Getting Data In

Community Activity

"did not return events in descending time order"の解消方法以下のような前段のコマンドから結果を読み込み、自作の関数の結果を新しいカラムとして差し込んで次のコマンドへ引き渡す外部スクリプトを実行すると、以下のようなエラーになります。エラーにならない場合もあります。 commands.conf... by KagotaniMasato Explorer in Getting Data In 12-09-2016 0 1	0	1
How to edit props.conf to retrieve time from my data? i have a data like this: capturedTime = "12/6/16, 9:08 PM"; indymeDepartmentNumber = 250; lastCacheTime = "1... by sravankaripe Communicator in Getting Data In 12-09-2016 0 2	0	2
How do I get the learned app to set owner to a valid user? The learned app is creating objects owned by "nobody". This creates logged error messages about ERROR Authenticati... by dleifer_mercury New Member in Getting Data In 12-09-2016 0 1	0	1
How to index the same set of logs and route them to 2 different indexes, but process transforms for one index to filter out sensitive data? Hello fellow-splunkers! Problem Statement - My logs have INFO, WARNING and DEBUG log entries. The DEBUG log entries... by mukherjee_mk Explorer in Getting Data In 12-08-2016 1 4	1	4
Using Splunk Web, can I search a specific host name or IP address that returns the “Identified UF Version” of that system? Hello Splunkers - Using Splunk Web, can I search/index a specific host name or IP address that returns the “Identifie... by Splunk0n New Member in Getting Data In 12-08-2016 0 4	0	4
How to edit a rex search in order to find the average duration time between two fields? Hi, I'm currently have issues parsing the duration I've created to find the average time between 2 fields based on a... by anthonycopus Path Finder in Getting Data In 12-08-2016 0 2	0	2
Upgraded universal forwarder from 5.2 to 6.5.0. Is it typical to receive a "parameter=tstatsHomePath not configured" error when upgrading and how to fix? I upgraded my Windows universal forwarder from 5.2 to 6.5.0. All I did was grab the installer from download and insta... by hartfoml Motivator in Getting Data In 12-08-2016 0 5	0	5
How to troubleshoot configuration mismatch in inputs.conf and outputs.conf? Background, I am not an engineer and have little engineering experience. In setting up my instance, I have a question... by antifreke Path Finder in Getting Data In 12-08-2016 0 2	0	2
Why is Splunk converting my timestamp to DD/MM/YY instead of MM/DD/YY? Hi All I have this problem in Splunk : in my log i have time setup as : 12.07.2016 17:20:30,474 but Splunk is con... by jmajumdar Explorer in Getting Data In 12-08-2016 0 3	0	3
How to filter out local firewall events I don’t want Splunk to index? A lot of the Windows Security auditing events we see in Splunk come from the local firewall that we're not interested... by bugnet Path Finder in Getting Data In 12-08-2016 0 5	0	5
How to edit inputs.conf to restrict data collected from a monitored TCP input to specific hosts? I want to restrict data collected from a monitored TCP port to a list of hosts. This is the stanza that I used but i... by kennybirdwell Explorer in Getting Data In 12-08-2016 0 10	0	10
Measuring thruput of heavy forwarders in a dashboard. Would using "metrics.log group=thruput name=thruput" add both input and output thruput to the final result? Hi, Quick question regarding metrics.log and a heavy forwarder (HF). I'm using a dashboard to measure the thruput on... by mwdbhyat Builder in Getting Data In 12-08-2016 0 3	0	3
How to edit my regular expression to include a space in order for Splunk to extract data? Hi, I wonder whether someone could help me please. I'm trying to create a Splunk regular expression to extract the p... by IRHM73 Motivator in Getting Data In 12-08-2016 0 12	0	12
Passing a variable from search query to title in simple xml Hi, I have created a dashboard in simple xml. The alerts for every day is recorded in a lookup is shown in the dashbo... by Priya312 Explorer in Getting Data In 12-07-2016 0 2	0	2
Why is Universal Forwarder unable to process props.conf configuration for structured data? I have a customer that wants to index psv files with headers. If I omit the props.conf file on the Universal Forwarde... by bsanch2 Path Finder in Getting Data In 12-07-2016 0 3	0	3
How to execute TRANSFORMS by source name in props.conf? Hi, Given the below: inputs.conf [monitor://\\MyServer\MyFolder] disabled = false host = MyServer index = MyIndex ... by chrisboy68 Contributor in Getting Data In 12-07-2016 0 5	0	5
Can I migrate indexes into a volume reference? Hi, Forgive me if this is a dumb question... can I move an index(s) into a volume reference? Index paths will remain... by ephemeric Contributor in Getting Data In 12-07-2016 0 2	0	2
How to use mvexpand to create multiple events with different times? I have an event, from JVM garbage collection activity, and it is logged with a timestamp representing the beginning o... by bdruth Path Finder in Getting Data In 12-07-2016 0 1	0	1
How to make sure files containing a particular pair of letters are properly blacklisted? This is what I have started: [monitor:///web/apps/doms/domains/*/CrewAdminAdapter.log] index=wlsseappslogs blacklist... by nls7010 Path Finder in Getting Data In 12-07-2016 0 3	0	3
How to blacklist two different hosts in inputs.conf? Hi All, Can any one guide me on how to blacklist two different host in the same inputs.conf files in Heavy Forwarder ... by Hemnaath Motivator in Getting Data In 12-07-2016 0 1	0	1
Is there a recommendation for how many sourcetypes an index should have? I imagine that if you would have one index per sourcetype that would cause problems, however is there an ideal number... by packet_hunter Contributor in Getting Data In 12-07-2016 0 5	0	5
How to edit my regular expression to select the timestamp and UniqueID in order to create a line graph from it? I'm trying to create a line graph that represents number of requests throughout the day so we can see when we get the... by sankarms Explorer in Getting Data In 12-07-2016 0 1	0	1
After configuring configure yarn variables, why does my search fail to run? Hi, I configured the YARN variables needed in the provider, but now the search query I try to run fails. It looks l... by jmallorquin Builder in Getting Data In 12-07-2016 0 6	0	6
How to view individual hops of data before it reaches indexer? We have got "heavy forwarders" and our client has got a Splunk Heavy forwarders at their side before they send to us.... by koshyk Super Champion in Getting Data In 12-07-2016 0 2	0	2
Is the configuration for my timestamp correct? I have a problem with the right extraction of timestamp in a log file. The string example of my log : 161206 152835... by patriziadepaola Explorer in Getting Data In 12-07-2016 0 1	0	1

