the license consumption for an index for each day for last 30 days . For example... by kteng2024 Path Finder in Getting Data In 08-24-2017 0 1	0	1
How can I visualize daily license consumption and increase? Can I please know how to track the license increase? For example , I have an sourcetype "access_log" which has contri... by kteng2024 Path Finder in Getting Data In 08-24-2017 0 2	0	2
Replace single quotes with double quotes All, We have a lot of key value pairs using single quotes. I am THINKING there is a way to fix this using SEDCMD. B... by daniel333 Builder in Getting Data In 08-24-2017 0 1	0	1
Can I use a Splunk universal forwarder to monitor memory, disk I/O, and CPU consumption? Hello Splunkers, I want to ask you about Splunk Universal Forwarder memory, CPU and DISK I/O consumption monitoring... by belasker New Member in Getting Data In 08-24-2017 0 2	0	2
SEDCMD - special requirement for backslash? It seems I cannot replace data with a backslash in it. For instance: DOMAIN\USERNAME I have tried all of the follow... by jgauthier Contributor in Getting Data In 08-24-2017 3 15	3	15
Filtering a Search Hi there, so I had a nice search return but I have a few bits that I don't want in the search. Really all I care abou... by heats Explorer in Getting Data In 08-24-2017 0 4	0	4
Where is the correct configuration file located in order to modify the Windows 2012 R2 ulimit? I run health check on my Splunk Enterprise 6.6.0 server running on Windows 2012 R2. I end up with the warning "One or... by molinarf Communicator in Getting Data In 08-24-2017 0 3	0	3
Getting an "Invalid key in stanza" errors for the Splunk Windows Universal agent configured with default configuration ? Hi All, We are recently upgrade to the latest version of the Universal forwarder 6.6.1 as we moved Entire splunk inst... by Hemnaath Motivator in Getting Data In 08-24-2017 0 4	0	4
How do you route the same data to multiple indexes? I am onboarding a new data source. I need to send all of the data to index 1 and part of data to index 2. Is it possi... by ankithreddy777 Contributor in Getting Data In 08-24-2017 0 3	0	3
Using an earliest_time and latest_time parameter, can the output be the amount of time between these 2 events? Hi All I want to extract result for period of co-relation rule i.e: "dispatch.earliest_time" - "dispatch.latest_time... by sumanssah Communicator in Getting Data In 08-24-2017 0 3	0	3
How to route events from a single host to multiple indexes? Hi Splunk Community, I've the following scenario where I would like to route the events (JSON format) coming from a ... by Yaichael Communicator in Getting Data In 08-24-2017 0 7	0	7
jobs expire too soon when I export data via REST API Hello, I was trying and trying to export the data via REST API. I followed all the instructions from this thread: h... by jrballesteros05 Communicator in Getting Data In 08-24-2017 0 6	0	6
Help with the logic to make this count my fields correctly Hi, I have the following field called OS with 6 different values and count for each value: Windows = 5 Mac = 4 Linux... by JRamirezEnosys Explorer in Getting Data In 08-23-2017 0 1	0	1