Getting Data In

Discussions

Thread Info

Why doesn't the CLI command create a stanza in inputs.conf?

Or to restate the question : Why is Splunk Web reflecting the results of the CLI command, but inputs.conf file doesn'...

by Explorer in

static csv file (uploaded only once in a day) issue

I have a csv file kept in a central path which is only uploaded once in a day. The moment i search the data on my sea...

by Path Finder in

Trying to parse my Json into a table

this is the format: { "epoch": "1485892851.94944", "id": "3952418", "name": "WMI Performance Adapter", "new_attrs"...

by Communicator in

How to resolve "error getting attributes of path "C:\pagefile.sys"" after pushing configurations to servers?

I have pushed configurations to at least 15 servers. 12 servers out of these 15 are returning with these errors, wher...

by Builder in

How to get Splunk to index a small 1.5KB CSV file?

I am trying to make Splunk read/index a CSV that is of 1.5KB. I have used the traditional CRCSALT=>SOURCE> tag in...

by Builder in

I have Windows Universal Forwarder that is sending thousands of blank Windows events and duplicating events

On the Windows client server (splunkforwarder-6.2.1-245427-x64-release.msi) the inputs.conf file contains: [WinEve...

by Path Finder in

TIME_FORMAT regex help

12/02/2015 12:00:00 AM, Execute time: 0150 looking to extract the date and the 24hr time pls

by Builder in

How to configure line breaking on TCP events separated with null character ('\x00')?

My log source generates events ended with null-character ('\x00') and sends them to Splunk via TCP in chunks every 10...

by Explorer in

How to configure props.conf and transforms.conf to process the timestamps in my data?

Have data that Splunk is struggling with and needs props.conf and transforms.conf. The year/month/date followed by ti...

by Path Finder in

Missing Index Even Specifying Index in inputs.conf

Hi, The architect of the deployment is UF(Windows)->HF->Indexer->SH, only UF is installed in Windows platform and all...

by New Member in

Need help with what should be a simple precedence issue regarding props.conf and aliases.

Simple scenario app_a/default/props.conf 25_app_a/default/props.conf The 25_app_a is an exact copy aside from t...

by Path Finder in

How to index W3C IISlog from a Universal forwarder

I am new to Splunk, so please forgive me if the answer to the question is obvious.... I am trying to index W3C IIS...

by New Member in

How do I debug inbound syslog that isn't getting indexed by Splunk?

Hi I currently have tried a lot of things but can't seem to get the data into Splunk. I have a server sending sysl...

by New Member in

mvcombine ignores specified delimiter

We're indexing /var/log/secure, as one does, and I have a request to list users who've logged in in a comma-delimted ...

by Path Finder in

Splunk Universal Forwader constantly crashes with "Crashing thread: indexerPipe".

Splunk Universal Forwader constantly crashes with "Crashing thread: indexerPipe". splunkd.log shows: WARN Indexer...

by Splunk Employee in

Socket not supported error while installing universal forwarder on Bash (Virtual machine on windows)

Hi, I am trying to install a universal forwarder on Bash(Virtual Linux terminal on windows). Step 1: Install S...

by Path Finder in

Extracting data from complicated JSON, match a value

I have JSON in the following format: [ { "nameValues": [], "offeringId": "a" }, { ...

by New Member in

How to prevent numeric values from turning into a string using the REST API?

I'm trying to do a summation of different fields doing a CURL call using the Splunk REST API. Here's what I have: ...

by Explorer in

Where do I configure the host in Splunk Light to collect data from a socket of an external device?

I am evaluating Splunk Light. I want to collect data from a socket port on an external device. I was hoping that by c...

by New Member in

Why am I getting duplicate saved search results after copying an app?

I have two apps which have the same saved searches defined in their own savedsearches.conf files, however, rather tha...

by Communicator in

After installing a Splunk 6.4 universal forwarder, why are events indexed with the shortname instead of FQDN for the hostname?

After an initial installation of the Universal Forwarder (6.4.0), I immediately changed the hostname values to use th...

by Path Finder in

Why is REST API removing a leading pipe before an "inputcsv" command?

It appears that my use of the REST API is somehow causing a leading pipe to be stripped before an inputcsv command. I...

by Communicator in

Can I run Splunk Light on a Microsoft Windows Virtual Server?

I am trying to determine if I can run Splunk Light on a Microsoft Windows Virtual Server. Is this possible?

by New Member in

Windows Infrastructure: What would cause the Print Job Viewer to stop working?

I set up our print server to send print job info to Splunk recently and it worked for awhile. For some reason, it ...

by Path Finder in

How do I reindex data with change of crcSalt if crcSalt = is used?

I have a data input which uses crcSalt = <SOURCE> Task is to reindex these data. Preferably using the crcSalt...

by Path Finder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Why doesn't the CLI command create a stanza in inputs.conf?

static csv file (uploaded only once in a day) issue

Trying to parse my Json into a table

How to resolve "error getting attributes of path "C:\pagefile.sys"" after pushing configurations to servers?

How to get Splunk to index a small 1.5KB CSV file?

I have Windows Universal Forwarder that is sending thousands of blank Windows events and duplicating events

TIME_FORMAT regex help

How to configure line breaking on TCP events separated with null character ('\x00')?

How to configure props.conf and transforms.conf to process the timestamps in my data?

Missing Index Even Specifying Index in inputs.conf

Need help with what should be a simple precedence issue regarding props.conf and aliases.

How to index W3C IISlog from a Universal forwarder

How do I debug inbound syslog that isn't getting indexed by Splunk?

mvcombine ignores specified delimiter

Splunk Universal Forwader constantly crashes with "Crashing thread: indexerPipe".

Socket not supported error while installing universal forwarder on Bash (Virtual machine on windows)

Extracting data from complicated JSON, match a value

How to prevent numeric values from turning into a string using the REST API?

Where do I configure the host in Splunk Light to collect data from a socket of an external device?

Why am I getting duplicate saved search results after copying an app?

After installing a Splunk 6.4 universal forwarder, why are events indexed with the shortname instead of FQDN for the hostname?

Why is REST API removing a leading pipe before an "inputcsv" command?

Can I run Splunk Light on a Microsoft Windows Virtual Server?

Windows Infrastructure: What would cause the Print Job Viewer to stop working?

How do I reindex data with change of crcSalt if crcSalt = is used?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

No such file or directory: 'java' adding JMX acco...

WARN SSLCommon [53742 FwdDataReceiverThread] - Re...

What is the correct format for including the API k...

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout