Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
daniel333

How to troubleshoot why my scripted input on Solaris is not working?

All, Not really a SunOS guy, so might be missing something fundamental. I wrote the script I need, and it runs fine...
by daniel333 Builder in Getting Data In 11-22-2016
0 3
0
3
rsathish47

How to add parallelIngestionPipelines to server.conf in an indexer cluster?

Hi All, We have an indexer cluster and cluster master. we need to add the parameter below in the indexer cluster ser...
by rsathish47 Contributor in Getting Data In 11-22-2016
0 1
0
1
AzmathShaik

How to remove inner double quotes from json data??

Hello i am trying to remove inner double quotes from json data here is my sample data: {"msg": "the message "is p...
by AzmathShaik Path Finder in Getting Data In 11-22-2016
0 2
0
2
mrtolu6

Whats the best way to blacklist a Windows event code?

I have over 300 Universal forwarders and I'm getting several eventcode=5156 events errors. Is there a way to blackli...
by mrtolu6 Path Finder in Getting Data In 11-22-2016
0 4
0
4
koshyk

Splunk offline command and bucket replication

Reading through the "offline" documentation & "maintenance" mode documentation, I'm slighly confused, if we need to d...
by koshyk Super Champion in Getting Data In 11-22-2016
0 2
0
2
tom8h

Why is the Distributed Management Console unable to find forwarders?

I configured Forwarder Monitoring Setup of DMC function for monitoring status of forwarders, but the Distributed Mana...
by tom8h Explorer in Getting Data In 11-21-2016
0 3
0
3
ankithreddy777

How to edit props.conf to line break a single line event into multiple lines?

I have a single line event as shown. I have to break it to multiple lines starting at {IBP_LKL . May I know what set...
by ankithreddy777 Contributor in Getting Data In 11-21-2016
0 1
0
1
seeia

Windows Server 2008R2 Splunk server not receiving Windows Event Logs from a Windows 7 PC with Universal Forwarder installed

I initially tested the Splunk Server on a Windows 7 machine and installed the Universal Forwarder on another WIndows ...
by seeia Engager in Getting Data In 11-21-2016
0 1
0
1
ddrillic

Can a custom app send data to the indexer via memory?

I wonder what would be an efficient way for a custom app to communicate with an indexer? Can the custom app write to ...
by ddrillic Ultra Champion in Getting Data In 11-21-2016
0 3
0
3
vikas_gopal

Accidentally uploaded the same license on indexers and master node. How to resolve a "Duplicated license situation"?

Hi Experts, I got a situation. By mistake, I uploaded the same license that I used for Indexers and Master node. Now...
by vikas_gopal Builder in Getting Data In 11-21-2016
0 1
0
1
dstaulcu

Considerations for adjusting autoLBFrequency in outputs.conf

When using automatic load balancing of outputs from universal forwarders (UF), the default number of seconds a forwar...
by dstaulcu Builder in Getting Data In 11-21-2016
0 1
0
1
ebrand

Why are my nearly identically-named log files not being indexed by Splunk?

For our "ATA42_NETWORK" application we have indexed *.NCD files These files are located in an “input directory” moni...
by ebrand New Member in Getting Data In 11-21-2016
0 6
0
6
skoelpin

Whats the best way to migrate /db from one drive to another?

I'm migrating a standalone indexer from Windows to Linux. I mounted the snapshot onto the Linux box and currently mov...
by SplunkTrust SplunkTrust in Getting Data In 11-21-2016
0 5
0
5
nmensah

What is the user-seed.conf file?

I'm a bit confused about the user-seed.conf. Based on the documentation provided by Splunk, it seems this is to set u...
by nmensah Explorer in Getting Data In 11-21-2016
1 3
1
3
hulahoop

How can I improve the performance of Splunk monitoring hundreds of active files?

When Splunk monitors hundreds/thousands of files, there seems to be a long lag between the time the event is generate...
by hulahoop Splunk Employee Splunk Employee in Getting Data In 11-21-2016
12 7
12
7
andresito123

Forwarded events not indexed

Hello! I am preparing for the architect exam and I have set the following lab: 10.37.129.10 spl-search-head ...
by andresito123 Communicator in Getting Data In 11-20-2016
2 31
2
31
eyirik

Reading vehicle network data ..

Hi i want to read vehicle data in Splunk.. Data is seen on vehice network like below: ID data le...
by eyirik Explorer in Getting Data In 11-20-2016
0 1
0
1
gianpaolodelgro

How should I implement a Splunk architecture on a 2 virtual machine, development environment?

Hi, we have to implement a Splunk architecture (for a development/test environment). We have 2 virtual devices, and w...
by gianpaolodelgro New Member in Getting Data In 11-18-2016
0 4
0
4
pavanae

Deployment client is not indexing data to the Deployment server? (50 credit will be rewarder for the person who found the solution)

Hi the following were the splunkd.log messages in the deployment client. I don't know why it isn't showing any warnin...
by pavanae Builder in Getting Data In 11-18-2016
0 7
0
7
nmensah

How do I configure the Deployment Server to have a Universal Forwarder send logs to a specific index?

Hello everyone, I have in theory a very simple question. Hopefully this is as simple as I think it is. I have a depl...
by nmensah Explorer in Getting Data In 11-18-2016
1 5
1
5
TheJagoff

An index was not prepared to ingest data, so I cannot see events from previous days. How do I fix this?

Hello, I forgot to have an index ready when I started to ingest data (log file with data from last week to present) ...
by TheJagoff Communicator in Getting Data In 11-18-2016
1 2
1
2
yqifan83

In props.conf, why is BREAK_ONLY_BEFORE_DATE not properly line breaking my events?

My props.conf is like: BREAK_ONLY_BEFORE_DATE = true TIME_PREFIX = GMT TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3N MAX_DAYS_...
by yqifan83 New Member in Getting Data In 11-18-2016
0 6
0
6
brian1_tate

What do Splunk Ninjas think are the top three daily Splunk tasks in a large distributed environment?

Hello all, I am trying to build a workflow for our new Splunk product and want to know what top three regular daily ...
by brian1_tate Path Finder in Getting Data In 11-18-2016
0 8
0
8
anaqvi

How to edit my universal forwarder monitor stanza to index Active Directory server logs?

I am trying to monitor the Active Directory Server for logs. I have a universal forwarder installed on a Windows AD S...
by anaqvi Explorer in Getting Data In 11-18-2016
0 1
0
1
prabhasgupte

How to add modular data inputs using Splunk command line?

I am trying to install a TA from Splunk command line. Referring to http://docs.splunk.com/Documentation/Splunk/6.5.0/...
by prabhasgupte Communicator in Getting Data In 11-18-2016
0 1
0
1
Top Labels
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...