Getting Data In

Community Activity

How to identify host that is exhausting indexing quota? I got the daily indexing quota exceeded in our Splunk v6.1 instance. I ran this query: earliest=-2d@d host=* index=*... by nk-1 Path Finder in Getting Data In 05-18-2017 0 3	0	3
how to use the interval parameter for modular input ? Hi All, I got confused while reading the documentation: http://docs.splunk.com/Documentation/Splunk/6.1.2/AdvancedDe... by jzhong_splunk Splunk Employee in Getting Data In 05-18-2017 1 1	1	1
How to edit my props.conf to line break my sample data instead of merging events? Hi, I need help with props.conf for line/event breaks, the log has to be split by MsgId="LOGON" event followed by 8 ... by shivarpith Path Finder in Getting Data In 05-18-2017 0 1	0	1
Why are changes made to savedsearch not reflecting in Splunk Web or .conf files, but it displays as updated via API? Howdy folks, I've got a saved search that has 4 emails specified in action.email.to. This is correct looking in the... by oclumbertruck Explorer in Getting Data In 05-18-2017 0 1	0	1
How to edit my props.conf to line break my events properly? I am trying to have separate BrkrName events. I have a script ./iibqueuemonitor.sh that outputs: EventType=Broker,B... by AmitKapila New Member in Getting Data In 05-18-2017 0 11	0	11
Filter csv logs before indexing I want exclude fields bar and baz with all their values before indexing. I have CSV log: foo,bar,baz abc,123,456 a... by krylov Explorer in Getting Data In 05-18-2017 0 2	0	2
Does monitoring similar files within a directory log require a separate props.conf configuration? Hello, I am struggling with a directory monitoring problem. I have a directory with a ton of different incremental l... by centrafraserk Path Finder in Getting Data In 05-18-2017 0 3	0	3
Why do I have so many established TCP connections from one host? I have a Windows host (192.168.2.2) which has a universal forwarder installed and is setup to talk to my single insta... by danielsofoulis Path Finder in Getting Data In 05-17-2017 0 3	0	3
Is it possible to edit props.conf from Splunk Web? Hi Friends, I've added a custom application in SPLUNK which utilizes LINE_BREAKER and SHOULD_LINEMERGE features of p... by gauravmishra15 Path Finder in Getting Data In 05-17-2017 3 5	3	5
Convert String to Date then display Latest Date I have this search \|inputlookup fdss2017.csv\|search "SCCM Last Policy Request"=* \|fields "SCCM Last Policy Request"... by JoshuaJohn Contributor in Getting Data In 05-17-2017 0 2	0	2
Split the name Hi, I have a values name like AV:EC2:ES:401 and AV:EC2 Now I want to show only EC2 how to show it. Can anyone pleas... by dchalasani Path Finder in Getting Data In 05-17-2017 0 19	0	19
Why is the Universal Forwarder reporting the wrong IP to Deployment Server? I have about 6 hosts that are reporting their IP address to my deployment server incorrectly. They are running Unive... by JDukeSplunk Builder in Getting Data In 05-17-2017 0 8	0	8
Retrieve output data from Splunk Hi there, We want to get data from Splunk after a Splunk search has outputted the data in a file. Case In Splunk we... by JosIJntema Explorer in Getting Data In 05-17-2017 0 2	0	2
confirm if heavy forwarder is receiving any data. We have 6.5 Splunk instance configured as a heavy forwarder. We are forwarding data from Cloud PAAS service and that... by vikram_m Path Finder in Getting Data In 05-17-2017 0 1	0	1
Why can't I ingest data? I need help to figure out why my environment is not ingesting data. I am on a single laptop I have four VMs install... by mhouse3 Path Finder in Getting Data In 05-16-2017 0 31	0	31
How to understand "Splunk software can extract only dates from a source, not times. If you need to extract a time from a source, use a transform." " The note is here, http://docs.splunk.com/Documentation/Splunk/6.6.0/Data/HowSplunkextractstimestamps But I have a pro... by jimmyzhangau New Member in Getting Data In 05-16-2017 0 3	0	3
How can I monitor the same file on different drives in windows? I'm trying to monitor the same file on different drives on Windows systems. I tried putting a wildcard into the inpu... by deloach Engager in Getting Data In 05-15-2017 0 5	0	5
What is the infrastructure recommendation based on daily volume? What is the infrastructure recommendation for ~40-50GB/day with ~150 servers? Can VM be deployed vs Physical servers... by bayman Path Finder in Getting Data In 05-15-2017 0 3	0	3
Using wildcards * in lookup csv files Hi to all, I'm using a csv file to categorize event actions extracted by a log file. I'm extracting events action (... by andreac81 Explorer in Getting Data In 05-15-2017 0 1	0	1
What could be causing Splunk to log my data under the wrong hostname? Hello, I recently added my meraki appliance as a datasource on my Splunk instance (reading from a file that syslog-n... by lacrosse1991 Explorer in Getting Data In 05-14-2017 0 5	0	5
How to extract Fields custom JSON File in Splunk I have custom JSON File on Splunk but SPATH command is not able to extract the fields from the data. Can any one sugg... by ashish9433 Communicator in Getting Data In 05-13-2017 0 1	0	1
Save token values so they can persist beyond session timeout I have a dashboard, where I can select a number of items from a list of many thousand. These selected items are added... by bowesmana SplunkTrust in Getting Data In 05-13-2017 0 4	0	4
How to get Splunk know the Account name when the Local or Global Group changed in Windows server 2008? Hi all, I found a problem when I migrate Splunk from Windows server 2003 to Windows server 2008. I created a alert f... by zyxcc New Member in Getting Data In 05-13-2017 0 1	0	1
How do I capture unique API list my application is using through Splunk? I have paths like this: https://100.100.100.100:8080/rest/config/L3UCPE-API:services/service-list/{uniqueId}/ https:... by vijaydudipala88 New Member in Getting Data In 05-12-2017 0 5	0	5
How often indexes or sourcetypes are being searched? Hi All, I'd like to create a report that shows how often users are performing searches against indexes, or even sou... by jguzowski Engager in Getting Data In 05-12-2017 1 2	1	2