Getting Data In

Community Activity

How to allow shell wildcard in scripted input's argument? For example, if I put this in inputs.conf [script:/bin/ls /*/lib /var/lib /usr/lib ] sourcetype = ls The latter tw... by yuanliu SplunkTrust in Getting Data In 06-16-2017 0 7	0	7
Why is my Event line breaking not working properly? Hi, I've reviewed almost all the question about event line breaking but still have some inconsistency with data inges... by msichani Explorer in Getting Data In 06-16-2017 1 4	1	4
Why is the substr function not working for JSON logs in Splunk 6.5.2? The substr function is not working for json logs for us in 6.5.2 for Dev version. Whereas the Prod version of the Spl... by pimco_rgoyal Observer in Getting Data In 06-16-2017 0 10	0	10
Is it possible for a single splunk universal forwarder to be managed by two different deployment servers? I was wondering if possible for a single splunk universal forwarder to be managed by two different deployment servers... by vanderaj2 Path Finder in Getting Data In 06-16-2017 0 3	0	3
Splunk rest command: Is it possible to generate a POST request instead of GET? Hi, I need to use Splunk rest command in search - but I wish to generate a POST request instead of GET. Is it possib... by lukasz92 Communicator in Getting Data In 06-16-2017 0 3	0	3
If not condition in TIME_PREFIX I am working in the FIX log messages and have two fields that contain timestamps. I need to check for one field and i... by isha_rastogi Path Finder in Getting Data In 06-16-2017 0 8	0	8
Unable to get events indexed from WinEventLog:Setup and WinEventLog:HardwareEvents I have deployed SplunK_TA_Windows and setup monitoring for Applicatiom, System ,Security, HardwareEvents and Setup wi... by rangineniarunku Explorer in Getting Data In 06-16-2017 0 1	0	1
How to exclude Host using Inputlookup? index=bp_prod NOT ([\|inputlookup serverBP.csv\|fields Servers Status \|where Status=="N"] ) \|eventstats count as "total... by karthi2809 Builder in Getting Data In 06-16-2017 0 1	0	1
How to forward extracted data from Splunk to 3rd party? I have a requirement where I will be getting logs from various sources in Splunk, extract some useful information fro... by thamohit New Member in Getting Data In 06-15-2017 0 4	0	4
Why is my connection from forarder to indexer timing out? I have 2 VMs, one running an indexer: hostname "splunkbox" ip 192.168.56.151 and one running a universal forwarder... by sillingworth Path Finder in Getting Data In 06-15-2017 0 5	0	5
How to find index size before splunk adding indexes...i mean raw data size I have 10 indexes...i want to find the actual size of the index before splunk adding its indexing. and after as well... by jw44250 New Member in Getting Data In 06-15-2017 0 4	0	4
Hi, Want to break event using line_breaker property. 2017-04-02 22:45:19.023 -0600 so-splunky.local sshd[68061]: Accepted keyboard-interactive/pam for sowings from xx.xx.... by shinde0509 Explorer in Getting Data In 06-15-2017 0 3	0	3
Timezones differ for User's position and internal events timestamps Hi all, In our case timestamps within the splunk events are standard GMT where people working from different timezo... by amantjes New Member in Getting Data In 06-15-2017 0 2	0	2
enforce linebreaking at Indexer after Heavy Forwarder override sourcetype At Indexer level how to force props.conf linebreaking setup to be applied to a specific sourcetype of data arriving f... by fernandoandre Communicator in Getting Data In 06-15-2017 0 5	0	5
How to stop access to Port 8089 in Splunk or change password on Universal Forwarder? On all the Universal Forwarders, any user has the ability to access REST API called Splunk ATOM Feed:Splunkd. They c... by dbatts Explorer in Getting Data In 06-15-2017 1 3	1	3
How can I change splunk default parser and use my own way of re-arranging data? let's say i have a file that I would like to input it to splunk. but I want to have a better parser, a smarter one. h... by MarcHelou New Member in Getting Data In 06-15-2017 0 5	0	5
unarchive_cmd for decoding binary file with python script Hi All, So following this excellent blog post I thought I found a solution to ingesting a binary logfile with Splunk... by phoenixdigital Builder in Getting Data In 06-15-2017 0 8	0	8
What more can I do to solve: File too small to check seekcrc, probably truncated. Will re-read entire file Running Splunk 6.0.1 (build 189883), all on Windows-servers, a mix of 2008/2012-servers. Indexing a lot of SystemOut... by rune_hellem Contributor in Getting Data In 06-14-2017 1 2	1	2
HTTP event collector 404 error Good Day I've got two issues with my HTTP event collector. 1st issue: I created an event collector when I installe... by evanwyk11 Engager in Getting Data In 06-14-2017 1 4	1	4
How to forward old data from a forwarder to a new Splunk index? Hey guys, I'm new to splunk and I really need ur help!!! As what I know, once the data from a .log file are loaded b... by LuiesCui Communicator in Getting Data In 06-14-2017 1 11	1	11
Are there additional considerations for onboarding Cisco ASA data into Splunk? I apologize in advance if this is an extremely basic question, but I need to be sure I do this correctly. I'm resear... by Svill321 Path Finder in Getting Data In 06-14-2017 0 2	0	2
how to split log file on non-standard date and special characters Hi All, I have a log file that has a non standard date/time and special characters and i am trying to split the line... by ssaenger Communicator in Getting Data In 06-14-2017 0 2	0	2
What to do when json field conflicts with Splunk metadata? A user is reporting that their indexed json data has a 'source' key that is being extracted. "source": "[{label:'Tre... by pkeller Contributor in Getting Data In 06-14-2017 1 1	1	1
Adding and sorting key, value pairs in JSON array This is the way my data looks: { "NODE-A":{ "DATA":{ "SNR_DATA":{ "Cable3/0/3-... by evan_roggenkamp Path Finder in Getting Data In 06-14-2017 0 1	0	1
Splunk search using CSV file data as input I would like to search index=main type=router OR type=switch OR type=firewall OR type=sysproxy .. Instead i wan... by psalibindla9524 New Member in Getting Data In 06-14-2017 0 3	0	3