Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
adminimv

After installing a forwarder on Windows to send data to a Splunk Cloud trial, why do I not see the forwarder in the Add Data page?

I'm new to Splunk and setting up Splunk Cloud trial verison. Have installed a Splunk forwarder on Win 2008 R2 64X ma...
by adminimv New Member in Getting Data In 10-27-2016
0 4
0
4
jesmi_harindran

After creating an index for the Search app, why is my indexes.conf file missing from C:\Program Files\Splunk\etc\apps\search?

Hello, I have trial version of Splunk Enterprise with me. I created an index for the search and reporting app, but w...
by jesmi_harindran New Member in Getting Data In 10-27-2016
0 5
0
5
Dharanesha

Why am I receiving "UniversalForwarder Setup Wizard ended prematurely because of an error" when trying to upgrade my server to 6.4.1?

Hi, There are a few servers throwing the error while installing Agent: "UniversalForwarder Setup Wizard ended premat...
by Dharanesha New Member in Getting Data In 10-27-2016
0 9
0
9
splunk_svc

Parsing fields from json logs

Hi Splunkers. I'm attempting to search based on fields in a JSON log file For example I am trying to search based on ...
by splunk_svc Path Finder in Getting Data In 10-26-2016
0 9
0
9
daniel333

How do I redirect to another indexer using wildcards in my props.conf?

All, I have the following props.conf / transforms.conf setup. Trying to set aside PCI into it's own set of indexers...
by daniel333 Builder in Getting Data In 10-26-2016
0 3
0
3
abhishekdharga

How to line break my XML file by using LINE_BREAKER or editing props.conf?

Hi Guys, I am trying to breaks the events for my sample XML file. Below is the sample. I need to break this on tag. ...
by abhishekdharga Engager in Getting Data In 10-26-2016
0 8
0
8
leonards1

Why is indexing volume not matching license usage?

Following some runaway license violations, I am looking to find the offending host but in running the queries that I ...
by leonards1 Explorer in Getting Data In 10-26-2016
0 1
0
1
tejasplunk

How to configure universal forwarders (deployment clients) on Windows machines to send logs to Splunk Light?

Complete Splunk beginner here. I am learning to use Splunk. We have a bunch of Windows machines that we want to pull...
by tejasplunk Engager in Getting Data In 10-26-2016
1 2
1
2
eleena1994

draw a splunk chart depicting no of occurrences for different strings?

0 down vote favorite I want to draw a splunk chart and I have following strings in my logs: "Request id: 552" "Reque...
by eleena1994 New Member in Getting Data In 10-26-2016
0 4
0
4
joydeep741

Field extractions are not coming up on splunk.

My field extractions are not coming up on splunk. - i added the extractions in props.conf (tested them b4 adding). - ...
by joydeep741 Path Finder in Getting Data In 10-26-2016
0 5
0
5
saranya_fmr

How to exclude certain fields in json logs from being displayed on UI OR being indexed?

Hi All, Is there a way to exclude certain fields from my JSON data? For example: I have the below JSON Format event ...
by saranya_fmr Communicator in Getting Data In 10-26-2016
1 4
1
4
a212830

How to get a list of indexers reporting into our license manager via REST API?

Hi, I want to get a list of indexers reporting into our license manager via REST API. Many of these we do not manage...
by a212830 Champion in Getting Data In 10-26-2016
0 8
0
8
guarisma

How to audit access to the Windows Event logs?

Hello, I've been asked to audit the access to the Windows Event logs themselves... this might be more of a Windows S...
by guarisma Contributor in Getting Data In 10-26-2016
0 4
0
4
babcolee

Numerous messages WARN LineBreakingProcessor Truncating for remote_searches.log

I am seeing numerous WARN messages in the splunkd.log "09-08-2016 13:56:07.802 +0000 WARN LineBreakingProcessor - Tr...
by babcolee Path Finder in Getting Data In 10-26-2016
3 4
3
4
splunkreal

Difference between | rest and | metadata?

Hello, could you tell me what is the difference between results from | rest and | metadata when trying to find, for ...
by splunkreal Motivator in Getting Data In 10-26-2016
0 1
0
1
Ant1D

Permissions on indexes and sourcetypes

Hey, I know that you can set read/write permissions on views. Is it possible to set read permissions on indexes and...
by Ant1D Motivator in Getting Data In 10-26-2016
1 7
1
7
sarnagar

Extract fields in JSON during index time

Hi , I'm a newbie to splunk in field extractions. Appreciate any help on this. I have JSON Format logs like below: ...
by sarnagar Contributor in Getting Data In 10-26-2016
1 12
1
12
maxruas

How to fix an error "Received event for unconfigured/disabled/deleted index=wineventlog" on a search peer?

Search peer xxxxxxxxxx has the following message: Received event for unconfigured/disabled/deleted index=wineventlo...
by maxruas Loves-to-Learn Lots in Getting Data In 10-26-2016
0 2
0
2
mbksplunk

How to edit props.conf for proper line breaking of a log file that does not have YYYY-MM-DD in the timestamp?

Events are not breaking up correctly for this particular log file that does not have YYYY-MM-DD in the timestamp. Her...
by mbksplunk Explorer in Getting Data In 10-25-2016
0 2
0
2
Michael

How to configure Splunk to prevent parsing multiple events as a single event?

I see a lot of Splunk Answers about multiple lined entries being broken up into separate events. I have the opposite ...
by Michael Contributor in Getting Data In 10-25-2016
0 12
0
12
tpaulsen

Splunk Universal Forwarder on Win 2000?

Hallo, we know it´s not supported officially, but we have some very old Windows 2000 server, that won´t be upgraded...
by tpaulsen Contributor in Getting Data In 10-25-2016
0 6
0
6
jstacey_intuit

Would Splunk Cloud consider adding an alternative DNS provider to their list of Name Services in case of widespread DNS issues?

The splunkcloud.com domain uses Dyn as the DNS provider. It's been widely published that today (Oct. 21, 2016) Dyn is...
by jstacey_intuit Explorer in Getting Data In 10-25-2016
1 2
1
2
alekksi

Finding a timestamp in a large event

Hi all, I am putting some JSON events into Splunk which are rather large (can be upwards of 100K characters). This i...
by alekksi Communicator in Getting Data In 10-25-2016
0 4
0
4
gstefancyk

Splunk App for Check Point

I am currently pulling logs from my Check Point Management station successfully and can search on them with no issues...
by gstefancyk Path Finder in Getting Data In 10-25-2016
0 2
0
2
strangelaw

Eval recently collected events between indexes

Here is the thing: I have 2 indexes: index_original and index_collected. The plan is to compare/evaluate index_ori...
by strangelaw Explorer in Getting Data In 10-25-2016
0 1
0
1
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...