Getting Data In

Community Activity

Complex Conditional search based on time I am a newbie in splunk and practising to learn it slowly. I have a setup where I am forwarding logs of Windows Mach... by ashutoshab Communicator in Getting Data In 07-03-2017 0 1	0	1
How to resolve error "ERROR IndexConfig - stanza=perfmon Required parameter=tstatsHomePath not configured" when starting the indexer? When using Windows 2016 Universal Forwarder 6.6.1, I'm running into issues with starting indexer. splunkd log indicat... by rakeshroberts New Member in Getting Data In 07-03-2017 0 4	0	4
How to drop log file headers before indexing? I've had a read of dropping useless headers in Splunk 6 and tried using the FIELD_HEADER_REGEX, in fact I also tried ... by gjanders SplunkTrust in Getting Data In 07-03-2017 0 4	0	4
Using Splunk as a enterprise data platform Splunk has to fit into a structured and unstructured world without duplicating effort. Splunk currently serves as a s... by lisaac Path Finder in Getting Data In 07-02-2017 0 4	0	4
Pulling data from Fluentd Plugin to Splunk, how do we transform the data to split into numerous sourcetypes? We are pulling data like Red Hat logs, Apigee, Ansible etc. from AWS through fluentd plugin which is forwarding data... by vya9836 New Member in Getting Data In 07-02-2017 0 8	0	8
Can single forwarder forward data to two different indexer's ?? Hi I am using a UF say in Machine A , its has logs at two different paths say Log Path1 and Log Path2 . Now i want t... by rakesh_498115 Motivator in Getting Data In 07-02-2017 5 9	5	9
unable to send windows events from splunk server to third party syslog server tried below configurations to forward the data from SPLUNK server to syslog server(third party) , but no data in sys... by cleelakrishna Loves-to-Learn in Getting Data In 07-02-2017 0 2	0	2
Is it possible to set a conditional timestamp from indexed events? I have an XML file with "items" that are being indexed. The issue is that these "items" can possibly have two differ... by amanno New Member in Getting Data In 07-01-2017 0 4	0	4
Datanow props/transforms not working properly I have some Datanow syslog data coming into my environment and i have setup a transforms.conf file to extract some sp... by a548506 Path Finder in Getting Data In 07-01-2017 0 10	0	10
How can I send the data from splunk to python arguments? Hello everyone, i would like to ask if you guys have an idea on how can i send the data i got from splunk to python a... by mrccasi Explorer in Getting Data In 07-01-2017 0 1	0	1
Powershell script to extract events from a log file - many dupe events indexed in Splunk Question - is there a CRC equivalent for data indexed from a Powershell function? On a server, I have a log file gen... by a_splunk_user Path Finder in Getting Data In 07-01-2017 0 1	0	1
Whats the best practice to break the windows events? Hi All, We have 2 Domains, all the windows events are going to wineventlog and windows and perfmon indexes. If I bre... by kiran331 Builder in Getting Data In 07-01-2017 0 2	0	2
Splunk forwarders on clustered nodes monitoring the same files Is there a high-availability or multi-node configuration for Splunk forwarders? I have a small RHEL cluster writing ... by wpreston Motivator in Getting Data In 07-01-2017 0 5	0	5
Best way to Filter Windows Events before Indexing? Hi We're seeing may Events with EventCode 4624 and 4634 with Account_Name ending with $ sign. Is there any value for... by kiran331 Builder in Getting Data In 06-30-2017 0 2	0	2
line-break issues in events I'm having issues with line break for some reason. I'm looking to break into individual line events. I've included ... by fisuser1 Contributor in Getting Data In 06-30-2017 1 7	1	7
How to configure Splunk to not put CSV columns in alphabetical order before indexing? When I import the csv file (before indexing), Splunk puts the columns in alphabetical order. I would keep the sort as... by splunk6161 Path Finder in Getting Data In 06-30-2017 0 4	0	4
Do I need frozen storage? My retention policy has drastically changed and we are utilizing syslog as a main retention source. On the Splunk sid... by rewritex Contributor in Getting Data In 06-30-2017 2 2	2	2
Where to make configuration changes in inputs.conf and outputs.conf on Linux? Hi Team, I have installed Splunk setup on one of my VM. On another VM I installed the Splunk universal forwarder to ... by ravisplunksap New Member in Getting Data In 06-30-2017 0 4	0	4
The Universal Forwarder tries to collect data from the connected device through the network driver. Forwarder is installed in Windows 7 32bit. The Universal Forwarder tries to collect data from the connected device th... by elitecker New Member in Getting Data In 06-30-2017 0 1	0	1
How to ingest netflow/sflow logs We intend to collected netflow/sflow logs in our Splunk Enterprise solution. I read that there is an app required to ... by hkumar26 New Member in Getting Data In 06-29-2017 0 1	0	1
Props.conf file changes Hi, my sample data like this 101,Mango,0.40% 102,Orange,0.70% It is coming as a single event, as i want to s... by prathapkcsc Explorer in Getting Data In 06-29-2017 0 2	0	2
How to uncompress and index the compressed log data coming from the forwarder I have few application which sends application logs in both compressed and uncompressed format. There is a log attrib... by Sriram Communicator in Getting Data In 06-29-2017 0 5	0	5
Does Splunk have a good place to see Truncated Data from an input? I have an input that is being JSON. There are some files that get truncated and others that don't. My config in pro... by jaredlaney Contributor in Getting Data In 06-29-2017 0 2	0	2
Date Format Anyone have any recommendations on how to convert this time date format to a friendly date? I have tried strftime a... by jhayIV Engager in Getting Data In 06-29-2017 0 1	0	1
バージョン 6.6.1 の Universal Forwarder を Windows OSにインストールできない Windows OSに、Universal Forwarder をインストールしようとしたところ、インストールが途中で停止してしまい、インストーラーを手動で強制終了しました。 splunkd.log を確認したところ、下記のメッセージ... by CurryPan Communicator in Getting Data In 06-29-2017 0 1	0	1