Getting Data In

Community Activity

Why a tiny file doesn't get indexed? We see the message INFO WatchedFile - Will begin reading at offset=313 for file xxxx and the input file is exactly 3... by ddrillic Ultra Champion in Getting Data In 07-27-2017 0 2	0	2
Extracting timestamps in custom data Hi Guys, I am trying to use the GUI to index a file that's not in a recognised format and I'm having issues with ex... by Robbie1194 Communicator in Getting Data In 07-27-2017 0 12	0	12
get session key for included javascript app with logged in user i have included a react app into the splunk app. its just one aggregated file. i want to trigger a upload via rest a... by hkonzmann Explorer in Getting Data In 07-27-2017 0 5	0	5
Filter records using time modifiers Can someone tell me why this is not working:- I need to filter records having 'Start_Time' within the mentioned rang... by dsiob Communicator in Getting Data In 07-27-2017 0 3	0	3
How to split a fieldvalue at the very first line break? Hi, I want to split up a fieldvalue into two parts at the very first linebreak (in total there is an unknown amount ... by HeinzWaescher Motivator in Getting Data In 07-27-2017 0 13	0	13
Splunk and Active Directory I am currently trying to use Splunk to parse data from our Active Directory. I have currently loaded the Apps: Splun... by molinarf Communicator in Getting Data In 07-26-2017 0 1	0	1
Sourcetype Assignment Hello All, I have two servers with hostnames H1 & H2, both have the same log file named "/apps/logs/log.log" I have... by bharathkumarnec Contributor in Getting Data In 07-26-2017 0 1	0	1
Files Integrity Checker error ? Hi All, We are getting this below message in our search head portal. We are using cluster search heads and splunk ver... by Hemnaath Motivator in Getting Data In 07-26-2017 0 10	0	10
remove whitelist restrictions? I had been using an inputs.conf whitelist to filter event logs by event code but now I would like to send all securit... by caseynordell Explorer in Getting Data In 07-26-2017 0 3	0	3
How to debug why a universal forwarder is reading all log files except one? Hello, I have configured inputs.conf on a universal forwarder. The file contains around 20 entries for log files, ho... by darthsplunk Explorer in Getting Data In 07-26-2017 1 5	1	5
Cisco Security Suite ASA firewall logs not showing in app Hello, I've setup a new Splunk server to demo here and i'm pretty new to the whole Splunk scene. i'm trying to add ... by pmovrich Explorer in Getting Data In 07-25-2017 0 8	0	8
Blacklist directories? I'm missing something here: blacklist = (samba\|yum\|.gz) samba is a directory, the others are files. splunk still t... by ustun Explorer in Getting Data In 07-25-2017 0 4	0	4
How does the forwarder handle large amounts of data? An internal client is asking - -- How often is the splunk forwarder reading data from the log files? does it ever s... by ddrillic Ultra Champion in Getting Data In 07-25-2017 0 2	0	2
How to edit props.conf to line merge a set of results? Hello I have below set of line events(repeating) which I want to convert to single event. For every 6 events I want... by Sayanta_Basak_I Explorer in Getting Data In 07-25-2017 0 5	0	5
Is it possible to re-index lost AD logs? Good Day fellow splunkers, I just like to ask if is it still possible to re-index lost Windows Active Directory logs... by dantimola Communicator in Getting Data In 07-25-2017 0 1	0	1
i want to remove time(hours, minutes and seconds) 21-JUL-2017 00:00:09 i want only date. i am reading the data from csv file by DataOrg Builder in Getting Data In 07-25-2017 0 1	0	1
How to configure Heavy Forwarder with License Slave in Splunk Cloud Greetings, Is it possible to set up a heavy forwarder as a license slave in a Spluk Cloud architecture? by markuxProof Path Finder in Getting Data In 07-24-2017 1 6	1	6
Is it essential to restart splunk universal forwarder after deletion of monitored logs? Hello fellow ninjas, Good day. I'd like to ask if splunk uf restart is essential after I deleted a log file that is ... by dantimola Communicator in Getting Data In 07-24-2017 0 6	0	6
How can I find a listing of all universal forwarders that I have in my Splunk environment? Hello. How can I find a listing of all universal forwarders that I have in my Splunk environment? by johannterc New Member in Getting Data In 07-24-2017 0 4	0	4
HTTP Event Collector: How to troubleshoot why I'm getting a connection refused error? I'm attempting to send a log event from a piece of Go code, but am receiving a connection refused error. If I use cu... by anortrup Explorer in Getting Data In 07-24-2017 4 26	4	26
How to index the "What's New in Splunk" Release Notes web pages? I'd like to index "What's New in Splunk" for each version of Splunk as it becomes available, perhaps from the webpage... by landen99 Motivator in Getting Data In 07-24-2017 0 3	0	3
Splunk Universal Forwarder 6.5.3 installed on Windows 10 workstations stop I am running Splunk Enterprise on a Windows Server 2012 R2 and have installed both the Splunk Universal Forwarder 6.5... by molinarf Communicator in Getting Data In 07-24-2017 0 1	0	1
Unable to find distsearch.conf file on my system and it is causing an error. Are my inputs and outputs configurations correct? I'm having an issue getting the data in my .log files into splunk. I've tested connections, there are no firewall iss... by antifreke Path Finder in Getting Data In 07-24-2017 0 1	0	1
Indexing Zipped Files I have about 500 excel files that I need to index into Splunk. If I upload each file individually, I pick my sourcet... by mhtedford Communicator in Getting Data In 07-24-2017 0 5	0	5
How do I forward to a vm and forward it out again? Hi, how does one forward something like sysmon from 1 vm (guest1) to another vm (guest2) and then out to another pc... by wuming79 Path Finder in Getting Data In 07-24-2017 0 4	0	4