Getting Data In

Community Activity

Is it possible to monitor if someone plugs in a network cable in the network? Hello, Is it possible to monitor if someone is plugging a network cable in the network? by nickbijmoer Path Finder in Getting Data In 11-04-2016 0 5	0	5
Any idea why a particular sourcetype would stop showing data after 10/31/16 23:59:59? Here are some pieces of info that may be relevant: The sourcetype in question shows no data after midnight on Octobe... by tbourne Engager in Getting Data In 11-04-2016 0 5	0	5
After upgrading to 6.5.0 on Windows, I receive error 1607 when restarting splunkd - how to fix? Dear all, I tried to upgrade Splunk from 6.1.1 to 6.5 but I'm having some issues. The first time, there is an error... by peterchow Explorer in Getting Data In 11-04-2016 0 7	0	7
How to get Linux OS logs off a Splunk server, where Splunk is started as a non root account, to index in an indexer cluster? I have a Splunk indexer cluster that is using a service account (non-root) to start Splunk. How do I get the OS logs,... by brent_weaver Builder in Getting Data In 11-03-2016 0 7	0	7
Is there a character limit for sourcetypes? Hi everyone, I have doubts about character limits to sourcetype. I'll need to get a sourcetype name using transforms... by wapireso Explorer in Getting Data In 11-03-2016 0 1	0	1
How to resolve data not flowing through forwarders in order to generate scheduled reports? We have a daily scheduled report which is to be generated at 12pm for every day, the issue we are facing is the data ... by Kaushikkatta03 Explorer in Getting Data In 11-03-2016 0 2	0	2
Data not being indexed Good morning, I have an issue with a new file that I am trying to index: I see that it is being monitored but I am ... by omuelle1 Communicator in Getting Data In 11-03-2016 0 5	0	5
On the VMware App, following upgrade from v3.2.x to v3.3.1, data volume is ~10x higher Situation = On the VMware App, following upgrade from v3.2.x to v3.3.1. Unexpected desired behaviour = Data volume is... by bohanlon_splunk Splunk Employee in Getting Data In 11-03-2016 1 1	1	1
Why has my Splunk indexer stopped indexing after adding license in 6.5.0? I have a Splunk Enterprise indexer (v 6.5.0) that is forwarding Windows security events. Everything was going smooth... by michaeltay Path Finder in Getting Data In 11-02-2016 0 2	0	2
When indexing historic and real time data together, does Splunk index old data first and new data last or vice versa? I have to index the historic data along with real time data from the log file. May I know from which point the indexi... by ankithreddy777 Contributor in Getting Data In 11-02-2016 0 3	0	3
How to edit my time_prefix and time format in props.conf? Oct 20, 2016 11:49:56 PM UTC here is my time format and every event starts with with time. in my props.conf i had ... by saifuddin9122 Path Finder in Getting Data In 11-02-2016 0 1	0	1
How to change the the truncating limit in the props.conf file for a scripted input? I have in the input.conf as an example a scripted input on the server where the Splunk Universal Forwarder is install... by rfc360 New Member in Getting Data In 11-02-2016 0 7	0	7
How to resolve an "Invalid key in stanza [WMI:Patching]" error that occurs after defining a WMI input on universal forwarder? I have a WMI Input defined on a universal forwarder and I get the following error while starting Splunk, and of cours... by FritzWittwer_ol Contributor in Getting Data In 11-02-2016 0 3	0	3
Is there a reason to set max index size if you have appropriately sized retention periods? I've always been very careful in setting my indexes sizes to be something along the lines of 1.1* <peak indexed volu... by j4adam Communicator in Getting Data In 11-02-2016 0 1	0	1
Reindex entire file when file is updated. I have already read this older thread on the subject -> : http://splunk-base.splunk.com/answers/5426/entire-file-cont... by Lucas_K Motivator in Getting Data In 11-01-2016 3 9	3	9
Modular Input Scripts Don't Die during Splunk restart I have written two Modular Inputs for Splunk. Both exhibit the same behavior. Steps to reproduce: Issue "splunk re... by alacercogitatus SplunkTrust in Getting Data In 11-01-2016 0 10	0	10
Why does AWS CloudWatch stop receiving events with the error "400 Bad Request {u'message': u'Rate exceeded', u'__type': u'ThrottlingException'}"? We have configured large number of CloudWatch log groups as a separate input in our heavy forwarder. We have noticed ... by sylim_splunk Splunk Employee in Getting Data In 11-01-2016 1 2	1	2
How do I configure line breaking in props.conf for my sample log file? Would like the events to be split after ) --[End]--------------------$ (0x03000000:NameValue)urn:hl7-org:v2xml:Rem... by myorkows Explorer in Getting Data In 11-01-2016 0 7	0	7
Thread count of splunk keeps on changing in linux? Hi, I am trying to find the subthread_count of logfiles of splunk on linux by command ps -eLo user=\|sort\|uniq -c > s... by Deepali529 Explorer in Getting Data In 11-01-2016 0 1	0	1
If syslogs are sent to multiple forwarders, would the syslogs be duplicated in an indexer cluster? I have multiple forwarders and an indexer cluster. If the syslogs source devices were to send syslogs to both forward... by JohnTelus New Member in Getting Data In 11-01-2016 0 3	0	3
What is the best way to display a payload with line breaks for better readability in Splunk Web? I want to display the payload with line breaks for better readability on Splunk Web. Splunk receives the payload a... by ram_85 Explorer in Getting Data In 11-01-2016 0 4	0	4
How to get a Windows user prompt to appear on a client machine using Powershell from a Deployment Server app? I have a deployment server app that makes changes on the target client. Part of the process requires closing another ... by rjthibod Champion in Getting Data In 11-01-2016 0 17	0	17
How to configure Splunk to properly parse logs that contain one or more values with double quotes? Hello Splunk community, Currently I am doing research as an intern at a government agency if their Windows services ... by msboers Engager in Getting Data In 11-01-2016 0 6	0	6
Why do I get this error when configuring the universal forwarder: SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed? Hi, I am installing the universal forwarder (6.2) on redhat. I am running into several issues with the SSL setup. I ... by wouterr Explorer in Getting Data In 11-01-2016 1 5	1	5
Why are my sourcetypes constantly changing, and how do I prevent this? I have a small LAN with a couple dozen servers all running Solaris. They are sending into a single instance of Splunk... by Michael Contributor in Getting Data In 10-31-2016 0 4	0	4

