Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Kieffer87

Search Archived Buckets in Hadoop

I'm working on pushing out Hadoop data roll for archived data to our index cluster. The buckets are rolling as expect...
by Kieffer87 Communicator in Getting Data In 04-20-2017
0 4
0
4
isha_rastogi

How to automatically extract key value pairs after using translatefix

I have used translatefix to decode the fix messages logs and it worked fine. But Splunk is not able to automatically ...
by isha_rastogi Path Finder in Getting Data In 04-20-2017
0 6
0
6
mshilston

Should I use a heavy forwarder or an indexer cluster for my particular scenario?

Hi, I'm hoping for some advice as I'm trying to understand the best way to configure Splunk components in the scena...
by mshilston Path Finder in Getting Data In 04-20-2017
0 2
0
2
chernigin_yuri

Convert DateTime format befor indexing and write in _time. Time of event have hex format.

Hello everybody! I have trouble with parsing time of event in time indexing.Fields of time in my raw event have hex ...
by chernigin_yuri Explorer in Getting Data In 04-20-2017
0 6
0
6
bakechris

Can I use Splunk 6.5 to monitor Windows 7 hosts?

Can I use Splunk 6.5 to monitor Windows 7 hosts? My indexer is on Server 2012 so I know I can install 6.4.5 I just ne...
by bakechris Engager in Getting Data In 04-20-2017
0 3
0
3
jwelters

How to create a custom field to match a particular string?

I have an interesting use case, where I have a list of strings that I search for within our proxy logs to identify pr...
by jwelters Explorer in Getting Data In 04-20-2017
0 7
0
7
sassens1

how to filter and forward to multiple destination

Hello, I tried this configuration but it ended up badly, there were no more log on Splunk: [pan:log] TRANSFORMS-hos...
by sassens1 Path Finder in Getting Data In 04-20-2017
0 2
0
2
splunkguy0342

Is there a way to change collection interval for HTTP Event Collector?

I am using HTTP Event Collector to collect Symantec ATP logs, my current ingest rate varies based on log size. It is ...
by splunkguy0342 New Member in Getting Data In 04-19-2017
0 1
0
1
citosysadmin

How to filter or blacklist all event type/level "information" on Splunk 6.5.0?

I would like to filter/blacklist all event type/level "information" on Splunk 6.5.0, i am using wmi to collect logs f...
by citosysadmin New Member in Getting Data In 04-19-2017
0 4
0
4
maverick

How can I index SNMP traps on Windows with Splunk?

I would like my Juniper and Cisco network devices to send snmp traps to Splunk indexer running on Win2008. Anyone in...
by maverick Splunk Employee Splunk Employee in Getting Data In 04-19-2017
0 2
0
2
msarro

Getting SNMP Data into Splunk

Hey everyone, I am trying to figure out the most efficient way to get polled SNMP data into splunk. Strangely while t...
by msarro Builder in Getting Data In 04-19-2017
3 13
3
13
cqian02

Sending SNMP to Splunk

Still have some doubts about sending SNMP to Splunk http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMP...
by cqian02 Explorer in Getting Data In 04-19-2017
1 4
1
4
fowlerpb

SNMP Hell. Just awful install and support.

ok. We have spent hours on trying to get our snmp logs into Splunk. Everyone should be aware of the Hell. First, f...
by fowlerpb Engager in Getting Data In 04-19-2017
4 5
4
5
srisplunk12

What is the best practice for setting time zone?

We have Splunk instances running in EST, however the application log files are in GMT & EST. When Splunk is indexin...
by srisplunk12 Engager in Getting Data In 04-19-2017
0 4
0
4
mholden37

How to fix an incorrectly indexed timestamp?

Splunk is not showing the correct time on the events. The time that Splunk gives the log is 5 hours behind the time t...
by mholden37 Engager in Getting Data In 04-19-2017
0 3
0
3
bhavesh91

How to enable the forwarder to add another field (such as an alias of a host) during index time?

Adding an index-time value on a forwarder to capture the hostnames as the host (custom name) is already added in inpu...
by bhavesh91 New Member in Getting Data In 04-19-2017
0 3
0
3
ddrillic

How can I set the sourcetype to a value from the input stream?

I have a name value data stream which contains the following - "msg_sourcetype": "syslog-test". How can I set the sou...
by ddrillic Ultra Champion in Getting Data In 04-19-2017
0 2
0
2
isha_rastogi

How To monitor data for specific months.

I've logs files in the location which has dates like: /test/01-10-2016/test.log /test/01-11-2016/test.log I have to...
by isha_rastogi Path Finder in Getting Data In 04-19-2017
0 5
0
5
zliu

How do I hard-code the FQDN as the "host" attribute? and how do I move all the old data from the computername to the FQDN?

I have 50+ windows and linux servers in each of 2 datacenters that have the same conputername, but different Fully Qu...
by zliu Splunk Employee Splunk Employee in Getting Data In 04-19-2017
3 4
3
4
MillerTime

How can I use the fully qualified domain name (FQDN) as the host value for /var/log/messages?

With a universal forwarder installed on a Linux host (many flavors including Ubuntu & CentOS), the Splunk indexer wil...
by MillerTime Splunk Employee Splunk Employee in Getting Data In 04-19-2017
5 5
5
5
ipicbc

Raw import not getting the full data. Is this a CR/LF issue that can be fixed with a configuration file edit?

I am not getting the full event on ingestion from a log file. I am assuming it's a CR/LF problem that would be fixed...
by ipicbc Explorer in Getting Data In 04-18-2017
1 2
1
2
pramach

Where do I find the logs of a universal forwarder that are installed in a domain controller?

Where do I find the logs of a universal forwarder that are installed in a domain controller? We have universal forwa...
by pramach New Member in Getting Data In 04-18-2017
0 4
0
4
dperry

How to edit my props.conf to correctly line break my sample log?

I want Splunk to break every time I see Event logged at *}: Event logged at {1492205898958;2}: ID: com.innovision....
by dperry Communicator in Getting Data In 04-18-2017
0 9
0
9
efranklin

Where can I find an explanation of the Windows Event codes?

I'm new to Splunk and could use some help with Windows Event Codes. Where can I find an explanation of the Windows Ev...
by efranklin Engager in Getting Data In 04-18-2017
0 8
0
8
srinivasup

How to list forward-server in PowerShell?

I'm trying to list all forwarders by using list forward-server command in PowerShell, but not able to execute this co...
by srinivasup Explorer in Getting Data In 04-18-2017
1 10
1
10
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...
Top Solution Authors
View All