Getting Data In

Ask a Question

Discussions

Thread Info

How to troubleshoot why a file in monitored folder is not being indexed in Splunk Light Free 6.3.0?

Hi, I’ve been using Splunk Light Free Version 6.3.0 for about a month on Mac OS X, and it’s been working well, mon...

by Explorer in

Route event data to different target groups issue

Hi Splunkers, here are my 3 configuration files transforms,props,outputs /// props.conf [host:firstClient] TRANSFO...

by New Member in

In my current batch stanza in inputs.conf, why is the file indexed twice?

My inputs.conf is as follow: [batch://C:\Splunk\2.txt] index = netiq move_policy = sinkhole sourcetype = shinsei_d...

by Path Finder in

How to assign timestamp for an event from two different fields

I have an event like "abcabcabc....abc..timestamp:-2017-05-05T*08:08:08.987.....abc...abc.....date:-2017-05-03*......

by Contributor in

Error on Splunk Universal Forwarder Upgrade

Hi everyone, When we upgrade agent (6.0.2 to 6.0.3) we have a WIndows error : "1901 Error attempting to read from the...

by Explorer in

How to develop a regular expression that will blacklist my log paths in inputs.conf?

Below is my monitoring path [monitor:///wasapps/WAS85/logs/restconnect_alppapp102was85Node01] I want to blackl...

by Path Finder in

How can I create a search via the REST API in a specific app?

I am trying to perform a search to modify a lookup csv via the REST API. The simple search |inputlookup filename....

by Engager in

CSV file ingestion not respecting column headings

I'm trying to monitor a CSV file (via a UF) with column headings included in the file. I want the column headings to ...

by Path Finder in

Transforms field/value extract not fully working

I have a log that has multiple fields and values and each event has a different set of fields and values. To handle t...

by Explorer in

Why is there no data in my summary index?

I built a splunk cluster. I created a lot of alerts on the main search server, some alerts I enabled the summary inde...

by Communicator in

Is there a way to write a script to download the latest Splunk version?

All, I see there is a "got wget" option on the download page for Splunk, which is great, but that hardcodes me to...

by Builder in

Indexes appear in usage report but not in indexes.conf or on indexer

I just inherited a stand alone splunk instance and when I run the usage report by indexes, I see a couple of indexes ...

by Path Finder in

TimeZone issue

I am having issue with some ironport logs with Time zone. The logs are coming in as UTC "2017-05-04T16:05:40+00:00" b...

by New Member in

Batch input for Windows preventing new file creation

We want to set up a process that writes an application log to a batch input where Splunk will ingest the file and the...

by Communicator in

How to rename host field value based on event data?

I have a Linux server that ingests pre-cooked log files. Each line of the log file begins with the host that the log ...

by Communicator in

LDAP by SSL using WIndows 2012R2 cannot connect to Active Directory server

Trying to use LDAP with SSL and running into issue 'Can't contact LDAP server'. Looked on Splunk Answers and saw simi...

by Explorer in

Parse JSON series data into a chart

I'm trying to parse the following JSON data into a timechart "by label". The "data" section is a timestamp and a valu...

by Explorer in

What happened if universal forwarder is pointed to a new Deployment server?

Hello, Situation: - Universal forwarder pointed to a temp Deployment server - Two applications are deployed on the...

by Explorer in

Search query to check 50-100 forwarders phoning home status from thousands of forwarders.

Hi, We have thousands of forwarders installed. Our requirement is to check status of only 50-100 forwarders from t...

by Explorer in

SPlunk API

How grant required access & end point information for accessing the Splunk API? Please help us how we can grant ac...

by New Member in

How to filter search result based on case condition

Hi guys, I'm new to splunk and I have one issue with filtering my search results based on a case condition My search ...

by New Member in

Regex in summary index

Hi, I have a lot of searches like this: Search 1: | common regex | stats using some fields extracted in regex ...

by Path Finder in

Parsing XML log files

Hi, I would to like to index a log in xml format and I would to like to parse it so that the content of each event...

by Communicator in

Splunk server not recieving data from node

I have a splunk enterprise server and a node configured with Linux forwarder. These are the things configured in both...

by New Member in

Windows events: Why no data in the "Message" field?

I have a heavy forwarder on a win2008R2 server. Windows security logs are being written to a file on that forwarder a...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to troubleshoot why a file in monitored folder is not being indexed in Splunk Light Free 6.3.0?

Route event data to different target groups issue

In my current batch stanza in inputs.conf, why is the file indexed twice?

How to assign timestamp for an event from two different fields

Error on Splunk Universal Forwarder Upgrade

How to develop a regular expression that will blacklist my log paths in inputs.conf?

How can I create a search via the REST API in a specific app?

CSV file ingestion not respecting column headings

Transforms field/value extract not fully working

Why is there no data in my summary index?

Is there a way to write a script to download the latest Splunk version?

Indexes appear in usage report but not in indexes.conf or on indexer

TimeZone issue

Batch input for Windows preventing new file creation

How to rename host field value based on event data?

LDAP by SSL using WIndows 2012R2 cannot connect to Active Directory server

Parse JSON series data into a chart

What happened if universal forwarder is pointed to a new Deployment server?

Search query to check 50-100 forwarders phoning home status from thousands of forwarders.

SPlunk API

How to filter search result based on case condition

Regex in summary index

Parsing XML log files

Splunk server not recieving data from node

Windows events: Why no data in the "Message" field?

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Parsing Multimetric Logs

SC4S Syslog server update fails during download wi...

SplunkForwarder flooding splunkd.log with reconnec...

Event break multiline PowerShell Transcript Log

uberAgent

Getting Data In

Are you a member of the Splunk Community?

Discussions