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Getting Data In

"did not return events in descending time order"の解消方法

How to edit props.conf to retrieve time from my data?

How do I get the learned app to set owner to a valid user?

How to index the same set of logs and route them to 2 different indexes, but process transforms for one index to filter out sensitive data?

Using Splunk Web, can I search a specific host name or IP address that returns the “Identified UF Version” of that system?

How to edit a rex search in order to find the average duration time between two fields?

Upgraded universal forwarder from 5.2 to 6.5.0. Is it typical to receive a "parameter=tstatsHomePath not configured" error when upgrading and how to fix?

How to troubleshoot configuration mismatch in inputs.conf and outputs.conf?

Why is Splunk converting my timestamp to DD/MM/YY instead of MM/DD/YY?

How to filter out local firewall events I don’t want Splunk to index?

How to edit inputs.conf to restrict data collected from a monitored TCP input to specific hosts?

Measuring thruput of heavy forwarders in a dashboard. Would using "metrics.log group=thruput name=thruput" add both input and output thruput to the final result?

How to edit my regular expression to include a space in order for Splunk to extract data?

Passing a variable from search query to title in simple xml

Why is Universal Forwarder unable to process props.conf configuration for structured data?

How to execute TRANSFORMS by source name in props.conf?

Can I migrate indexes into a volume reference?

How to use mvexpand to create multiple events with different times?

How to make sure files containing a particular pair of letters are properly blacklisted?

How to blacklist two different hosts in inputs.conf?

Is there a recommendation for how many sourcetypes an index should have?

How to edit my regular expression to select the timestamp and UniqueID in order to create a line graph from it?

After configuring configure yarn variables, why does my search fail to run?

How to view individual hops of data before it reaches indexer?

Is the configuration for my timestamp correct?

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation