Getting Data In

Community Activity

If I delete data from HDFS will it impact my Splunk instance? I'm storing log data in HDFS that is being indexed by Splunk. Due to space constrains I'd like to delete data over a... by scottgr New Member in Getting Data In 08-17-2017 0 5	0	5
Remove Index Command Not Working Hello, I am looking to remove an index entirely. I ran the search "splunk remove index new_hires" where new_hires is... by katzr Path Finder in Getting Data In 08-16-2017 0 9	0	9
Pairing data from two CSV files with a shared key value I have two CSV files-- one is an inventory of sorts and the other is supplemental data that only applies to certain r... by daniel_rico Explorer in Getting Data In 08-16-2017 0 8	0	8
ASA filter not letting logs through? Hello everyone, One of the projects I worked on was to build a filter for ASA logs in Splunk so logs we were not int... by Svill321 Path Finder in Getting Data In 08-16-2017 0 2	0	2
How can I clear old logs when they hit 220 GB? Hi, My Splunk gets bigger and bigger every day. I'm using only 3-4 modules. The thing is that every change I'm applyi... by eladelad Engager in Getting Data In 08-16-2017 0 6	0	6
How can I write a Python script that will backup my current CSV files in Splunk each week? I want to get a script that will run each week to back up all of my files in a CSV format each week. by ksarode Explorer in Getting Data In 08-16-2017 0 8	0	8
how to get the time of arrival of a packet into Splunk-TA-Stream on Universal Forwarder? Is there a method to get the time of arrival of a packet into the universal forwarder, so that I can compute the time... by bkumarm Contributor in Getting Data In 08-16-2017 0 1	0	1
How can I redirect traffic based on host AND sourcetype with props/transforms? All, Is there a way to route traffic based on host AND sourcetype? if sourcetype="abc" AND host="zxc" then index=c... by daniel333 Builder in Getting Data In 08-15-2017 0 1	0	1
Can I consolidate multiple arbitrary strings into an 'include file' so I can filter based on all of them? Greetings, I'd like to remove some spurious errors from my application by filtering them out. Each error is distinct... by dreeck Path Finder in Getting Data In 08-15-2017 0 1	0	1
Problems blacklisting multiple eventcodes and blacklist items I am attempting to update my input.confs list with the following blacklist: blacklist1 = EventCode="4688\|4648\|4674" ... by jh007 New Member in Getting Data In 08-15-2017 0 1	0	1
How to blacklist specific occurrences of a particular eventcode? I am attempting to blacklist a series of process creation events (eventcode 4688) because they are noise and will bre... by jh007 New Member in Getting Data In 08-15-2017 0 4	0	4
Forward data received on a port to a third party system I have a Splunk instance configured to receive data on port 9997 from 2 forwarders. If I want to configure it to forw... by anton085 Path Finder in Getting Data In 08-15-2017 0 5	0	5
Managing disk space when moving data from old index to new index Hi All, We wanted to move data from one index to another index, below is our scenario: 1) Create a new index ABC ... by bharathkumarnec Contributor in Getting Data In 08-15-2017 0 6	0	6
Interactively open text/csv file based on the selection from the dropdown list Hi everyone, I would like to ask on how to achieve this or if it is possible to implement. I have a dashboard with a ... by wiggler Explorer in Getting Data In 08-15-2017 0 9	0	9
How can I roll all of the events from this search to null queue? Hi, I have a query which filters data in the Splunk search, I want to send the data returned from this query to null... by athorat Communicator in Getting Data In 08-14-2017 0 6	0	6
How to force to set certain fields (host and sourcetype) for events from HEC local stanza for each token Is it possible to force Splunk to set up specific fields (sourcetype, source, host) from HEC local stanza but not ... by gots Path Finder in Getting Data In 08-14-2017 1 3	1	3
Which version of Splunk is suitable for Oracle Linux? I'm having one system with Oracle Linux branches-6/el6-u8, and I would like to setup Splunk Universal Forwarder on it... by vodacomdf Engager in Getting Data In 08-14-2017 1 4	1	4
Why are my headers are getting indexed as events every 1 hour? Hi, I'm facing a strange issue. Header rows are getting extracted as events every 1 hour. I have files flowing into ... by k_harini Communicator in Getting Data In 08-14-2017 0 8	0	8
How to set line breaker after a certain number of fields has been read? I have a csv file which has 13 columns. For some reason Splunk sometime append the next line of the csv into the same... by tamduong16 Contributor in Getting Data In 08-14-2017 0 4	0	4
How analyse the latest version of a growing csv? Hi, I want to import a growing .csv every week, so there will be duplicate events. In the report I only want to anal... by HeinzWaescher Motivator in Getting Data In 08-14-2017 0 2	0	2
Duration between messages Hi, I have messages in Splunk like: { [-] id: ABC message: test1 timestamp: 2017-08-07T16:38:38+00:00 } { [-] id: ... by wscott12 New Member in Getting Data In 08-12-2017 0 4	0	4
Why is my EVAL configuration in props.conf on the Search Head not processing? I'm working with data that is being sent from a universal forwarder (UF) on the server. I do an INDEXED_EXTRACTION i... by jwhughes58 Contributor in Getting Data In 08-11-2017 0 5	0	5
How to display a log based off of fields from multiple logs I'm not 100% sure how to title this question so please let me know if you have a suggestion on how to re-title it and... by Toshbar Explorer in Getting Data In 08-11-2017 0 3	0	3
How can I filter my search for a field only if the result is not a number? I am trying to filter my search for a field only if the result is not a number EG Index=proxylogs where isnum(cs_use... by bradmeg128 Engager in Getting Data In 08-11-2017 0 5	0	5
What is the harm of using auto_high_volume on smaller indexes? Hi, I found myself on a site where EVERY index is configured auto_high_volume. I'm aware that it is best practice to... by renems Communicator in Getting Data In 08-11-2017 0 7	0	7