Getting Data In

Community Activity

How often indexes or sourcetypes are being searched? Hi All, I'd like to create a report that shows how often users are performing searches against indexes, or even sou... by jguzowski Engager in Getting Data In 05-12-2017 1 2	1	2
Why am I unable to see the forwarder but data is being received? Hi, I setup a forwarder on a linux server and setup Splunk to listen on port 9997 and I added the index name (cisco) ... by Lenval06 Engager in Getting Data In 05-12-2017 0 6	0	6
How to delete an app listing on Splunkbase? How do I delete or remove my app from Splunkbase? by wnguyen Splunk Employee in Getting Data In 05-12-2017 0 1	0	1
Why has Splunk stopped real time monitoring of log files? I have my Splunk configured to monitor 3 directories, there our simulator keeps placing new .log files. It used to w... by coronelfoca Explorer in Getting Data In 05-12-2017 0 14	0	14
Windows Server 2016: Support by Splunk Enterprise & Universal Forwarder Server 2016 was released approximately 6 months ago, but it is still not listed as a supported OS on the system requi... by helge Builder in Getting Data In 05-12-2017 0 4	0	4
How to change sourcetype on indexer based on the value of source? Hi, My data flows in from the forwarder where index=idx1 and sourcetype=sourcetypeA have been set using inputs.conf.... by deepak02 Path Finder in Getting Data In 05-12-2017 0 7	0	7
How do I pull service status for Windows in an efficient manner? I know the WinHostMon input can be used to poll the status of all the services on a host, but it also outputs a lot o... by fairje Communicator in Getting Data In 05-12-2017 0 1	0	1
Why is the Universal Forwarder also sending internal logs when only told to send certain data to different indexer via _TCP_ROUTING in inputs.conf? We have a single inputs.conf stanza that sends the data from "targetLog.log" to a different indexer, "indexerB", than... by quasikaze Explorer in Getting Data In 05-12-2017 0 6	0	6
Windows Server 2016 compatibility Hello Where can I find Information about Windows Server 2016 compatibility (universal forwarder)? Regards by nicocin Path Finder in Getting Data In 05-12-2017 4 15	4	15
running down indexer congestion problems Hi, I'm running into occasional errors from one of my indexers reporting "skipped indexing of internal audit event w... by tgiles Path Finder in Getting Data In 05-12-2017 0 3	0	3
disable all inputs Hello, I'd like to disable all the input on the Splunk_TA_microsoft_ad, is there a handy way to do this? for exampl... by sassens1 Path Finder in Getting Data In 05-12-2017 0 3	0	3
How to check if Heavy Forwarder is autoload balancing properly ? I am forwarding some logs from a Heavy Forwarder to 2 indexers. I want to check if forwarder is balancing load/distr... by abhinav_maxonic Path Finder in Getting Data In 05-11-2017 0 2	0	2
How to find out what the default settings sourcetype that Splunk has set to for a data file in Splunk 6.2+ Hi, I have a log file that I need to import into Splunk and I want to get it as efficient as possible, as there is a... by BlueSocket Contributor in Getting Data In 05-11-2017 0 2	0	2
CSV inconsistent field value Hello Splunkers, So I have this csv file that a certain field contains 10+ numbers. Please see sample image below: ... by lloydknight Builder in Getting Data In 05-11-2017 0 5	0	5
why my indexers are indexing more than the hotdata maxVolumeDataSizeMB Hi, I'm facing some issue that our indexers are not following the local indexes.conf settings in my local indexes.co... by skuma30 New Member in Getting Data In 05-11-2017 0 3	0	3
Cisco ironport syslog broken pipe Hello I configured Splunk to handle TCP syslog from ironport appliances: [tcp://514] connection_host = dns index = ... by sassens1 Path Finder in Getting Data In 05-11-2017 1 1	1	1
How to configure Splunk to index a one line JSON file with 55,000 characters? I have been trying to index a one line JSON file with 55,000 characters in a single line. Splunk seems to cut it off ... by khhenderson Path Finder in Getting Data In 05-11-2017 1 4	1	4
sending AIX audit log stream to splunk I was having major issues getting splunk to work with the "text" file that we are pushing all AIX commands to. Origi... by jfraiberg Communicator in Getting Data In 05-11-2017 4 3	4	3
Index only the first line and ignore the rest. Hello I have few files for which I want to index just the first line and ignore everything else as its purely being ... by theouhuios Motivator in Getting Data In 05-11-2017 0 5	0	5
How to filter the data in my log before indexing? HI I have a scenario where I need to filter the data present in a log. I need to index only the last line from that l... by Tejkumar451 Explorer in Getting Data In 05-11-2017 0 3	0	3
Props and transforms: Order of execution of transforms for multiple stanza? AS per props.conf documentation Use a comma-separated list to apply multiple transform stanzas to a single TRANSFOR... by koshyk Super Champion in Getting Data In 05-11-2017 0 2	0	2
Extract and Transform Custom Event I have events with the following format - [Thread-2505_GOOGLE_INT_20170424155901301f9e61-1493049600619-NSRLM_2_1_RT... by jagadeeshm Contributor in Getting Data In 05-11-2017 0 3	0	3
Does the Windows Active Directory user for Splunk forwarder need "Remote Desktop access" rights? Hello, Does the Windows user for Splunk forwarder need "Remote Desktop access" rights? In general, what kind of Win... by splunkreal Influencer in Getting Data In 05-11-2017 0 3	0	3
Running splunk diag gets stuck at "Getting index listings..." Hi, I am trying to create a diag file on one of my indexers and the process is stuck at "Getting index listings..." ... by andrei_radu New Member in Getting Data In 05-11-2017 0 2	0	2
Replace field at index time Hi, I would like to replace the "action" field so it conforms with the CIM datamodel. action at present will alway e... by dsofoulis Path Finder in Getting Data In 05-11-2017 0 1	0	1