Getting Data In

Community Activity

How to remove inner double quotes from json data?? Hello i am trying to remove inner double quotes from json data here is my sample data: {"msg": "the message "is p... by AzmathShaik Path Finder in Getting Data In 11-22-2016 0 2	0	2
Whats the best way to blacklist a Windows event code? I have over 300 Universal forwarders and I'm getting several eventcode=5156 events errors. Is there a way to blackli... by mrtolu6 Path Finder in Getting Data In 11-22-2016 0 4	0	4
Splunk offline command and bucket replication Reading through the "offline" documentation & "maintenance" mode documentation, I'm slighly confused, if we need to d... by koshyk Super Champion in Getting Data In 11-22-2016 0 2	0	2
Why is the Distributed Management Console unable to find forwarders? I configured Forwarder Monitoring Setup of DMC function for monitoring status of forwarders, but the Distributed Mana... by tom8h Explorer in Getting Data In 11-21-2016 0 3	0	3
How to edit props.conf to line break a single line event into multiple lines? I have a single line event as shown. I have to break it to multiple lines starting at {IBP_LKL . May I know what set... by ankithreddy777 Contributor in Getting Data In 11-21-2016 0 1	0	1
Windows Server 2008R2 Splunk server not receiving Windows Event Logs from a Windows 7 PC with Universal Forwarder installed I initially tested the Splunk Server on a Windows 7 machine and installed the Universal Forwarder on another WIndows ... by seeia Engager in Getting Data In 11-21-2016 0 1	0	1
Can a custom app send data to the indexer via memory? I wonder what would be an efficient way for a custom app to communicate with an indexer? Can the custom app write to ... by ddrillic Ultra Champion in Getting Data In 11-21-2016 0 3	0	3
Accidentally uploaded the same license on indexers and master node. How to resolve a "Duplicated license situation"? Hi Experts, I got a situation. By mistake, I uploaded the same license that I used for Indexers and Master node. Now... by vikas_gopal Builder in Getting Data In 11-21-2016 0 1	0	1
Considerations for adjusting autoLBFrequency in outputs.conf When using automatic load balancing of outputs from universal forwarders (UF), the default number of seconds a forwar... by dstaulcu Builder in Getting Data In 11-21-2016 0 1	0	1
Why are my nearly identically-named log files not being indexed by Splunk? For our "ATA42_NETWORK" application we have indexed *.NCD files These files are located in an “input directory” moni... by ebrand New Member in Getting Data In 11-21-2016 0 6	0	6
Whats the best way to migrate /db from one drive to another? I'm migrating a standalone indexer from Windows to Linux. I mounted the snapshot onto the Linux box and currently mov... by skoelpin SplunkTrust in Getting Data In 11-21-2016 0 5	0	5
What is the user-seed.conf file? I'm a bit confused about the user-seed.conf. Based on the documentation provided by Splunk, it seems this is to set u... by nmensah Explorer in Getting Data In 11-21-2016 1 3	1	3
How can I improve the performance of Splunk monitoring hundreds of active files? When Splunk monitors hundreds/thousands of files, there seems to be a long lag between the time the event is generate... by hulahoop Splunk Employee in Getting Data In 11-21-2016 12 7	12	7
Forwarded events not indexed Hello! I am preparing for the architect exam and I have set the following lab: 10.37.129.10 spl-search-head ... by andresito123 Communicator in Getting Data In 11-20-2016 2 31	2	31
Reading vehicle network data .. Hi i want to read vehicle data in Splunk.. Data is seen on vehice network like below: ID data le... by eyirik Explorer in Getting Data In 11-20-2016 0 1	0	1
How should I implement a Splunk architecture on a 2 virtual machine, development environment? Hi, we have to implement a Splunk architecture (for a development/test environment). We have 2 virtual devices, and w... by gianpaolodelgro New Member in Getting Data In 11-18-2016 0 4	0	4
Deployment client is not indexing data to the Deployment server? (50 credit will be rewarder for the person who found the solution) Hi the following were the splunkd.log messages in the deployment client. I don't know why it isn't showing any warnin... by pavanae Builder in Getting Data In 11-18-2016 0 7	0	7
How do I configure the Deployment Server to have a Universal Forwarder send logs to a specific index? Hello everyone, I have in theory a very simple question. Hopefully this is as simple as I think it is. I have a depl... by nmensah Explorer in Getting Data In 11-18-2016 1 5	1	5
An index was not prepared to ingest data, so I cannot see events from previous days. How do I fix this? Hello, I forgot to have an index ready when I started to ingest data (log file with data from last week to present) ... by TheJagoff Communicator in Getting Data In 11-18-2016 1 2	1	2
In props.conf, why is BREAK_ONLY_BEFORE_DATE not properly line breaking my events? My props.conf is like: BREAK_ONLY_BEFORE_DATE = true TIME_PREFIX = GMT TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3N MAX_DAYS_... by yqifan83 New Member in Getting Data In 11-18-2016 0 6	0	6
What do Splunk Ninjas think are the top three daily Splunk tasks in a large distributed environment? Hello all, I am trying to build a workflow for our new Splunk product and want to know what top three regular daily ... by brian1_tate Path Finder in Getting Data In 11-18-2016 0 8	0	8
How to edit my universal forwarder monitor stanza to index Active Directory server logs? I am trying to monitor the Active Directory Server for logs. I have a universal forwarder installed on a Windows AD S... by anaqvi Explorer in Getting Data In 11-18-2016 0 1	0	1
How to add modular data inputs using Splunk command line? I am trying to install a TA from Splunk command line. Referring to http://docs.splunk.com/Documentation/Splunk/6.5.0/... by prabhasgupte Communicator in Getting Data In 11-18-2016 0 1	0	1
How to alert when the last event in an index is older than 1 hour, and if any forwarder has not phoned home in the last hour? Hello Splunkers. I'm working on 2 scenarios, and I'm sure you guys can help me. Scenario 1: We have about 15 indexe... by guimilare Communicator in Getting Data In 11-18-2016 0 2	0	2
Custom command for json event Hi, I'm using the below line, while creating custom command for key value field extraction. My events are in json f... by rodneyjerome Explorer in Getting Data In 11-18-2016 0 7	0	7

