Getting Data In

Community Activity

How to understand "Splunk software can extract only dates from a source, not times. If you need to extract a time from a source, use a transform." " The note is here, http://docs.splunk.com/Documentation/Splunk/6.6.0/Data/HowSplunkextractstimestamps But I have a pro... by jimmyzhangau New Member in Getting Data In 05-16-2017 0 3	0	3
How can I monitor the same file on different drives in windows? I'm trying to monitor the same file on different drives on Windows systems. I tried putting a wildcard into the inpu... by deloach Engager in Getting Data In 05-15-2017 0 5	0	5
What is the infrastructure recommendation based on daily volume? What is the infrastructure recommendation for ~40-50GB/day with ~150 servers? Can VM be deployed vs Physical servers... by bayman Path Finder in Getting Data In 05-15-2017 0 3	0	3
Using wildcards * in lookup csv files Hi to all, I'm using a csv file to categorize event actions extracted by a log file. I'm extracting events action (... by andreac81 Explorer in Getting Data In 05-15-2017 0 1	0	1
What could be causing Splunk to log my data under the wrong hostname? Hello, I recently added my meraki appliance as a datasource on my Splunk instance (reading from a file that syslog-n... by lacrosse1991 Explorer in Getting Data In 05-14-2017 0 5	0	5
How to extract Fields custom JSON File in Splunk I have custom JSON File on Splunk but SPATH command is not able to extract the fields from the data. Can any one sugg... by ashish9433 Communicator in Getting Data In 05-13-2017 0 1	0	1
Save token values so they can persist beyond session timeout I have a dashboard, where I can select a number of items from a list of many thousand. These selected items are added... by bowesmana SplunkTrust in Getting Data In 05-13-2017 0 4	0	4
How to get Splunk know the Account name when the Local or Global Group changed in Windows server 2008? Hi all, I found a problem when I migrate Splunk from Windows server 2003 to Windows server 2008. I created a alert f... by zyxcc New Member in Getting Data In 05-13-2017 0 1	0	1
How do I capture unique API list my application is using through Splunk? I have paths like this: https://100.100.100.100:8080/rest/config/L3UCPE-API:services/service-list/{uniqueId}/ https:... by vijaydudipala88 New Member in Getting Data In 05-12-2017 0 5	0	5
How often indexes or sourcetypes are being searched? Hi All, I'd like to create a report that shows how often users are performing searches against indexes, or even sou... by jguzowski Engager in Getting Data In 05-12-2017 1 2	1	2
Why am I unable to see the forwarder but data is being received? Hi, I setup a forwarder on a linux server and setup Splunk to listen on port 9997 and I added the index name (cisco) ... by Lenval06 Engager in Getting Data In 05-12-2017 0 6	0	6
How to delete an app listing on Splunkbase? How do I delete or remove my app from Splunkbase? by wnguyen Splunk Employee in Getting Data In 05-12-2017 0 1	0	1
Why has Splunk stopped real time monitoring of log files? I have my Splunk configured to monitor 3 directories, there our simulator keeps placing new .log files. It used to w... by coronelfoca Explorer in Getting Data In 05-12-2017 0 14	0	14
Windows Server 2016: Support by Splunk Enterprise & Universal Forwarder Server 2016 was released approximately 6 months ago, but it is still not listed as a supported OS on the system requi... by helge Builder in Getting Data In 05-12-2017 0 4	0	4
How to change sourcetype on indexer based on the value of source? Hi, My data flows in from the forwarder where index=idx1 and sourcetype=sourcetypeA have been set using inputs.conf.... by deepak02 Path Finder in Getting Data In 05-12-2017 0 7	0	7
How do I pull service status for Windows in an efficient manner? I know the WinHostMon input can be used to poll the status of all the services on a host, but it also outputs a lot o... by fairje Communicator in Getting Data In 05-12-2017 0 1	0	1
Why is the Universal Forwarder also sending internal logs when only told to send certain data to different indexer via _TCP_ROUTING in inputs.conf? We have a single inputs.conf stanza that sends the data from "targetLog.log" to a different indexer, "indexerB", than... by quasikaze Explorer in Getting Data In 05-12-2017 0 6	0	6
Windows Server 2016 compatibility Hello Where can I find Information about Windows Server 2016 compatibility (universal forwarder)? Regards by nicocin Path Finder in Getting Data In 05-12-2017 4 15	4	15
running down indexer congestion problems Hi, I'm running into occasional errors from one of my indexers reporting "skipped indexing of internal audit event w... by tgiles Path Finder in Getting Data In 05-12-2017 0 3	0	3
disable all inputs Hello, I'd like to disable all the input on the Splunk_TA_microsoft_ad, is there a handy way to do this? for exampl... by sassens1 Path Finder in Getting Data In 05-12-2017 0 3	0	3
How to check if Heavy Forwarder is autoload balancing properly ? I am forwarding some logs from a Heavy Forwarder to 2 indexers. I want to check if forwarder is balancing load/distr... by abhinav_maxonic Path Finder in Getting Data In 05-11-2017 0 2	0	2
How to find out what the default settings sourcetype that Splunk has set to for a data file in Splunk 6.2+ Hi, I have a log file that I need to import into Splunk and I want to get it as efficient as possible, as there is a... by BlueSocket Contributor in Getting Data In 05-11-2017 0 2	0	2
CSV inconsistent field value Hello Splunkers, So I have this csv file that a certain field contains 10+ numbers. Please see sample image below: ... by lloydknight Builder in Getting Data In 05-11-2017 0 5	0	5
why my indexers are indexing more than the hotdata maxVolumeDataSizeMB Hi, I'm facing some issue that our indexers are not following the local indexes.conf settings in my local indexes.co... by skuma30 New Member in Getting Data In 05-11-2017 0 3	0	3
Cisco ironport syslog broken pipe Hello I configured Splunk to handle TCP syslog from ironport appliances: [tcp://514] connection_host = dns index = ... by sassens1 Path Finder in Getting Data In 05-11-2017 1 1	1	1