Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
mzorzi

How do I route data based on the Index field

Assuming I have a forwarder with inputs.conf: [monitor:///var/log/notcritical] index=datacritical [monitor:///var/l...
by mzorzi Splunk Employee Splunk Employee in Getting Data In 12-12-2016
0 1
0
1
bosch_softtec

Why is Splunk not capturing new content in a CSV file input and indexing it?

Hi, Splunk 6.5.0 I have the scenario that I have to import every hour a csv (File A) file from a system which has n...
by bosch_softtec Path Finder in Getting Data In 12-12-2016
0 2
0
2
Deepali529

How is the Index Size greater than the uncompressed raw data size?

Uploaded File size: 717MB Current Index size: 811MB ( settings -> Data -> Indexes ) Index Size: 0.79 GB ( Monitoring...
by Deepali529 Explorer in Getting Data In 12-11-2016
0 8
0
8
elindemann

How to edit inputs.conf in order to whitelist incoming Windows events by EventCode?

Hello there, I'm currently trying to whilelist incoming Windows events by EventCode, but it doesn't actually filter...
by elindemann Engager in Getting Data In 12-10-2016
0 10
0
10
KagotaniMasato

"did not return events in descending time order"の解消方法

以下のような前段のコマンドから結果を読み込み、自作の関数の結果を新しいカラムとして差し込んで次のコマンドへ引き渡す外部スクリプトを実行すると、以下のようなエラーになります。エラーにならない場合もあります。 commands.conf...
by KagotaniMasato Explorer in Getting Data In 12-09-2016
0 1
0
1
sravankaripe

How to edit props.conf to retrieve time from my data?

i have a data like this: capturedTime = "12/6/16, 9:08 PM"; indymeDepartmentNumber = 250; lastCacheTime = "1...
by sravankaripe Communicator in Getting Data In 12-09-2016
0 2
0
2
dleifer_mercury

How do I get the learned app to set owner to a valid user?

The learned app is creating objects owned by "nobody". This creates logged error messages about ERROR Authenticati...
by dleifer_mercury New Member in Getting Data In 12-09-2016
0 1
0
1
mukherjee_mk

How to index the same set of logs and route them to 2 different indexes, but process transforms for one index to filter out sensitive data?

Hello fellow-splunkers! Problem Statement - My logs have INFO, WARNING and DEBUG log entries. The DEBUG log entries...
by mukherjee_mk Explorer in Getting Data In 12-08-2016
1 4
1
4
Splunk0n

Using Splunk Web, can I search a specific host name or IP address that returns the “Identified UF Version” of that system?

Hello Splunkers - Using Splunk Web, can I search/index a specific host name or IP address that returns the “Identifie...
by Splunk0n New Member in Getting Data In 12-08-2016
0 4
0
4
anthonycopus

How to edit a rex search in order to find the average duration time between two fields?

Hi, I'm currently have issues parsing the duration I've created to find the average time between 2 fields based on a...
by anthonycopus Path Finder in Getting Data In 12-08-2016
0 2
0
2
hartfoml

Upgraded universal forwarder from 5.2 to 6.5.0. Is it typical to receive a "parameter=tstatsHomePath not configured" error when upgrading and how to fix?

I upgraded my Windows universal forwarder from 5.2 to 6.5.0. All I did was grab the installer from download and insta...
by hartfoml Motivator in Getting Data In 12-08-2016
0 5
0
5
antifreke

How to troubleshoot configuration mismatch in inputs.conf and outputs.conf?

Background, I am not an engineer and have little engineering experience. In setting up my instance, I have a question...
by antifreke Path Finder in Getting Data In 12-08-2016
0 2
0
2
jmajumdar

Why is Splunk converting my timestamp to DD/MM/YY instead of MM/DD/YY?

Hi All I have this problem in Splunk : in my log i have time setup as : 12.07.2016 17:20:30,474 but Splunk is con...
by jmajumdar Explorer in Getting Data In 12-08-2016
0 3
0
3
bugnet

How to filter out local firewall events I don’t want Splunk to index?

A lot of the Windows Security auditing events we see in Splunk come from the local firewall that we're not interested...
by bugnet Path Finder in Getting Data In 12-08-2016
0 5
0
5
kennybirdwell

How to edit inputs.conf to restrict data collected from a monitored TCP input to specific hosts?

I want to restrict data collected from a monitored TCP port to a list of hosts. This is the stanza that I used but i...
by kennybirdwell Explorer in Getting Data In 12-08-2016
0 10
0
10
mwdbhyat

Measuring thruput of heavy forwarders in a dashboard. Would using "metrics.log group=thruput name=thruput" add both input and output thruput to the final result?

Hi, Quick question regarding metrics.log and a heavy forwarder (HF). I'm using a dashboard to measure the thruput on...
by mwdbhyat Builder in Getting Data In 12-08-2016
0 3
0
3
IRHM73

How to edit my regular expression to include a space in order for Splunk to extract data?

Hi, I wonder whether someone could help me please. I'm trying to create a Splunk regular expression to extract the p...
by IRHM73 Motivator in Getting Data In 12-08-2016
0 12
0
12
Priya312

Passing a variable from search query to title in simple xml

Hi, I have created a dashboard in simple xml. The alerts for every day is recorded in a lookup is shown in the dashbo...
by Priya312 Explorer in Getting Data In 12-07-2016
0 2
0
2
bsanch2

Why is Universal Forwarder unable to process props.conf configuration for structured data?

I have a customer that wants to index psv files with headers. If I omit the props.conf file on the Universal Forwarde...
by bsanch2 Path Finder in Getting Data In 12-07-2016
0 3
0
3
chrisboy68

How to execute TRANSFORMS by source name in props.conf?

Hi, Given the below: inputs.conf [monitor://\\MyServer\MyFolder] disabled = false host = MyServer index = MyIndex ...
by chrisboy68 Contributor in Getting Data In 12-07-2016
0 5
0
5
ephemeric

Can I migrate indexes into a volume reference?

Hi, Forgive me if this is a dumb question... can I move an index(s) into a volume reference? Index paths will remain...
by ephemeric Contributor in Getting Data In 12-07-2016
0 2
0
2
bdruth

How to use mvexpand to create multiple events with different times?

I have an event, from JVM garbage collection activity, and it is logged with a timestamp representing the beginning o...
by bdruth Path Finder in Getting Data In 12-07-2016
0 1
0
1
nls7010

How to make sure files containing a particular pair of letters are properly blacklisted?

This is what I have started: [monitor:///web/apps/doms/domains/*/CrewAdminAdapter.log] index=wlsseappslogs blacklist...
by nls7010 Path Finder in Getting Data In 12-07-2016
0 3
0
3
Hemnaath

How to blacklist two different hosts in inputs.conf?

Hi All, Can any one guide me on how to blacklist two different host in the same inputs.conf files in Heavy Forwarder ...
by Hemnaath Motivator in Getting Data In 12-07-2016
0 1
0
1
packet_hunter

Is there a recommendation for how many sourcetypes an index should have?

I imagine that if you would have one index per sourcetype that would cause problems, however is there an ideal number...
by packet_hunter Contributor in Getting Data In 12-07-2016
0 5
0
5
Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
Top Solution Authors
View All