Getting Data In

Community Activity

How to troubleshoot why Splunk suddently stopped indexing logs after 1-2 months? I have splunk in domain mode set to look through 2 inputs over UNC path that are IIS logs. I have the inputs the same... by kkomar New Member in Getting Data In 06-12-2017 0 2	0	2
How can I route logs to a specific index based on host/source combo? We currently have our perf and N1 environments combined and I need to route certain logs to certain indexes based on ... by bport15 Path Finder in Getting Data In 06-12-2017 0 6	0	6
Unable to obfuscate data in IIS logs using SEDCMD Hi all, I need to strip cookie values from IIS events. The sourcetype is correctly set as "iis" and the following co... by bowendenning Path Finder in Getting Data In 06-12-2017 0 9	0	9
Why my sourcetypes under universal forwarder not showing up in Splunk GUI? We have a windows forwarder running on vm02, and forwarding data to vm01 which is the main Splunk Enterprise. we co... by ibob0304 Communicator in Getting Data In 06-10-2017 0 3	0	3
sedcmd incoming data based on host or index Hi, I have a SEDCMD simalar to SEDCMD-remove-values = s/<Value>.+<\/Value>/removed-by-splunk/g which works fin... by kritho Explorer in Getting Data In 06-09-2017 0 1	0	1
How can I list all views owned by a particular user? I've tried the /servicesNS/userid/-/data/ui/views endpoint but maybe I'm not using it correctly. I have a known view ... by twinspop Influencer in Getting Data In 06-09-2017 0 5	0	5
Feed inputs as command line argument Is it possible to provide inputs to Splunk through command line argument (similar to python for compiling)? Instead o... by the_scissor Engager in Getting Data In 06-09-2017 1 2	1	2
Splunk Universal Forwarder is ignoring logs OS: Windows Server 2008 R2 Enterprise Splunk Universal Forwarder version: 6.2.6 (build 274160) Hi, Good Day. Would ... by dantimola Communicator in Getting Data In 06-09-2017 0 4	0	4
forwarder creating multiline event from big file transferred via rsycn on slow channel We have big file with events in each line of file. Every minute file transfers via rsync to forwarder with new events... by gots Path Finder in Getting Data In 06-09-2017 0 1	0	1
Setting Time on a "Time (Search) Panel" to a specifi range each time. Basically I need time/date code to add within my Panel so that each tiem it opens, the Panel searches from 8AM the fo... by JChute Explorer in Getting Data In 06-09-2017 0 2	0	2
Escape JSON data at index time I'm trying to escape JSON data at index time because I can't do it from within the application that is generating the... by darinmoon Explorer in Getting Data In 06-09-2017 1 7	1	7
Why am I unable to blacklist all content in a certain directory with my current inputs.conf? I am trying to blacklist the following in the inputs.conf Currently I have this: [monitor:///var/log] disabled = f... by anaqvi Explorer in Getting Data In 06-08-2017 0 8	0	8
WinEventLogs Cannot get Event Details I am monitoring WinEventLogs for Direct Access Troubleshooting using stanzas like: [WinEventLog://Microsoft-Windows-... by nabeel652 Builder in Getting Data In 06-08-2017 0 2	0	2
heavy forwarder operation question Hi, I'm trying to determine the best way to parse out data before it gets to my splunk indexer. It looks like a heav... by infinitiguy Path Finder in Getting Data In 06-08-2017 0 14	0	14
Copy Field and remove duplicate Hello All, I have a column list of records as below recordA recordB recordA RecordB RecordC RecordD and I would l... by wessam Explorer in Getting Data In 06-08-2017 0 19	0	19
Why is one search head no longer communicating with indexers? Getting error "failed_because_BUNDLE_DATA_TRANSMIT_FAILURE" We have around 10 Search Heads and 13 Indexers. Since this morning, we are seeing the below errors and our SH is not ... by vr2312 Builder in Getting Data In 06-08-2017 1 5	1	5
Getting info from the details tab within Server 2008 event logs. Does anyone know how to get the full output (including the details tab) or XML version of event logs out of Server 20... by JSapienza Contributor in Getting Data In 06-08-2017 1 2	1	2
Transforms not replacing original value Hello, I have a CSV in which I am attempting to shorten a 128 character string down to the last 8 characters. I used... by thard_splunk Splunk Employee in Getting Data In 06-08-2017 0 1	0	1
Communication error between old ver Splunk and Forwarder ver6.x about ssl. Splunk ver 6.2.0 has been introduced in my separate environment, and recently I installed forwarder ver 6.6.1 on a ne... by yutaka1005 Builder in Getting Data In 06-08-2017 0 3	0	3
Rename an index Is it possible to rename an index in the same way sourcetype and source can be renamed with props and transforms. by smudge797 Path Finder in Getting Data In 06-08-2017 0 2	0	2
When the maxVolumeDataSizeMB for the primary volume is exceeded, will events automatically roll over to the secondary volume? Hi, When the maxVolumeDataSizeMB for the primary volume is exceeded, will the events automatically roll over to the ... by a212830 Champion in Getting Data In 06-07-2017 1 3	1	3
Securing communcation between Universal Forwarder and Heavy Forwarder Splunk Docs do not specifically state that default encryption is active between Universal Forwarders and Heavy Forwar... by rwcbp Explorer in Getting Data In 06-07-2017 1 5	1	5
Why am I seeing duplicate events? I'm seeing the following two log messages on my UF. I'm also seeing big spikes in events every few minutes from this ... by davidpaper Contributor in Getting Data In 06-07-2017 0 1	0	1
Does Splunk forwarder 6.0.3 support TLSv1.2 Does Splunk forwarder 6.0.3 support TLSv1.2 or does it only support SSL v3? by amanteja Path Finder in Getting Data In 06-07-2017 0 4	0	4
Successfully recurse sub-directories in Windows? I can't find the correct way to recursively monitor sub-directories in Windows for all files ending in .log. Can som... by loatswil Path Finder in Getting Data In 06-07-2017 0 12	0	12