Getting Data In

Community Activity

change the owner of a saved search via REST Hi there, I just want to change the attribut "owner" (within eai:acl) of a saved search via REST. Is this feasible? ... by bjoernjensen Contributor in Getting Data In 05-30-2017 1 2	1	2
Is it possible to selectively line merge syslog-ng truncated events? I have a syslog server receiving and filtering into files and then forwarding data to my indexers. One source uses ud... by JSkier Communicator in Getting Data In 05-30-2017 1 2	1	2
Using DELIMS with a string instead of single character Hi, I'm forwarding from an proxy logs using NX-log and nxlog is using string "#011" to separate fields, like that: ... by restevan New Member in Getting Data In 05-30-2017 0 5	0	5
Problem with CDR Phone Data Hello Everybody, I have a big Problem with customers phone data (cdr´s)... One phone-call has multiple events: I... by denis_roehr Explorer in Getting Data In 05-30-2017 1 4	1	4
Need to schedule IO wait alerts on Splunk Our Splunk infrastructure is on Azure and recently we face a major issue where I/O wait time was high and so indexing... by vikram_m Path Finder in Getting Data In 05-29-2017 0 1	0	1
Splunk HEC Integration. Where to enable? Deployment Server or Log Server? Hello, Here's our Splunk setup: 3 Indexers (not clustered) 1 Search Head/Deployment Server 1 Log Server (acts like ... by lloydknight Builder in Getting Data In 05-29-2017 0 2	0	2
I am trying to remove all the special characters in the field and replace them with space character using sed mode in rex command. First I tried to search for chars which aren't alphanumeric and replace them with space character. source="Regex.zip:... by anjanikumar Engager in Getting Data In 05-27-2017 1 5	1	5
Filter data and Extract field before indexed To avoid over index usage, I want to filter before it indexed and I also want extract field before indexed as well. A... by gurveer_singh88 New Member in Getting Data In 05-27-2017 0 5	0	5
How to forward the event of a specific index on the heavy forwarder to the specified index of another indexer? I have a separate Splunk Enterprise instance, The 9997 port has been enabled to receive events from each host and se... by xsstest Communicator in Getting Data In 05-26-2017 0 2	0	2
setting stopacceptorafterqblock attribute in inputs.conf Hi All, We are running into serious issue with Forwarder settings. Please help Forwarder was working fine when the s... by k_harini Communicator in Getting Data In 05-26-2017 0 5	0	5
How to edit inputs.conf to blacklist an eventcode? I have the following inputs.conf stanza: [WinEventLog://Security] disabled=0 current_only=1 blacklist... by t_gayathirik New Member in Getting Data In 05-26-2017 0 2	0	2
Splunk closing TCP port 9997 (forwarder port) I upgraded to 4.3.3 on an indexer that never had any problems before this point in time and now the indexer is droppi... by caphrim007 Path Finder in Getting Data In 05-26-2017 0 8	0	8
Is it possible for a universal forwarder to inject additional data into existing log stream? I have several universal forwarders (UF) monitoring files on both Windows and Linux endpoints. I would like to "injec... by tanium_spence Engager in Getting Data In 05-26-2017 1 6	1	6
Is there a way to configure the Universal Forwarder to prevent duplicate events due to a log file that regenerates? I am using the universal forwarder to index a log file that regenerates every time that a new row is added. In other... by donaldlcho New Member in Getting Data In 05-26-2017 0 1	0	1
Forcepoint Proxy syslogs - Parsing questions we're getting the syslogs exports from our Forcepoint appliances, using their standardised SIEM integration. The form... by mooree Path Finder in Getting Data In 05-26-2017 1 3	1	3
How to write a monitor stanza in inputs.conf to monitor a file in splunk ? Hi All, Can anyone guide us on how to create an input stanza to monitor a files through splunk. Need to monitor logs... by Hemnaath Motivator in Getting Data In 05-26-2017 0 17	0	17
How to exclude logs ingesting during index time In our IIS logs, we are getting thousands of lines like below which is of no use in ingesting into Splunk. So want to... by bsuresh1 Path Finder in Getting Data In 05-26-2017 1 10	1	10
Universal Forwarder and forward-compatibility In our zest to upgrade our Universal Forwarders (UF) , we have seemed to inadvertently upgrade to a version newer tha... by cboillot Contributor in Getting Data In 05-26-2017 0 2	0	2
Top-Level Domain Extraction (from URLs) So I've searched and searched and can't find a regex that quite fits what I want to do...What I'd like to do is extra... by dsmeerkat Explorer in Getting Data In 05-26-2017 0 5	0	5
How to fix error "Invalid key in stanza" in props.conf? Hi, I am getting the below error. Please help me debug. Invalid key in stanza [app:BKR:PerfRest] in /opt/splunk/... by deepak02 Path Finder in Getting Data In 05-25-2017 0 2	0	2
How to remove a specific string from an events in splunk ? Hi All, currently we are facing an issue in removing a specific values from the event list starting with the word "at... by Hemnaath Motivator in Getting Data In 05-25-2017 0 20	0	20
Filtering on keywords with exceptions Hi, I am trying to figure out if there is an easy way to filter based on a word and its negative-form. For example... by nidhsha2 New Member in Getting Data In 05-25-2017 0 4	0	4
How to index data using Rest API in splunk? HI I have a below curl command, What is the best way to ingest data into Splunk? curl -u "abc:123" -H "X-Requested-W... by kiran331 Builder in Getting Data In 05-25-2017 0 1	0	1
Splunk 4.1.6 - skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to block How would I resolve an issue like this? There appears to be ample disk space on the server hosting the Splunk install... by inquen Engager in Getting Data In 05-25-2017 1 4	1	4
How to filter out Windows Event Logs that have passwords sent in cleartext? Hello Splunkers, In my environment, we currently send C:\windows\system32\winevt\Logs*.evtx on our windows servers o... by vanderaj2 Path Finder in Getting Data In 05-25-2017 0 3	0	3