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Getting Data In

How to remove inner double quotes from json data??

Whats the best way to blacklist a Windows event code?

Splunk offline command and bucket replication

Why is the Distributed Management Console unable to find forwarders?

How to edit props.conf to line break a single line event into multiple lines?

Windows Server 2008R2 Splunk server not receiving Windows Event Logs from a Windows 7 PC with Universal Forwarder installed

Can a custom app send data to the indexer via memory?

Accidentally uploaded the same license on indexers and master node. How to resolve a "Duplicated license situation"?

Considerations for adjusting autoLBFrequency in outputs.conf

Why are my nearly identically-named log files not being indexed by Splunk?

Whats the best way to migrate /db from one drive to another?

What is the user-seed.conf file?

How can I improve the performance of Splunk monitoring hundreds of active files?

Forwarded events not indexed

Reading vehicle network data ..

How should I implement a Splunk architecture on a 2 virtual machine, development environment?

Deployment client is not indexing data to the Deployment server? (50 credit will be rewarder for the person who found the solution)

How do I configure the Deployment Server to have a Universal Forwarder send logs to a specific index?

An index was not prepared to ingest data, so I cannot see events from previous days. How do I fix this?

In props.conf, why is BREAK_ONLY_BEFORE_DATE not properly line breaking my events?

What do Splunk Ninjas think are the top three daily Splunk tasks in a large distributed environment?

How to edit my universal forwarder monitor stanza to index Active Directory server logs?

How to add modular data inputs using Splunk command line?

How to alert when the last event in an index is older than 1 hour, and if any forwarder has not phoned home in the last hour?

Custom command for json event

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation