Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
remmerson

How do I populate my sources, source types and hosts tables?

For quite a while, I've been attempting to make an identical deployment of a Splunk Enterprise instance. The original...
by remmerson Engager in Getting Data In 02-16-2017
0 2
0
2
nagoya_tachi

日付の入力ボックスに初期値として今日の日付を設定する方法

下記の日付の入力ボックスのdefault値に、それぞれ今日の日付と1ヵ月前の日付を初期値として設定したいのですが、どのように日付を取得すればよいか教えてください。よろしくお願いいたします。 <input type="text" to...
by nagoya_tachi New Member in Getting Data In 02-16-2017
0 2
0
2
kavana

delimited by comma but not .csv file

I have a jobinfo.log file in my server, it was delimited by comma but not [xxxx.csv] file. So it can not be added int...
by kavana Explorer in Getting Data In 02-16-2017
0 4
0
4
plumainwfs

Inputs.conf help

I am trying to onboard ingest about 30 different log type from a single Source (Linux Server) Currently the logs are...
by plumainwfs New Member in Getting Data In 02-16-2017
0 3
0
3
skuma30

Hi I'm trying to get the logs in the indexing time but some reason it still indexing the file was created.

I did some changes in the props.conf adding a stanza for time stamps [mysourcetype] DATETIME_CONFIG = CURRENT But i...
by skuma30 New Member in Getting Data In 02-16-2017
0 6
0
6
TiagoTLD1

Which queue does INDEXED_EXTRACTIONS? What is the name of the key exactly?

Hello, Which queue does INDEXED_EXTRACTIONS? What is the name of the key exactly? Is it parsingqueue? Where can I ...
by TiagoTLD1 Communicator in Getting Data In 02-16-2017
0 9
0
9
klee310

Scripted-alert on Windows instance cannot execute exe

Hi, I'm trying to setup a simple (proof-of-concept) popup window on my Windows Server 2k8 machine, with Splunk alert-...
by klee310 Communicator in Getting Data In 02-16-2017
0 6
0
6
fabioportes

Converting JSON results to DataModel structure

Hello, Splunkers! I have a REST query resultset and would like to kind of "convert" it to a DataSet structure to aut...
by fabioportes Explorer in Getting Data In 02-16-2017
0 3
0
3
srujan9292

Can we upload PPT into Splunk

I have a 5 slide PPT which shows the different recommendations of tools. Can i upload such similar PPT's and generate...
by srujan9292 Explorer in Getting Data In 02-16-2017
0 3
0
3
CurryPan

iso-2022-jp でエンコードされたデータがインデクスされない

iso-2022-jp でエンコードされた電子メールを Splunk で Index しようと props.conf に下記の設定をしました。 [sample_mail] CHARSET = ISO-2022-JP その後、イ...
by CurryPan Communicator in Getting Data In 02-15-2017
0 1
0
1
dbcase

How to ignore some data from getting indexed?

Hi, I have this data that I'd like to index 000d6f0004349d51.1: Label: Front Door Manufacturer: SAMSUNG SD...
by dbcase Motivator in Getting Data In 02-15-2017
0 4
0
4
kiran331

Is it recommended to install Universal Forwarder on all Workstations?

Hi Is it the best way to install Universal Forwarders on all Workstations and enable windows security events , Right...
by kiran331 Builder in Getting Data In 02-15-2017
0 2
0
2
vxl65703

How to change the host name in inputs.conf on Linux?

I need to change the host name in inputs.conf in Linux, can anyone tell me the Linux commands I need? Also, are there...
by vxl65703 New Member in Getting Data In 02-15-2017
0 4
0
4
ddrillic

Does changing of logs permissions require a forwarder restart?

We lost the read permission on numerous servers. When the permissions were restored, it appears that a forwarder rest...
by ddrillic Ultra Champion in Getting Data In 02-15-2017
0 12
0
12
smakovits

Why is my WS_FTP XML Log not parsing correctly?

I am attempting to import a ws_ftp log, but I am having issues parsing the log data. I can either get it to have no ...
by smakovits Explorer in Getting Data In 02-15-2017
0 7
0
7
TiagoTLD1

CSV Indexed Extractions in Distributed Environment

Hi, Here is my scenario: UF1-> UF2->HF-> IDX1;IDX2;IDX3 ->SH1 Note: Connections are all good and I have got the ...
by TiagoTLD1 Communicator in Getting Data In 02-15-2017
0 1
0
1
DPWSplunkPOC

How to convert Windows LDAP 18 digit lastLogonTimestamp field to human readable format?

I've seen lots of different solutions for converting time from epoch but I have not come across a solution that works...
by DPWSplunkPOC Explorer in Getting Data In 02-15-2017
0 5
0
5
sakti

Is there a way to forward data collected using scripted inputs to multiple indexers using Splunk's load balancing feature?

Is there a way to forward data collected using [script] to multiple indexers using Splunk's load balancing feature? T...
by sakti Engager in Getting Data In 02-15-2017
0 3
0
3
Kieffer87

Universal Forwarder Crash _initCrcLen' failed.

I have a universal forwarder running that picks up bluecoat logs from a directory. Everything works as expected, howe...
by Kieffer87 Communicator in Getting Data In 02-14-2017
1 3
1
3
pdoconnell

What are good backup strategies for indexer buckets?

What strategies do people use for backups of their buckets? Is there a clean way to identify "new" buckets for a give...
by pdoconnell Path Finder in Getting Data In 02-14-2017
0 4
0
4
season88481

Found a SSLv3 "POODLE" vulnerability on Universal Forwarder 6.4.2. How to resolve this?

We just found SSLv3 "POODLE" vulnerability alerts from our IPS system. And our Splunk Universal Forwarder is in 6.4.2...
by season88481 Contributor in Getting Data In 02-14-2017
0 3
0
3
jrballesteros05

What is the best way to monitoring too many files in Splunk?

Hello everybody. I have a problem with monitoring multiple files in a Heavy Forwarder. I mounted a folder with sshf...
by jrballesteros05 Communicator in Getting Data In 02-14-2017
0 5
0
5
Sayanta_Basak_I

How to alter data using SEDCMD in props.conf?

We have the DNS debug logs coming onto the indexer. Now each events will have an alpha-numeric pattern for 'domain na...
by Sayanta_Basak_I Explorer in Getting Data In 02-14-2017
0 8
0
8
daishih

Is it possible to assign different timestamps based on log line contents within the same sourcetype?

I am sending "pan:traffic" logs from our Palo Alto 3050 firewall to Splunk. I want the "_time" fields to be the same ...
by daishih Path Finder in Getting Data In 02-14-2017
0 4
0
4
dbcase

How to configure props/transforms.conf for this data

Hi, I have this data and need to know what I need to configure for props/transforms.conf to parse the data correctly...
by dbcase Motivator in Getting Data In 02-14-2017
0 5
0
5
Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
Top Solution Authors
View All