Getting Data In

Discussions

Thread Info

LINE_BREAKER trouble

I'm struggeling to get splunk to break some json events properly. This is due to the fact, that my input has no new l...

by Communicator in

How to configure props.conf and transforms.conf to ignore the first two lines of an imported log file?

We have following log file which we need to import in Splunk: "cdrRecordType","globalCallID_callManagerId","global...

by Path Finder in

How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

Hello guys, we are working with a Heavy forwarder and its receiving logs from a lot of sources and of course send...

by New Member in

How to achieve blacklist for folder level

I would like monitor all the files below except the first one Because sample.log from environment a1 conusming more d...

by Communicator in

SplunkでLHAのアーカイブを取り込めますか？

SplunkでLHA (LZH形式)のアーカイブファイルをZIPファイルのように取り込みたいのですが、可能でしょうか？ Can I import a LHA (LZH format) archived file?

by Explorer in

Why is WMI Input field data being truncated?

So I would like to implement a WMI based input via WMI.conf among a subset of Splunk Universal Forwarders. In this ca...

by Builder in

Data collection Methods, is there a way to see what feeds a datasource?

I am working on a matrix of data sources for my splunk deployment. I need to map my data sources -collection method (...

by Contributor in

Why am I getting a "Permission Denied" error when running './splunk list forward-server'?

I am trying to add the forwader or list it, but it ends up in permission denied messsage ./splunk list forward-ser...

by Engager in

Spath parsing error, last event in JSON

I have the following JSON in each event payload={fields1=values1, field2=value2, etc} When running spath I enc...

by Contributor in

How do I do highly robust Splunking?

Hi, I'm (we're) new to Splunk and engaging in some proof of concept work. So bear with me if this question has som...

by Explorer in

What is the best way to forward Guardium database data to Splunk?

We are using Guardium to track all database activities of high-privileged database users. All the data is stored in t...

by Engager in

Heavy Forwader data route between multiple indexer

Hi! I know there are several questions in this topic, but I didn't find a solution for me. I try to create a simpl...

by Communicator in

Domain Controller logs - Best practice?

We are currently pulling the event logs for 6-8 domain controllers. We are having issues with some of the domain cont...

by Path Finder in

Setting sourcetype based on source with wildcards via web console?

Hello all, I am looking to set the sourcetype of my logs based of the logs' source. I know how to do this by modifyin...

by Explorer in

Setting event time and host metadata from key/value pairs

I have this nice JSON event that has all the information I need in it, most namely timestamp and hostname of transact...

by Builder in

What is the best way to upload exported Splunk data into another Splunk instance?

Hi. I have tried to export large number of events from a Splunk instance to another instance to work with the data (i...

by Path Finder in

How do we keep Splunk from complaining about an event it's going to drop anyway?

Here's the setup: We have a sourcetype that we exclude certain events by routing them to the nullQueue based on a ...

by Path Finder in

How to index multiple CSV file from a local machine?

Hi All, I have multiple CSV files which are on the local machine under the same directory. I would like to add the...

by Explorer in

GeoJSON data has timezone expressed in minutes offset from UTC

Trying to consume some seismic data which input has a timestamp expressed in epoch time, but a timezone offset field ...

by Builder in

How to edit my props.conf to forward Matlab Crash Dump?

I'm getting an intermittent issue that I suspect is related to file IO, not Matlab. I want to forward all the crashdu...

by Engager in

Why is the global sourcetype defined in props.conf and transforms.conf not used by my custom app?

Hi guys I've defined my sourcetype, transforms and lookup in /opt/splunk/etc/system/local/props.conf and /opt/splu...

by Communicator in

How do I populate my sources, source types and hosts tables?

For quite a while, I've been attempting to make an identical deployment of a Splunk Enterprise instance. The original...

by Engager in

日付の入力ボックスに初期値として今日の日付を設定する方法

下記の日付の入力ボックスのdefault値に、それぞれ今日の日付と1ヵ月前の日付を初期値として設定したいのですが、どのように日付を取得すればよいか教えてください。よろしくお願いいたします。 <input type="text" ...

by New Member in

delimited by comma but not .csv file

I have a jobinfo.log file in my server, it was delimited by comma but not [xxxx.csv] file. So it can not be added int...

by Explorer in

Inputs.conf help

I am trying to onboard ingest about 30 different log type from a single Source (Linux Server) Currently the logs a...

by New Member in

Get Updates on the Splunk Community!

Getting Data In

Discussions

LINE_BREAKER trouble

How to configure props.conf and transforms.conf to ignore the first two lines of an imported log file?

How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

How to achieve blacklist for folder level

SplunkでLHAのアーカイブを取り込めますか？

Why is WMI Input field data being truncated?

Data collection Methods, is there a way to see what feeds a datasource?

Why am I getting a "Permission Denied" error when running './splunk list forward-server'?

Spath parsing error, last event in JSON

How do I do highly robust Splunking?

What is the best way to forward Guardium database data to Splunk?

Heavy Forwader data route between multiple indexer

Domain Controller logs - Best practice?

Setting sourcetype based on source with wildcards via web console?

Setting event time and host metadata from key/value pairs

What is the best way to upload exported Splunk data into another Splunk instance?

How do we keep Splunk from complaining about an event it's going to drop anyway?

How to index multiple CSV file from a local machine?

GeoJSON data has timezone expressed in minutes offset from UTC

How to edit my props.conf to forward Matlab Crash Dump?

Why is the global sourcetype defined in props.conf and transforms.conf not used by my custom app?

How do I populate my sources, source types and hosts tables?

日付の入力ボックスに初期値として今日の日付を設定する方法

delimited by comma but not .csv file

Inputs.conf help

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

.NET Application Runtime Metrics Not Showing in Sp...

sc4s app_parsers don't seem to work

Streamfwd drops IPFIX data with “no template recei...

Forwarding all logs from HF to third-party using s...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!