Getting Data In

Community Activity

How to find out what the default settings sourcetype that Splunk has set to for a data file in Splunk 6.2+ Hi, I have a log file that I need to import into Splunk and I want to get it as efficient as possible, as there is a... by BlueSocket Contributor in Getting Data In 05-11-2017 0 2	0	2
CSV inconsistent field value Hello Splunkers, So I have this csv file that a certain field contains 10+ numbers. Please see sample image below: ... by lloydknight Builder in Getting Data In 05-11-2017 0 5	0	5
why my indexers are indexing more than the hotdata maxVolumeDataSizeMB Hi, I'm facing some issue that our indexers are not following the local indexes.conf settings in my local indexes.co... by skuma30 New Member in Getting Data In 05-11-2017 0 3	0	3
Cisco ironport syslog broken pipe Hello I configured Splunk to handle TCP syslog from ironport appliances: [tcp://514] connection_host = dns index = ... by sassens1 Path Finder in Getting Data In 05-11-2017 1 1	1	1
How to configure Splunk to index a one line JSON file with 55,000 characters? I have been trying to index a one line JSON file with 55,000 characters in a single line. Splunk seems to cut it off ... by khhenderson Path Finder in Getting Data In 05-11-2017 1 4	1	4
sending AIX audit log stream to splunk I was having major issues getting splunk to work with the "text" file that we are pushing all AIX commands to. Origi... by jfraiberg Communicator in Getting Data In 05-11-2017 4 3	4	3
Index only the first line and ignore the rest. Hello I have few files for which I want to index just the first line and ignore everything else as its purely being ... by theouhuios Motivator in Getting Data In 05-11-2017 0 5	0	5
How to filter the data in my log before indexing? HI I have a scenario where I need to filter the data present in a log. I need to index only the last line from that l... by Tejkumar451 Explorer in Getting Data In 05-11-2017 0 3	0	3
Props and transforms: Order of execution of transforms for multiple stanza? AS per props.conf documentation Use a comma-separated list to apply multiple transform stanzas to a single TRANSFOR... by koshyk Super Champion in Getting Data In 05-11-2017 0 2	0	2
Extract and Transform Custom Event I have events with the following format - [Thread-2505_GOOGLE_INT_20170424155901301f9e61-1493049600619-NSRLM_2_1_RT... by jagadeeshm Contributor in Getting Data In 05-11-2017 0 3	0	3
Does the Windows Active Directory user for Splunk forwarder need "Remote Desktop access" rights? Hello, Does the Windows user for Splunk forwarder need "Remote Desktop access" rights? In general, what kind of Win... by splunkreal Influencer in Getting Data In 05-11-2017 0 3	0	3
Running splunk diag gets stuck at "Getting index listings..." Hi, I am trying to create a diag file on one of my indexers and the process is stuck at "Getting index listings..." ... by andrei_radu New Member in Getting Data In 05-11-2017 0 2	0	2
Replace field at index time Hi, I would like to replace the "action" field so it conforms with the CIM datamodel. action at present will alway e... by dsofoulis Path Finder in Getting Data In 05-11-2017 0 1	0	1
Why are not all application logs getting forwarded to Splunk? I have sporadic issues where not all the logs from application logs are getting forwarded to Splunk. I see gaps in lo... by Sriram Communicator in Getting Data In 05-11-2017 0 1	0	1
Linux Blocking Event Forwarding It's always something! Now my Linux forwarder is saying the following: 05-10-2017 09:11:02.584 -0400 WARN TcpOut... by heats Explorer in Getting Data In 05-10-2017 0 1	0	1
Testing renderXML=1 for Windows event logs in Splunk 6.2, why is the data contained in XML format different without XML? Hello, I'm currently testing the 6.2 Feature renderXML=1 for Windows Event Logs, but it seems to me the information ... by wplank Path Finder in Getting Data In 05-10-2017 4 9	4	9
Why is the discard of specific events not working in props.conf and transforms.conf I am forwarding data from Splunk Enterprise on one server to Splunk Enterprise on a second server. Data is getting in... by simpkins1958 Contributor in Getting Data In 05-10-2017 0 1	0	1
Splunk cannot parse ISO8601/RFC3339 timestamp (e.g. 2017-05-09T19:56:50.233319+00:00) I am having issues getting Splunk to parse the ISO8601/RFC3339 timestamps included in my log messages. I am using th... by efcasado New Member in Getting Data In 05-10-2017 0 2	0	2
Why are universal forwarder internal logs not getting rotated due to permission issues (Access is denied) in Windows? We have deployed universal forwarders on Windows and are running as "local system" (admin). This is installed in C:\P... by koshyk Super Champion in Getting Data In 05-10-2017 0 5	0	5
SEDCMD not being applied? I'm trying to do a seemingly simple SEDCMD replace of passwords in logs, but nothing is getting applied. I have pushe... by jdmclemore Path Finder in Getting Data In 05-09-2017 0 4	0	4
index replication in custom index Hello, i have created a new index DAP in cluster master and shared the configuration of this new indexes.conf with al... by Prakhar_shukla Path Finder in Getting Data In 05-09-2017 0 5	0	5
vip and heavy forwarder setup for HEC Can I use the same HEC token on all HF's which are behind a VIP and set up clients to send data to VIP ip? The purpos... by antonyhan Path Finder in Getting Data In 05-09-2017 0 2	0	2
How I can delete data from splunk after indexed new file Hi, I have a CSV file in my folder on pc that is updated every day. I want to use always the most up-to-date csv file... by ngerosa Path Finder in Getting Data In 05-09-2017 1 6	1	6
INDEX_AND_FORWARD usage I want to (index and) forward (to a syslog endpoint) some data that goes into a particular index on my indexer cluste... by gavsdavs_GR Path Finder in Getting Data In 05-09-2017 0 3	0	3
Custom Filtering across multiple Logs Hi Splunk community, For Log A, I would like to extract out all the values of a specific field that matches a specif... by tanyongjin Explorer in Getting Data In 05-09-2017 0 3	0	3