Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
jgorman_THG

What's the next step to setup my universal forwarder on a syslog server?

Hello, I am trying to bring a client's syslog data into Splunk using a universal forwarder (UF) on a syslog server. ...
by jgorman_THG Explorer in Getting Data In 08-17-2017
0 2
0
2
daniel333

How can I roll data from one location to another based on volume max size?

All, I have the following config in my indexes.conf ### define volumes [volume:splunklocal] path = /splunk_data ma...
by daniel333 Builder in Getting Data In 08-17-2017
0 2
0
2
kteng2024

Is there a way to check what sourcetypes a universal forwarder is sending to a heavy forwarder?

hi there, Is there a way to check what sourcetypes a universal forwarder is sending to heavy forwarder. Any query o...
by kteng2024 Path Finder in Getting Data In 08-17-2017
0 3
0
3
Mannyi31

Can Splunk cause DNS logs Event 3152?

I am running in to multiple DNS server having this event 3152 almost daily and the symptoms are that the DNS server w...
by Mannyi31 Explorer in Getting Data In 08-17-2017
0 7
0
7
markconlin

Sed command - Large XML values in JSON events makes replacement execution fail

Objective My objective is to remove the value of an "XML" key from my JSON events. I believe I have stumbled upon a s...
by markconlin Path Finder in Getting Data In 08-17-2017
1 7
1
7
hartfoml

Can a RHEL Universal Forwarder be installed on a RHEV host?

I have a Red-hat Enterprise Virtualization Hosts that I would like to put the Splunk Universal Forwarder on to collec...
by hartfoml Motivator in Getting Data In 08-17-2017
0 2
0
2
scottgr

If I delete data from HDFS will it impact my Splunk instance?

I'm storing log data in HDFS that is being indexed by Splunk. Due to space constrains I'd like to delete data over a...
by scottgr New Member in Getting Data In 08-17-2017
0 5
0
5
katzr

Remove Index Command Not Working

Hello, I am looking to remove an index entirely. I ran the search "splunk remove index new_hires" where new_hires is...
by katzr Path Finder in Getting Data In 08-16-2017
0 9
0
9
daniel_rico

Pairing data from two CSV files with a shared key value

I have two CSV files-- one is an inventory of sorts and the other is supplemental data that only applies to certain r...
by daniel_rico Explorer in Getting Data In 08-16-2017
0 8
0
8
Svill321

ASA filter not letting logs through?

Hello everyone, One of the projects I worked on was to build a filter for ASA logs in Splunk so logs we were not int...
by Svill321 Path Finder in Getting Data In 08-16-2017
0 2
0
2
eladelad

How can I clear old logs when they hit 220 GB?

Hi, My Splunk gets bigger and bigger every day. I'm using only 3-4 modules. The thing is that every change I'm applyi...
by eladelad Engager in Getting Data In 08-16-2017
0 6
0
6
ksarode

How can I write a Python script that will backup my current CSV files in Splunk each week?

I want to get a script that will run each week to back up all of my files in a CSV format each week.
by ksarode Explorer in Getting Data In 08-16-2017
0 8
0
8
bkumarm

how to get the time of arrival of a packet into Splunk-TA-Stream on Universal Forwarder?

Is there a method to get the time of arrival of a packet into the universal forwarder, so that I can compute the time...
by bkumarm Contributor in Getting Data In 08-16-2017
0 1
0
1
daniel333

How can I redirect traffic based on host AND sourcetype with props/transforms?

All, Is there a way to route traffic based on host AND sourcetype? if sourcetype="abc" AND host="zxc" then index=c...
by daniel333 Builder in Getting Data In 08-15-2017
0 1
0
1
dreeck

Can I consolidate multiple arbitrary strings into an 'include file' so I can filter based on all of them?

Greetings, I'd like to remove some spurious errors from my application by filtering them out. Each error is distinct...
by dreeck Path Finder in Getting Data In 08-15-2017
0 1
0
1
jh007

Problems blacklisting multiple eventcodes and blacklist items

I am attempting to update my input.confs list with the following blacklist: blacklist1 = EventCode="4688|4648|4674" ...
by jh007 New Member in Getting Data In 08-15-2017
0 1
0
1
jh007

How to blacklist specific occurrences of a particular eventcode?

I am attempting to blacklist a series of process creation events (eventcode 4688) because they are noise and will bre...
by jh007 New Member in Getting Data In 08-15-2017
0 4
0
4
anton085

Forward data received on a port to a third party system

I have a Splunk instance configured to receive data on port 9997 from 2 forwarders. If I want to configure it to forw...
by anton085 Path Finder in Getting Data In 08-15-2017
0 5
0
5
bharathkumarnec

Managing disk space when moving data from old index to new index

Hi All, We wanted to move data from one index to another index, below is our scenario: 1) Create a new index ABC ...
by bharathkumarnec Contributor in Getting Data In 08-15-2017
0 6
0
6
wiggler

Interactively open text/csv file based on the selection from the dropdown list

Hi everyone, I would like to ask on how to achieve this or if it is possible to implement. I have a dashboard with a ...
by wiggler Explorer in Getting Data In 08-15-2017
0 9
0
9
athorat

How can I roll all of the events from this search to null queue?

Hi, I have a query which filters data in the Splunk search, I want to send the data returned from this query to null...
by athorat Communicator in Getting Data In 08-14-2017
0 6
0
6
gots

How to force to set certain fields (host and sourcetype) for events from HEC local stanza for each token

Is it possible to force Splunk to set up specific fields (sourcetype, source, host) from HEC local stanza but not ...
by gots Path Finder in Getting Data In 08-14-2017
1 3
1
3
vodacomdf

Which version of Splunk is suitable for Oracle Linux?

I'm having one system with Oracle Linux branches-6/el6-u8, and I would like to setup Splunk Universal Forwarder on it...
by vodacomdf Engager in Getting Data In 08-14-2017
1 4
1
4
k_harini

Why are my headers are getting indexed as events every 1 hour?

Hi, I'm facing a strange issue. Header rows are getting extracted as events every 1 hour. I have files flowing into ...
by k_harini Communicator in Getting Data In 08-14-2017
0 8
0
8
tamduong16

How to set line breaker after a certain number of fields has been read?

I have a csv file which has 13 columns. For some reason Splunk sometime append the next line of the csv into the same...
by tamduong16 Contributor in Getting Data In 08-14-2017
0 4
0
4
Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...
Top Solution Authors
View All