Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do I fix my host_regex in order to extract the hostname from my log file?

Hello all I am extremely terrible with regex and frankly I am stumped. I am trying to get hostname from the log fi...

by Contributor in

How to deploy Splunk using a universal forwarder through Tivoli Endpoint Manager (TEM)?

Hi Guys, We are at a phase where we need to deploy universal forwarder setup through Tivoli Endpoint Manager (TEM)...

by Explorer in

Why is my Splunk license rolling over at 9pm CST instead of midnight?

We have had issues with going over our license, but it's rolling over at 9pm CST instead of midnight, how do I fix th...

by New Member in

Filtering Remote Event Log Collection Event Codes - a simple answer

This is not a question, since when I tried to get a simple answer for what I believe is a simple problem, I could not...

by Explorer in

How to turn off logging from a particular host when a server is decomissioned?

As one of our servers is decommissioned, we need to turn off the logging from that particular host. Please kindly hel...

by Explorer in

Can Timestamp Assignement Precedence Be Altered?

Is there a way to override the timestamp assignment precedence rules, as described here: http://docs.splunk.com/Do...

by Loves-to-Learn in

Why are we receiving a massive amount of duplicate events from our forwarder, resulting in 4 license violations?

We are experiencing a massive duplication of events in two log files indexed by Splunk. This started suddenly on a Fr...

by New Member in

Cisco Security Suite and Cisco Firewall Add-on Installation

I have installed both Cisco Security Suite and Cisco Firewall Add-On, I have UDP 514 port excepting log data from a S...

by New Member in

Splunk Deployment - Stanndalone

Hi, I have 1 search head and 1 indexer, I configured the indexer as search peer and the status is up. However cann...

by Explorer in

Can we set the ttl for knowledge bundles on indexers?

We have a version 6.3.4 search head cluster and indexers, in a distributed search environment. Noticing that the sear...

by Builder in

How to blacklist Windows Security Event Logs 4689 and 4688 on a universal forwarder?

Trying to blacklist Windows Events 4688 and 4689 that come from the Splunk Universal Forwarder, I've checked the rege...

by Engager in

Is there a faster way to test line breaking configurations without updating crcSalt and restarting Splunk each time?

All, I am currently playing with some line breaking. But in order to test it I need to update my crcSalt, and res...

by Builder in

How to encrypt archived data?

We have a requirement from our security team to have the "Backup copies of sensitive information are encrypted" Ca...

by Explorer in

6.3 Upgrade - Missing HTTP Event Collector Data Input Option

I just upgraded a local install of Splunk Enterprise from 6.2.4 (iirc) to 6.3. Restarted it, etc. I'm not seeing t...

by Explorer in

Splunk_TA_Windows and non-standard index

Hi! I have several windows hosts with the Universal Forwarder and Splunk_TA_Windows installed. they are feeding in...

by Explorer in

Configure inputs.conf to reindex file every time modification time changes?

Hi fellow splunkers, I want to know if I can somehow define a monitor-stanza that reindexes a file (entirely rein...

by SplunkTrust in

How to trace or tag events to know which specific Heavy Forwarder the events have passed through?

We've got more than a dozen Heavy Forwarders (HF) that are behind a pair of load balancers that handle all our system...

by Communicator in

How can I convert time 2016-09-12T10:16:51.000+00:00 with timezone specified in simple date and time (2016-09-12 10:16:51)format

I've been trying to convert "2016-09-12T10:16:51.000+00:00" into simple format i.e: 2016-09-12 10:16:51. Tried usin...

by Path Finder in

how to add a timeformat for a search which contains an unique string in macros.conf?

I have a search as follows earliest="08/01/2016:00:00:01" latest="08/01/2016:23:59:59" getABCsWin("XYZ","abc123456...

by Builder in

Is there a REST endpoint that allows replacing a static resource?

Is there an endpoint that allows replacing a static resource? I've written some scripts to upload dashboards through:...

by Contributor in

Getting Data In

Discussions

How do I fix my host_regex in order to extract the hostname from my log file?

How to deploy Splunk using a universal forwarder through Tivoli Endpoint Manager (TEM)?

Why is my Splunk license rolling over at 9pm CST instead of midnight?

Filtering Remote Event Log Collection Event Codes - a simple answer

How to turn off logging from a particular host when a server is decomissioned?

Can Timestamp Assignement Precedence Be Altered?

Why are we receiving a massive amount of duplicate events from our forwarder, resulting in 4 license violations?

Cisco Security Suite and Cisco Firewall Add-on Installation

Splunk Deployment - Stanndalone

Can we set the ttl for knowledge bundles on indexers?

How to blacklist Windows Security Event Logs 4689 and 4688 on a universal forwarder?

Is there a faster way to test line breaking configurations without updating crcSalt and restarting Splunk each time?

How to encrypt archived data?

6.3 Upgrade - Missing HTTP Event Collector Data Input Option

Splunk_TA_Windows and non-standard index

Configure inputs.conf to reindex file every time modification time changes?

How to trace or tag events to know which specific Heavy Forwarder the events have passed through?

How can I convert time 2016-09-12T10:16:51.000+00:00 with timezone specified in simple date and time (2016-09-12 10:16:51)format

how to add a timeformat for a search which contains an unique string in macros.conf?

Is there a REST endpoint that allows replacing a static resource?

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

SSL Error Splunk DB connect add-on

Drop Windows Event Logs with EventID 5156 and not ...

Splunk add-on for Cisco Meraki getting data from o...

Files can't be ingested while being in transit via...

Using Splunk with NiFi

Getting Data In

Discussions

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >