Getting Data In

Discussions

Thread Info

How to configure Unix/AIX servers to forward administrative activity logs to Splunk?

Hi Everyone, We have some unix/aix servers, and we want to configure the servers to send the administrative activi...

by Communicator in

Exclude Sourcetype from being indexed

How do i exclude paticular sourcetype from being indexed at my indexer end Or is there any method to stop them at for...

by Explorer in

Configuration error: The environment variable SPLUNK_ETC must not be empty.

I'm getting error while starting the Splunk Enterprise Application using CLI. Anyone kindly let me the know the list ...

by New Member in

Can we index and monitor image files like PNG and SVG files

Hi, i am sure this question is valid or not. we are checking how to implement flame graphs using perl script and g...

by Communicator in

Creating "Custom groups" and using them in a filter

I would like to do on splunk something similar to what in microstrategy is colled custom groups. I'll try to expla...

by Communicator in

Has anyone tried monitoring and searching interactive Windows Active Directory logon events?

Hi. Splunk makes it pretty easy to identify logon/logoff events. However, what I'm really interested in right now are...

by Path Finder in

Limit Data send from Forwarder to Indexer

Hello, is it possible to limit the data which will be send to the forwarder, like 10 MB/day? One of our applica...

by Path Finder in

Extract time stamp at different places in different logs in single source type

Hi, I have two different events in single source type and logs look like below, Jan 15 09:50:18 xxxxxxxxxxxx A...

by Path Finder in

What is the best approach for a search time extraction of JSON formatted data within syslog event value?

I have a data source I am pulling syslog data from (a modular input). The data returned from this API is syslog forma...

by New Member in

Need advice/help with how to parse data file

Need help parsing file Each file represents a unique complete test. Here is a snippet of what we have. Some not...

by Splunk Employee in

shell script for converting a foxbase .DAT file to (comma delimited) .CSV using excel

Hello, I'm kind of new to this, so please bear with me. I have been trying to make a shell script that can do the ...

by Explorer in

Why is my forwarding configuration not forwarding data?

Good afternoon, working on setting up the final piece of Splunk infrastructure and I have come across a little speed ...

by Path Finder in

How to find out why Splunk Indexer re-indexed my IIS logs?

Recently, my Splunk environment decided to re-index ALL of my IIS logs (which crushed my daily license quota). I have...

by New Member in

How to combine multiple searches and output results into one CSV file?

Here is example query.. index=A host=host1 | stats count by host | index=B sourcetype=s1 | dedup host | table hos...

by Path Finder in

How to get the latest event from duplicate events and count a specific value for that latest event?

This is my sample data: _time duration ID 2017-01-12 19:40:03 5 AAAAA 2017-01-12 19:42:03 10 ...

by Communicator in

What is the regular expression for these Event ID codes?

Client needs to push these event codes through Heavy Forwarder to Splunk Cloud. So please help in creating REGEX for ...

by Explorer in

What protocol is used for the SSL connection between the Splunk forwarder and index?

I would like to know what protocols / ciphers are used for the ssl connection. Is it SSLv3, TLS1.0, TLS1.1 or TLS1.2?...

by New Member in

subtract value on Subquery

So basically I want to make a subquery where I can use the values founded in the first query to make a subtract from ...

by Explorer in

fschange Alternatives

Does anyone know of another way to monitor folders/files in Windows other than fschange? I have played with the "moni...

by Explorer in

RBAC/permissions: Is it possible to restrict a role as only able to search an index from a particular app?

My customer has indexed data that inadvertently contains clear-text passwords in it. There are folks who need to b...

by Builder in

Is it possible to monitor a KVM virtual infrastructure with Splunk?

Hi, Is it possible to monitor a KVM virtual infra with Splunk? Best regards, Laurent

by New Member in

Why am I receiving "Error in 'savedsearch' command" when exporting data using REST API?

http://docs.splunk.com/Documentation/Splunk/6.4.5/Search/ExportdatausingRESTAPI I read the manual, nothing is work...

by Builder in

historic data not ingesting

I ingested the logs data to Splunk Uat servers, it got ingested all data including the historic data, But when I inge...

by Contributor in

Hunk: Why am I unable to retrieve results for a date and time range beyond today's date?

I have the exact same issue as https://answers.splunk.com/answers/320535/post.html . I tried the regex provided in th...

by Explorer in

How to edit my configuration to line break events at every "= ID:" in my sample log file?

Some of the events are not being broken down. It works most of the time, but will not break lines couple of times, ea...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How to configure Unix/AIX servers to forward administrative activity logs to Splunk?

Exclude Sourcetype from being indexed

Configuration error: The environment variable SPLUNK_ETC must not be empty.

Can we index and monitor image files like PNG and SVG files

Creating "Custom groups" and using them in a filter

Has anyone tried monitoring and searching interactive Windows Active Directory logon events?

Limit Data send from Forwarder to Indexer

Extract time stamp at different places in different logs in single source type

What is the best approach for a search time extraction of JSON formatted data within syslog event value?

Need advice/help with how to parse data file

shell script for converting a foxbase .DAT file to (comma delimited) .CSV using excel

Why is my forwarding configuration not forwarding data?

How to find out why Splunk Indexer re-indexed my IIS logs?

How to combine multiple searches and output results into one CSV file?

How to get the latest event from duplicate events and count a specific value for that latest event?

What is the regular expression for these Event ID codes?

What protocol is used for the SSL connection between the Splunk forwarder and index?

subtract value on Subquery

fschange Alternatives

RBAC/permissions: Is it possible to restrict a role as only able to search an index from a particular app?

Is it possible to monitor a KVM virtual infrastructure with Splunk?

Why am I receiving "Error in 'savedsearch' command" when exporting data using REST API?

historic data not ingesting

Hunk: Why am I unable to retrieve results for a date and time range beyond today's date?

How to edit my configuration to line break events at every "= ID:" in my sample log file?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures