Getting Data In

Community Activity

Inputs.conf help I am trying to onboard ingest about 30 different log type from a single Source (Linux Server) Currently the logs are... by plumainwfs New Member in Getting Data In 02-16-2017 0 3	0	3
Hi I'm trying to get the logs in the indexing time but some reason it still indexing the file was created. I did some changes in the props.conf adding a stanza for time stamps [mysourcetype] DATETIME_CONFIG = CURRENT But i... by skuma30 New Member in Getting Data In 02-16-2017 0 6	0	6
Which queue does INDEXED_EXTRACTIONS? What is the name of the key exactly? Hello, Which queue does INDEXED_EXTRACTIONS? What is the name of the key exactly? Is it parsingqueue? Where can I ... by TiagoTLD1 Communicator in Getting Data In 02-16-2017 0 9	0	9
Scripted-alert on Windows instance cannot execute exe Hi, I'm trying to setup a simple (proof-of-concept) popup window on my Windows Server 2k8 machine, with Splunk alert-... by klee310 Communicator in Getting Data In 02-16-2017 0 6	0	6
Converting JSON results to DataModel structure Hello, Splunkers! I have a REST query resultset and would like to kind of "convert" it to a DataSet structure to aut... by fabioportes Explorer in Getting Data In 02-16-2017 0 3	0	3
Can we upload PPT into Splunk I have a 5 slide PPT which shows the different recommendations of tools. Can i upload such similar PPT's and generate... by srujan9292 Explorer in Getting Data In 02-16-2017 0 3	0	3
iso-2022-jp でエンコードされたデータがインデクスされない iso-2022-jp でエンコードされた電子メールを Splunk で Index しようと props.conf に下記の設定をしました。 [sample_mail] CHARSET = ISO-2022-JP その後、イ... by CurryPan Communicator in Getting Data In 02-15-2017 0 1	0	1
How to ignore some data from getting indexed? Hi, I have this data that I'd like to index 000d6f0004349d51.1: Label: Front Door Manufacturer: SAMSUNG SD... by dbcase Motivator in Getting Data In 02-15-2017 0 4	0	4
Is it recommended to install Universal Forwarder on all Workstations? Hi Is it the best way to install Universal Forwarders on all Workstations and enable windows security events , Right... by kiran331 Builder in Getting Data In 02-15-2017 0 2	0	2
How to change the host name in inputs.conf on Linux? I need to change the host name in inputs.conf in Linux, can anyone tell me the Linux commands I need? Also, are there... by vxl65703 New Member in Getting Data In 02-15-2017 0 4	0	4
Does changing of logs permissions require a forwarder restart? We lost the read permission on numerous servers. When the permissions were restored, it appears that a forwarder rest... by ddrillic Ultra Champion in Getting Data In 02-15-2017 0 12	0	12
Why is my WS_FTP XML Log not parsing correctly? I am attempting to import a ws_ftp log, but I am having issues parsing the log data. I can either get it to have no ... by smakovits Explorer in Getting Data In 02-15-2017 0 7	0	7
CSV Indexed Extractions in Distributed Environment Hi, Here is my scenario: UF1-> UF2->HF-> IDX1;IDX2;IDX3 ->SH1 Note: Connections are all good and I have got the ... by TiagoTLD1 Communicator in Getting Data In 02-15-2017 0 1	0	1
How to convert Windows LDAP 18 digit lastLogonTimestamp field to human readable format? I've seen lots of different solutions for converting time from epoch but I have not come across a solution that works... by DPWSplunkPOC Explorer in Getting Data In 02-15-2017 0 5	0	5
Is there a way to forward data collected using scripted inputs to multiple indexers using Splunk's load balancing feature? Is there a way to forward data collected using [script] to multiple indexers using Splunk's load balancing feature? T... by sakti Engager in Getting Data In 02-15-2017 0 3	0	3
Universal Forwarder Crash _initCrcLen' failed. I have a universal forwarder running that picks up bluecoat logs from a directory. Everything works as expected, howe... by Kieffer87 Communicator in Getting Data In 02-14-2017 1 3	1	3
What are good backup strategies for indexer buckets? What strategies do people use for backups of their buckets? Is there a clean way to identify "new" buckets for a give... by pdoconnell Path Finder in Getting Data In 02-14-2017 0 4	0	4
Found a SSLv3 "POODLE" vulnerability on Universal Forwarder 6.4.2. How to resolve this? We just found SSLv3 "POODLE" vulnerability alerts from our IPS system. And our Splunk Universal Forwarder is in 6.4.2... by season88481 Contributor in Getting Data In 02-14-2017 0 3	0	3
What is the best way to monitoring too many files in Splunk? Hello everybody. I have a problem with monitoring multiple files in a Heavy Forwarder. I mounted a folder with sshf... by jrballesteros05 Communicator in Getting Data In 02-14-2017 0 5	0	5
How to alter data using SEDCMD in props.conf? We have the DNS debug logs coming onto the indexer. Now each events will have an alpha-numeric pattern for 'domain na... by Sayanta_Basak_I Explorer in Getting Data In 02-14-2017 0 8	0	8
Is it possible to assign different timestamps based on log line contents within the same sourcetype? I am sending "pan:traffic" logs from our Palo Alto 3050 firewall to Splunk. I want the "_time" fields to be the same ... by daishih Path Finder in Getting Data In 02-14-2017 0 4	0	4
How to configure props/transforms.conf for this data Hi, I have this data and need to know what I need to configure for props/transforms.conf to parse the data correctly... by dbcase Motivator in Getting Data In 02-14-2017 0 5	0	5
How to parse a field that has flat log text and in JSON format? Need some help here. I have the following event: Feb 14 14:40:01 10.64.61.104 {"protocol": {"protocol": "ip", "app":... by brent_weaver Builder in Getting Data In 02-14-2017 0 3	0	3
How to force Splunk to add additional (local) timestamp to events? I'd like to have Splunk add an additional (current) timestamp field to the events that I'm sending so that I can comp... by k1gto Engager in Getting Data In 02-14-2017 0 1	0	1
Log pre processing Hi guys, I defined my source type as follow (in props.conf): [anomalies] DATETIME_CONFIG = FIELD_NAMES = COL1, COL2,... by faustf Communicator in Getting Data In 02-14-2017 0 10	0	10