Getting Data In

Community Activity

How do i set frozenTimePeriodInSec to specefic index Hi, I wanted to apply a retention policy on a specific index which where i wanted to set frozenTimePeriodInSec = 315... by splunkgk Path Finder in Getting Data In 07-11-2017 0 8	0	8
About datamodel in deploy environment. In my environment, I have two indexers for one Search head and I created a data model in Search head for accelerating... by yutaka1005 Builder in Getting Data In 07-11-2017 0 1	0	1
Are there any easier way to check file monitoring status beside using TailingProcessor:FileStatus output I know I can use this command to check the file monitoring status, however, it give a huge output. ./splunk _interna... by daniel_splunk Splunk Employee in Getting Data In 07-10-2017 0 1	0	1
How to validate text field inputs? I have a dashboard with text field inputs. I would like to perform a check using the value that is entered in this te... by splunk4vishal New Member in Getting Data In 07-10-2017 0 2	0	2
Timestamp extraction Hi, I've got a csv file with the a date field against events in the format 1-July-2016. Can I create a sourcetype to... by pdjhh Communicator in Getting Data In 07-10-2017 0 2	0	2
Indexing data on Cold Bucket (log source based) Hi, We are considering to index some of our data directly on cold buckets. They will not search frequently and we ne... by cemiam Path Finder in Getting Data In 07-09-2017 0 7	0	7
Summary Index vs Report Acceleration? I have DNS logs from both Windows and Unix BIND. What I am trying to do is create a quick way for admins to query 90 ... by tradecraft1914 Explorer in Getting Data In 07-09-2017 1 4	1	4
Splunk forwarder not releasing files All, I am trying to figure out if there is a setting I may have missed somewhere or if this is just a Splunk proble... by jrwebst Explorer in Getting Data In 07-09-2017 2 4	2	4
How to forward sourcetype from a heavy forwarder to a separate Splunk instance? I have two Splunk search heads and indexers. Currently, all of the data sourcetypes get indexed on primary Splunk in... by michaelcapp New Member in Getting Data In 07-08-2017 0 2	0	2
How can I get Splunk to access and forward Windows Events from a remote laptop? How can I get Windows Events forwarded to a Splunk Enterprise Instance I just set up on a different laptop? Thank yo... by TestNet1 New Member in Getting Data In 07-07-2017 0 2	0	2
Unable to get day value padding to work via the props.conf Unable to get day value padding to work via the props.conf. The log file looks as follows: Jul 5 20:51:28 abcdenc06... by babcolee Path Finder in Getting Data In 07-07-2017 0 1	0	1
How to perform a database cleanup on Windows? Hello! Looking in the community, unfortunately I was confused and found only for Linux versions. And I installed it i... by julianosantos New Member in Getting Data In 07-07-2017 0 2	0	2
Powershell unattended installation How would you go about creating an unattend intallation on a Windows. I need a script for hte following reason: con... by bmacias84 Champion in Getting Data In 07-07-2017 5 5	5	5
index the same logs to multiple indexes - good or bad? Hi There, I would like to know if it's not recommended to index the same logs to two different indexes?... by dwin02 Explorer in Getting Data In 07-07-2017 1 3	1	3
Simple XML: How to pass timestamps to a drilldown? Running Splunk 6.3.10 I'm running into an issue trying pass a custom time to a drilldown for a table. The search ru... by cmbusse Explorer in Getting Data In 07-07-2017 0 18	0	18
Lookup in props using combined columns While writing props/transforms for an in house TA, i'm stuck with a tricky situation. I'm making use of lookup file t... by koshyk Super Champion in Getting Data In 07-07-2017 0 2	0	2
Rename sourcetype to keep all the same no -too_small or -2,-3 added We have a 3 index/3 search head cluster with master and deployment server. I have a inputs.conf with [monitor:L:\Sa... by aricv New Member in Getting Data In 07-07-2017 0 1	0	1
How to create a summary index for my csv file On a daily basis I have a CSV loaded into splunk. I want to create a summary index so that this CSV will have histori... by JoshuaJohn Contributor in Getting Data In 07-07-2017 0 2	0	2
Splunk Cloud Trial and Http Event Collector - NOT WORKING I have the 15 day trial version of Splunk Cloud. The Http Event Collector documentation http://dev.splunk.com/view/ev... by simpkins1958 Contributor in Getting Data In 07-07-2017 1 24	1	24
At what point do you need to consider scaling horizontally for Syslog collection and what would that architecture look like? I started a thread a while ago about UDP errors with syslog (http://answers.splunk.com/answers/42645/log-dropping-in-... by jodros Builder in Getting Data In 07-07-2017 0 10	0	10
What are the Advantages and Disadvantages of Clustered indexers and Load Balanced Indexers? Hi Fellow Ninja, I just want to ask what are the advantages and disadvantages of clustered indexers and Load balance... by dantimola Communicator in Getting Data In 07-07-2017 0 2	0	2
New application of the search head cannot make search data I've created two splunk applications that work fine and can access the data on my indexers. However, when I create a ... by chustar Path Finder in Getting Data In 07-06-2017 0 6	0	6
Filter iis logs before indexing I've upgraded to Splunk 6.01 and noticed the improved handling of the windows events prior to indexing and wondered i... by trodenbaugh Explorer in Getting Data In 07-06-2017 1 20	1	20
whitelist queries HI I have a question The existing whitelist in inputs.conf includes whitelist = (tomcat\|vizql\|hs_err\|tdeserver64)-[... by athorat3 New Member in Getting Data In 07-06-2017 0 4	0	4
How do I mask a pattern using sedcmd in props.conf? How do I replace/mask the pattern below in props.conf..? pattern \"password\":\"passtest@123\" expecting \"passwo... by prakash007 Builder in Getting Data In 07-06-2017 0 8	0	8