Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
gph12

How do I remove host from Data Summary screen but keep data?

Hello, I'm looking for advice on how to handle systems that are removed from the network. We have several hundred...
by gph12 Explorer in Getting Data In 01-25-2017
0 2
0
2
pkeller

LINE_BREAKER not working correctly

The event I want to break on looks like this: 25/Jan/17:10:23:00:069+0000 DEBUG Evaluation of condition [188:FTP Ma...
by pkeller Contributor in Getting Data In 01-25-2017
0 2
0
2
shafqat571

What is the best way to collect all DNS queries by client and Responses sent back by a Windows 2012 DNS Server with a universal forwarder?

We have Universal Forwarder installed on MS Windows 2012 DNS server. what is best way to collect all the DNS queries ...
by shafqat571 Explorer in Getting Data In 01-25-2017
1 3
1
3
skender27

How can I filter data in search-time from a generated csv file?

Hi, I have a csv file, generated each day from a Powershell script under the Splunk app lookups directory. I use th...
by skender27 Contributor in Getting Data In 01-25-2017
0 2
0
2
rbal_splunk

For Wineventlog, Event ID captures User info, but why does Splunk raw data show user User=NOT_TRANSLATED?

Issue is that for the Wineventlog for Application channel EventCode=11707 and EventCode=11724, intermittently _raw da...
by rbal_splunk Splunk Employee Splunk Employee in Getting Data In 01-25-2017
0 1
0
1
stcrispan

How to collect Windows event logs that are not from .evtx or .evt files?

I'm trying to collect Windows events. Specifically, I'm trying to collect: \\Applications and Service Logs\Microsof...
by stcrispan Communicator in Getting Data In 01-25-2017
3 9
3
9
sai_john

Is there a feature in Splunk (similar to Dropbox) where can i drop multiple log files from multiple locations?

Is there a feature in Splunk (like Dropbox) to drop all types of logs from different applications ? Where can i drop...
by sai_john New Member in Getting Data In 01-25-2017
0 11
0
11
tattersp

Permission denied

I am running Splunk enterprise 6.3.1 and universal forwarder. We deploy the universal forwarder onto a Linux machine...
by tattersp Explorer in Getting Data In 01-25-2017
0 4
0
4
CaptainHook

Ingested a year's worth of events in Windows from one source, but why did Splunk not index all logs?

I was indexing a years worth of logs (200+GB) from one source path. Data was indexed, but I am trying to understand ...
by CaptainHook Communicator in Getting Data In 01-25-2017
0 4
0
4
fazilhussain

How to add Data Sources from different devices to Splunk?

How to Add Data Sources from the following devices: No| Data Type | No’s of devices | Lo...
by fazilhussain Explorer in Getting Data In 01-25-2017
1 3
1
3
BrendanMcE

How to configure Splunk to not index a line before it is finished writing?

We are writing out to a log for which splunk is indexing for most lines okay, but some times splunk indexes before th...
by BrendanMcE Path Finder in Getting Data In 01-24-2017
1 5
1
5
marlog

Is it possible to define a custom location for universal forwarder local configurations?

My Splunk Forwarder is installed on a share, which can be mapped to all the servers in my environment. Therefore, I ...
by marlog Explorer in Getting Data In 01-24-2017
0 1
0
1
wilsonchua

Why am I unable to install a Splunk Forwarder on Windows 2008 64 bit (non domain controller) with error "Faulting application openssl.exe.."?

My attempts to install a Splunk forwarder on Windows 2008 fails and is rolled back. In this case, the application ev...
by wilsonchua New Member in Getting Data In 01-24-2017
0 1
0
1
simpkins1958

What is best way to use sourcetype with HTTP Event Collector to categorize data?

From the HTTP Event Collector setting page: Source type The source type is one of the default fields that Splunk as...
by simpkins1958 Contributor in Getting Data In 01-24-2017
0 7
0
7
andrey2007

HF1 -> HF2 -> Indexer: How to route a set of data that has already been parsed on Heavy Forwarder #1 to a specified index on the indexer through HF #2?

Hello, all I have infrastructure like this 1stHF => 2ndHF => Indexer On the first Heavy Forwarder, I clone some set...
by andrey2007 Contributor in Getting Data In 01-24-2017
3 5
3
5
wliu_ondeck

How to configure line breaking on ADmanagerplus log?

I am working on ingesting ADmanagerplus logs. I am having difficulty linebreaking the following log which represents ...
by wliu_ondeck Explorer in Getting Data In 01-24-2017
0 1
0
1
a212830

Is it possible to disable SSL v3 on the universal forwarder?

Is there a way to disable SSL v3 on the UFW? I'm getting flagged by security.
by a212830 Champion in Getting Data In 01-24-2017
1 5
1
5
ankithreddy777

What is function of DEST_KEY in transforms.conf

I am little bit confused by the explanation given for DEST_KEY IN TRANSFORMS.CONF. May I know what is the exact funct...
by ankithreddy777 Contributor in Getting Data In 01-24-2017
1 4
1
4
ddrillic

Why some of our indexers stop listening on port 9997?

Yesterday we realized that three of our six production indexers stop listening on port 9997. We bounced them and all ...
by ddrillic Ultra Champion in Getting Data In 01-24-2017
1 2
1
2
paimonsoror

Can a sourcetype be aliased, meaning, can it inherit extractions from another sourcetype?

Wasn't able to find a solid answer on this one, but I am using Splunk 6.x, and was wondering if I could have a source...
by paimonsoror Builder in Getting Data In 01-24-2017
1 2
1
2
joydeep741

How to edit inputs.conf to monitor logs on Windows machine?

To monitor a file on Windows machine with names like : access.2016_09_23_00_00_00 I wrote the following stanza in in...
by joydeep741 Path Finder in Getting Data In 01-24-2017
0 6
0
6
deepthi5

how to get the timezone of the logs set in props file

Hi team, I have catalina logs ocming to splunk from Central timezone But my splunk server is installed and configure...
by deepthi5 Path Finder in Getting Data In 01-24-2017
0 1
0
1
CurryPan

Windows 環境で SplunkWeb の Data inputs から複数の UDP inputが設定できない

SplunkWeb にログインし、Data inputsから1つのUDP port 514 インプットを設定することはできます。しかし、追加でもう一つ UDP port 514 インプットを設定すると下記のエラーが出てしまい設定するこ...
by CurryPan Communicator in Getting Data In 01-24-2017
0 1
0
1
CurryPan

Maximum number of attribute $n in transforms.conf

Hello, the FORMAT option in transforms.conf can use $n to specify the output of each REGEX match. (https://docs.splun...
by CurryPan Communicator in Getting Data In 01-24-2017
1 1
1
1
MousumiChowdhur

Why am I receiving "SOFTWARE PROGRAM ERROR" in Splunk universal forwarder that are AIX servers?

I'm running error script on a bunch of AIX servers but have encountered the "SOFTWARE PROGRAM ERROR" on few of the se...
by MousumiChowdhur Contributor in Getting Data In 01-24-2017
4 1
4
1
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...