Getting Data In

Community Activity

Why is WMI Input field data being truncated? So I would like to implement a WMI based input via WMI.conf among a subset of Splunk Universal Forwarders. In this ca... by dstaulcu Builder in Getting Data In 02-20-2017 1 3	1	3
Data collection Methods, is there a way to see what feeds a datasource? I am working on a matrix of data sources for my splunk deployment. I need to map my data sources -collection method (... by packet_hunter Contributor in Getting Data In 02-20-2017 0 3	0	3
Why am I getting a "Permission Denied" error when running './splunk list forward-server'? I am trying to add the forwader or list it, but it ends up in permission denied messsage ./splunk list forward-serve... by srajesh82 Engager in Getting Data In 02-20-2017 2 5	2	5
Spath parsing error, last event in JSON I have the following JSON in each event payload={fields1=values1, field2=value2, etc} When running spath I encount... by DanielFordWA Contributor in Getting Data In 02-20-2017 0 3	0	3
How do I do highly robust Splunking? Hi, I'm (we're) new to Splunk and engaging in some proof of concept work. So bear with me if this question has some ... by david_lane_oe Explorer in Getting Data In 02-20-2017 0 8	0	8
What is the best way to forward Guardium database data to Splunk? We are using Guardium to track all database activities of high-privileged database users. All the data is stored in t... by jorsy Engager in Getting Data In 02-20-2017 1 4	1	4
Heavy Forwader data route between multiple indexer Hi! I know there are several questions in this topic, but I didn't find a solution for me. I try to create a simple ... by ikulcsar Communicator in Getting Data In 02-20-2017 0 3	0	3
Domain Controller logs - Best practice? We are currently pulling the event logs for 6-8 domain controllers. We are having issues with some of the domain cont... by smcdonald20 Path Finder in Getting Data In 02-20-2017 0 2	0	2
Setting sourcetype based on source with wildcards via web console? Hello all, I am looking to set the sourcetype of my logs based of the logs' source. I know how to do this by modifyin... by cmeyers Explorer in Getting Data In 02-19-2017 0 4	0	4
Setting event time and host metadata from key/value pairs I have this nice JSON event that has all the information I need in it, most namely timestamp and hostname of transact... by brent_weaver Builder in Getting Data In 02-19-2017 0 4	0	4
What is the best way to upload exported Splunk data into another Splunk instance? Hi. I have tried to export large number of events from a Splunk instance to another instance to work with the data (i... by aoliullah Path Finder in Getting Data In 02-17-2017 0 2	0	2
How do we keep Splunk from complaining about an event it's going to drop anyway? Here's the setup: We have a sourcetype that we exclude certain events by routing them to the nullQueue based on a RE... by paulstout Path Finder in Getting Data In 02-17-2017 0 5	0	5
How to index multiple CSV file from a local machine? Hi All, I have multiple CSV files which are on the local machine under the same directory. I would like to add these... by ibmrakesh Explorer in Getting Data In 02-17-2017 0 9	0	9
GeoJSON data has timezone expressed in minutes offset from UTC Trying to consume some seismic data which input has a timestamp expressed in epoch time, but a timezone offset field ... by splunk_zen Builder in Getting Data In 02-17-2017 0 5	0	5
How to edit my props.conf to forward Matlab Crash Dump? I'm getting an intermittent issue that I suspect is related to file IO, not Matlab. I want to forward all the crashd... by sboland687 Engager in Getting Data In 02-17-2017 0 1	0	1
Why is the global sourcetype defined in props.conf and transforms.conf not used by my custom app? Hi guys I've defined my sourcetype, transforms and lookup in /opt/splunk/etc/system/local/props.conf and /opt/splunk... by faustf Communicator in Getting Data In 02-17-2017 0 3	0	3
How do I populate my sources, source types and hosts tables? For quite a while, I've been attempting to make an identical deployment of a Splunk Enterprise instance. The original... by remmerson Engager in Getting Data In 02-16-2017 0 2	0	2
日付の入力ボックスに初期値として今日の日付を設定する方法下記の日付の入力ボックスのdefault値に、それぞれ今日の日付と1ヵ月前の日付を初期値として設定したいのですが、どのように日付を取得すればよいか教えてください。よろしくお願いいたします。 <input type="text" to... by nagoya_tachi New Member in Getting Data In 02-16-2017 0 2	0	2
delimited by comma but not .csv file I have a jobinfo.log file in my server, it was delimited by comma but not [xxxx.csv] file. So it can not be added int... by kavana Explorer in Getting Data In 02-16-2017 0 4	0	4
Inputs.conf help I am trying to onboard ingest about 30 different log type from a single Source (Linux Server) Currently the logs are... by plumainwfs New Member in Getting Data In 02-16-2017 0 3	0	3
Hi I'm trying to get the logs in the indexing time but some reason it still indexing the file was created. I did some changes in the props.conf adding a stanza for time stamps [mysourcetype] DATETIME_CONFIG = CURRENT But i... by skuma30 New Member in Getting Data In 02-16-2017 0 6	0	6
Which queue does INDEXED_EXTRACTIONS? What is the name of the key exactly? Hello, Which queue does INDEXED_EXTRACTIONS? What is the name of the key exactly? Is it parsingqueue? Where can I ... by TiagoTLD1 Communicator in Getting Data In 02-16-2017 0 9	0	9
Scripted-alert on Windows instance cannot execute exe Hi, I'm trying to setup a simple (proof-of-concept) popup window on my Windows Server 2k8 machine, with Splunk alert-... by klee310 Communicator in Getting Data In 02-16-2017 0 6	0	6
Converting JSON results to DataModel structure Hello, Splunkers! I have a REST query resultset and would like to kind of "convert" it to a DataSet structure to aut... by fabioportes Explorer in Getting Data In 02-16-2017 0 3	0	3
Can we upload PPT into Splunk I have a 5 slide PPT which shows the different recommendations of tools. Can i upload such similar PPT's and generate... by srujan9292 Explorer in Getting Data In 02-16-2017 0 3	0	3