Getting Data In

Ask a Question

Discussions

Thread Info

Windows: Installed Splunk Enterprise but cannot launch

I installed the Enterprise version for Windows, but when I try to launch it, I get: "Not Found HTTP Error 404...

by New Member in

Split sourcetype + indexed fields

I have an issue with adding indexed fields to each of the new (splatted) sourcetype: Configuration that "duplicated...

by Path Finder in

Time drift between logs and time column

Hi all, I have installed and configured fortiweb for splunk app. The problem is that the time in the log is correc...

by Path Finder in

Why are universal forwarders reporting error "Metric with the name thruput:thruput already registered"?

Hi there, By examining the _internal logs I found the following, Metric Error: ERROR Metrics - Metric with name...

by Explorer in

can't find data

我現在遇到一個問題，我在SH放置好一個apps並連到uf上，在uf上也有監控到資料路徑， 但我在search時就沒有辦法找以下是我的 inputs.conf： [monitor:///tutori...

by Explorer in

Transforms and Props for Linux Syslog Filtering

Hello, Our customer has decided to end use of Splunk in lieu of Sumo Logic, but we are looking to keep up internal...

by Loves-to-Learn Lots in

Extract timestamp from two json fields

I need to extract timestamp from a JSON log where date and time are on two separate fields. Example below: ...

by Explorer in

Issue excluding Windows events for a specific new process

Hi Folks, I'm running into trouble excluding new process creation events for Teams from being indexed. It's an exp...

by Explorer in

pfsense logs to splunk

I want to get pfsense logs to splunk to make some analysis.I tired this method "https://www.jaycroos.com/splunk-to-mo...

by Observer in

Splunk licensing for Splunk Cloud

Hi all, could someone please explain how licensing works for both Events and Metrics in Splunk Cloud. I've looked at ...

by Path Finder in

How to edit my WinRegMon configuration to filter out certain Windows registry events?

Hello! I need some help filtering Windows registry events in Splunk. Here is my inputs.conf file [WinRegMon://d...

by Engager in

Metrics indexes volume

Hi all, I'm looking at volume of indexes and how much they ingest to calculate the volumes of licenses. I am aware I ...

by Path Finder in

Data delay in events

Using props.conf i'm able to extract the fields but on the Splunk dashboard, the data is not visible for the timing 0...

by Loves-to-Learn in

Data getting indexed twice in every field of splunk cluster environment

Hi All,I have a splunk cluster environment where, while pulling data from a source, itgets indexed twice, not as a se...

by Path Finder in

How to prevent the default logs from being forwarded (Windows UF)

Hello, Whenever I forward something, these logs always get forwarded despite I blacklisted it in the inputs .co...

by Explorer in

How to modify sourcetype and host based off of the new sourcetype

Hello, I'm attempting to change the sourcetype and host on a single event. The tricky part is I want the second tr...

by Explorer in

Universal Forwarder - Repeating message TcpOutputProc - Found currently active indexer...

I am getting the following messages on my forwarder running on Windows 10: 04-06-2020 18:05:52.171 -0700 INFO TcpO...

by Path Finder in

Separate business hours intervals from off-business-hours

I am new to splunk. How do we write a splunk query for a support ticket that is "In Progress" status to calculate the...

by Explorer in

How to optimize the ingestion of data from Splunk Universal Forwarder to Splunk Indexer

I have a splunk universal forwarder, which is indexing a 1 GB log file to a Splunk Indexer. The problem I am facing i...

by Explorer in

HOw to import ODL files

Is Oracle Diagnostic Logging ( ODL) format supported in any way by Splunk ?On the forum I have found only one topic r...

by Path Finder in

line breaker event breaker

當我在SH設置好props.conf後去看我的uf端並重啟就會出現以下錯誤: Checking conf files for problems...Invalid key in stanza [web:access] in /op...

by Explorer in

how to identify sourcetype forbetter parsing

I need help in understanding that what sourcetype would be ideal to parse logs of this File type

by Path Finder in

Splunk - Rest API - Curl - Failing with Unbalanced Quotes

Hi, I'm trying to write data to outputlookup file by doing a REST API Call (by running a search query). The b...

by Explorer in

Cant ingest .gz syslog files - was already indexed as a non-archive, skipping

I have .gz syslog files but I am unable to fetch all filesFor each host(abc) it has 23 .tgz files with extension l...

by Communicator in

Error proofpoint TAP : When trying to retrieve the last poll time, multiple kvstore records were found

We have installed "Proofpoint TAP Modular Input" add-on on victoria search head and created input (api call) to fetch...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Windows: Installed Splunk Enterprise but cannot launch

Split sourcetype + indexed fields

Time drift between logs and time column

Why are universal forwarders reporting error "Metric with the name thruput:thruput already registered"?

can't find data

Transforms and Props for Linux Syslog Filtering

Extract timestamp from two json fields

Issue excluding Windows events for a specific new process

pfsense logs to splunk

Splunk licensing for Splunk Cloud

How to edit my WinRegMon configuration to filter out certain Windows registry events?

Metrics indexes volume

Data delay in events

Data getting indexed twice in every field of splunk cluster environment

How to prevent the default logs from being forwarded (Windows UF)

How to modify sourcetype and host based off of the new sourcetype

Universal Forwarder - Repeating message TcpOutputProc - Found currently active indexer...

Separate business hours intervals from off-business-hours

How to optimize the ingestion of data from Splunk Universal Forwarder to Splunk Indexer

HOw to import ODL files

line breaker event breaker

how to identify sourcetype forbetter parsing

Splunk - Rest API - Curl - Failing with Unbalanced Quotes

Cant ingest .gz syslog files - was already indexed as a non-archive, skipping

Error proofpoint TAP : When trying to retrieve the last poll time, multiple kvstore records were found

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Parsing Multimetric Logs

SC4S Syslog server update fails during download wi...

SplunkForwarder flooding splunkd.log with reconnec...

Event break multiline PowerShell Transcript Log

uberAgent

Getting Data In

Are you a member of the Splunk Community?

Discussions