Getting Data In

Community Activity

How to disable a default input? Hi Folks, we have customized app in our environment and in the app we have inputs.conf file under the default folder... by lksridhar11 New Member in Getting Data In 03-29-2017 0 3	0	3
How to forward data to both third party and indexer servers without increasing the outbound traffic of the source server? I am fairly new to Splunk. The company I work for already has Splunk universal forwarders installed on servers to pul... by hyatt_calvin Engager in Getting Data In 03-29-2017 2 1	2	1
How can I calculate in real-time the data rate (kbps) of events being indexed? I would like to find out how much data per second (let's say in kilobytes per second) my indexer is receiving and ind... by hexx Splunk Employee in Getting Data In 03-29-2017 1 2	1	2
If there are multiple outputs.conf files (apps vs system), how do they merge, or which one takes precedence? I've inherited an older Splunk instance (6.2.2) that appears to have multiple /local/outputs.conf files. While I'm fa... by jlemoine Path Finder in Getting Data In 03-29-2017 0 6	0	6
How to edit my configurations to rename the sourcetype name as the index name? Hi guys, 1) Index name=A1 sourcetype =B & 2) indexname=A2 sourcetype = B now my task is to rename the sourcetype nam... by vchigurupati New Member in Getting Data In 03-28-2017 0 5	0	5
Rename sourcetype Hi, I want to rename the sourcetype for existing data with deleting the data from it and again indexing data because ... by vchigurupati New Member in Getting Data In 03-28-2017 0 3	0	3
Is it possible to collect logs from Active/Standby application server pair without log duplication? Hello, We have an application which runs on 2 servers, 1 is the active server and one is a hot standby so if one ser... by tonyparreiro Explorer in Getting Data In 03-28-2017 0 14	0	14
Why am I unable to establish a connection between the indexer and forwarder? I installed the forwarder on Linux VM and I'm trying to establish a connection between indexer and forwarder, but was... by raghu0463 Explorer in Getting Data In 03-28-2017 0 16	0	16
How to fix wrong timestamping issues? I missed some of the events for my search query, when I try to evaluate the time diff between event time and index ti... by rangineniarunku Explorer in Getting Data In 03-28-2017 1 2	1	2
Metadata will not rewrite. Why is Splunk ignoring my configurations? I am trying [once again] to rewrite metadata, host, source and source type from fields in my event. I have an event ... by brent_weaver Builder in Getting Data In 03-28-2017 0 13	0	13
Indexing logs with two different time formats We have logs with two different timestamp formats. Most of the events are of the form JSON , while only the ERROR ev... by nmohammed Builder in Getting Data In 03-28-2017 0 3	0	3
Automatic JSON log extraction Hi, I am uploading logs in JSON format into Splunk. I want to enable automatic field extraction. Is there any set... by deepak02 Path Finder in Getting Data In 03-28-2017 0 1	0	1
Setting sourcetype based on source via .conf file Hi, I had an Application Server feeding logs into Splunk. Details as follows, Source: /abc/logs/System-Perf-managed... by deepak02 Path Finder in Getting Data In 03-28-2017 0 3	0	3
How to send visual studio application log to Splunk Enterprise instance? I have installed Splunk Enterprise. Need to know the basic steps to send log data from my standalone visual studio ap... by j_rajesh New Member in Getting Data In 03-28-2017 0 1	0	1
Filtering sourcetype=Perfmon:Process in Indexer Hi, I had enabled Perfmon:Process and WinNetMon events in the universal forwarders on all windows servers. However,... by ramesh_babu71 Path Finder in Getting Data In 03-28-2017 0 2	0	2
Splitting header and each entry from a nested JSON array into separate events at index time I have a JSON (all in one line when fed into Splunk): { "customerName": "Patrick", "customerId": "123456", ... by madstop99 Explorer in Getting Data In 03-28-2017 2 2	2	2
Forward windows eventlog to 3rd party system I need to forward windows eventlog of a particular server to 3rd party system (Arcsight) as raw data. I created the ... by Mtakahashi Path Finder in Getting Data In 03-27-2017 0 7	0	7
Logs parses fine during the day but groups multiple entries together from midnight - 1am by king2jd Path Finder in Getting Data In 03-27-2017 0 3	0	3
Problem with XML input I've got a problem with my XML input. I've tried several settings, but can't seem to find the right ones.. Here's a s... by mblauw Path Finder in Getting Data In 03-27-2017 0 1	0	1
Input data getting source type changed I used to have a PaloAlto firewall and i had it setup to syslog on ump/5514. I was also running a couple of PaloAlto ... by Jon_Irish Explorer in Getting Data In 03-27-2017 0 6	0	6
how to Generate report for top IP's on monthly basis? We receive 45-50 millions of data daily from various log sources(servers, network devices, proxy, cloud). we need to ... by swapsplunk Explorer in Getting Data In 03-27-2017 0 5	0	5
How to add a CSV lookup table - Splunk Light Free eval How can a CSV based lookup table be added to Splunk Light Free; and are lookup tables supported in Splunk Light Free?... by L479 Engager in Getting Data In 03-26-2017 0 7	0	7
Multicharacter Event Delimiter All, I have data that looks like this event_timestamp \| vendor_action \| http_method \| url \| user_dn \| src_ip \| sour... by jwhughes58 Contributor in Getting Data In 03-25-2017 0 3	0	3
Where can I get application logs regarding Splunk API? One of our Web/mobile team is considering an innovation project involving Splunk integration. Basically, better track... by Kaushikkatta03 Explorer in Getting Data In 03-25-2017 0 3	0	3
How to query against Splunk API a saved search without the search Id? Can someone suggest how to query against Splunk API for a saved search without the Search Id? Basically we have a req... by Mathanjey Explorer in Getting Data In 03-25-2017 0 7	0	7