Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
EdgarAllenProse

Transforms not splitting sourcetypes

So I am trying to take a single monitored log, and split sourcetypes based off of the terms SCAN, RECV, SEND. I creat...
by EdgarAllenProse Path Finder in Getting Data In 03-01-2017
1 4
1
4
nicocin

Forward specific Events to Nessus Security Center

Hello We want to forward (and index in Splunk) some Events (Windows Event Logs) to Nessus Security Center Log Correl...
by nicocin Path Finder in Getting Data In 03-01-2017
0 2
0
2
mblauw

How to get timestamp from incomplete time field

Today I've been trying to index a logfile in which only the timefield hours is given. I tried several ways to import ...
by mblauw Path Finder in Getting Data In 03-01-2017
0 2
0
2
sprimerib

forwarder for access_log but I get --splunk-cooked-mode garbled stuff on receiver end

So I've tried to set up a simple IBM IHS (apache) access log forwarder on linux. inputs.conf (which is just the ...
by sprimerib New Member in Getting Data In 02-28-2017
0 1
0
1
kteng2024

Why am I unable to see cold path in Splunk?

for an index, i specified the following: [abc] homePath = $SPLUNK_DB/abc/db coldPath = $SPLUNK_DB/abc/colddb thawed...
by kteng2024 Path Finder in Getting Data In 02-28-2017
0 2
0
2
splunk403

Is there a way to update existing values in KV store via REST API?

Like insert and delete, do we have any rest implementation for update? Or is there anyway to update the existing val...
by splunk403 Explorer in Getting Data In 02-28-2017
0 2
0
2
jstockt

Universal Forwarder as buffer only

If the intention of using a Universal Forwarder is only for a buffer to the Indexer, is it worth having one? Theory:...
by jstockt New Member in Getting Data In 02-28-2017
0 1
0
1
johann2017

How to track domain logons from DC security logs?

I want to be able to track domain logons from our DC security logs. I am monitoring Event 4624, but the DC security l...
by johann2017 Explorer in Getting Data In 02-28-2017
0 3
0
3
plucas_splunk

Default values for CSV lookups that don't match?

I have a vehicle fleet lookup table like: vehicle_id,vehicle_year,vehicle_type,vehicle_ends,vehicle_agency,vehicle_l...
by plucas_splunk Splunk Employee Splunk Employee in Getting Data In 02-28-2017
0 2
0
2
itsnotcomplicat

how to parse an xml file as 1 event

I have an XML file I want to bring into splunk as a single event. It is the equivalent of an Excel file. The props.co...
by itsnotcomplicat Engager in Getting Data In 02-28-2017
1 12
1
12
CSabhaya

splunkd.log error : GetInt64Val: ldap_get_values error

I am constantly getting the following message from splunk forwarder splunkd.log 03-17-2014 11:38:28.245 -0700 WARN ...
by CSabhaya Engager in Getting Data In 02-27-2017
5 7
5
7
ksiaze

Why does Splunk stop indexing data at the same day and time each week?

I use UDP 514 syslog data type. Splunk stops collecting data after same time intervals (always at 4:00 Sun), and if I...
by ksiaze New Member in Getting Data In 02-27-2017
0 4
0
4
pprakash2

How to monitor current and future log files and how long should the data be retained in Splunk?

I am generating log files with date appended to the log file. Examples: xxxx_20172702.log xxxx_20172602.log xxxx_2...
by pprakash2 Explorer in Getting Data In 02-27-2017
0 1
0
1
HiroshiSatoh

Is there an upper limit on maxEventSize of outputs.conf?

Currently, we make the following settings, but we have confirmed the phenomenon that the log is interrupted at about ...
by HiroshiSatoh Champion in Getting Data In 02-27-2017
0 3
0
3
dhsetty

What is the exact Splunk DB path in Email Security Appliance?

Hello All, Currently we are using Splunk with Email Security Appliance. All I know is the command ---> du -sk /dat...
by dhsetty Explorer in Getting Data In 02-27-2017
0 3
0
3
JosIJntema

Why is setting up a demo Splunk service on a Digital Ocean Ubuntu server not working?

Hi there, I am trying to setup a demo Splunk service on a Digital Ocean Ubuntu server. http://:8080/services/collec...
by JosIJntema Explorer in Getting Data In 02-26-2017
0 2
0
2
markb81

How to transform my raw data into a readable format?

Hi, I'm new to Splunk and hope I don't ask a question that's already been asked. I just don't know which terminology...
by markb81 New Member in Getting Data In 02-26-2017
0 7
0
7
coltwanger

UF -> HF -> IDX Architecture: Is there a recommended number of Heavy Forwarders per number of Universal Forwarders sending data to Splunk?

I am currently architecting our potential future Splunk deployment and I would like to implement Heavy Forwarders to ...
by coltwanger Contributor in Getting Data In 02-26-2017
1 9
1
9
abzmhzsplunk

question about _blacklist

Here is the section in my inputs.conf. It deals with dynamically folder name, the ... could be the folder number name...
by abzmhzsplunk New Member in Getting Data In 02-26-2017
0 1
0
1
ddrillic

What would be good IOPS for our new indexer devices?

We are in the process of getting physical machines for our infrastructure - amazing thing for us ; -) What would be g...
by ddrillic Ultra Champion in Getting Data In 02-25-2017
1 3
1
3
ddrillic

Can the Forwarder management app start Splunk forwarders?

The Admin study guide mentions that the Forwarder management app can restart forwarders. Is it possible to start from...
by ddrillic Ultra Champion in Getting Data In 02-25-2017
0 6
0
6
schrepfler

Is there a specific sourcetype extractor for Java Garbage Collection log?

Java's gc.log format offers a wealth of information about the Java Garbage Collection lifecycle. There are many tools...
by schrepfler Engager in Getting Data In 02-25-2017
1 3
1
3
Reidao

Anyway to move the "main" index into "another" index without reindex?

It's 1.5tb of data per indexer server, can Splunk handle that much data over 16 billion events..
by Reidao New Member in Getting Data In 02-24-2017
0 2
0
2
pkeller

How to add Windows Event Log Adaxes.evtx as an input?

I have some folks that want me to ingest Adaxes events under: Application and Services Logs -> Adaxes I'm not quite ...
by pkeller Contributor in Getting Data In 02-24-2017
0 2
0
2
mqual33755

Why are universal forwarders installed on domain controllers not sending all Windows security and Cisco ASA logs?

I have 4 domain controllers with Splunk Universal Forwarders installed on them. I'm trying to get the Windows Securit...
by mqual33755 New Member in Getting Data In 02-24-2017
0 9
0
9
Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
Top Solution Authors
View All