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Getting Data In

Is it possible to monitor if someone plugs in a network cable in the network?

Any idea why a particular sourcetype would stop showing data after 10/31/16 23:59:59?

After upgrading to 6.5.0 on Windows, I receive error 1607 when restarting splunkd - how to fix?

How to get Linux OS logs off a Splunk server, where Splunk is started as a non root account, to index in an indexer cluster?

Is there a character limit for sourcetypes?

How to resolve data not flowing through forwarders in order to generate scheduled reports?

Data not being indexed

On the VMware App, following upgrade from v3.2.x to v3.3.1, data volume is ~10x higher

Why has my Splunk indexer stopped indexing after adding license in 6.5.0?

When indexing historic and real time data together, does Splunk index old data first and new data last or vice versa?

How to edit my time_prefix and time format in props.conf?

How to change the the truncating limit in the props.conf file for a scripted input?

How to resolve an "Invalid key in stanza [WMI:Patching]" error that occurs after defining a WMI input on universal forwarder?

Is there a reason to set max index size if you have appropriately sized retention periods?

Reindex entire file when file is updated.

Modular Input Scripts Don't Die during Splunk restart

Why does AWS CloudWatch stop receiving events with the error "400 Bad Request {u'message': u'Rate exceeded', u'__type': u'ThrottlingException'}"?

How do I configure line breaking in props.conf for my sample log file?

Thread count of splunk keeps on changing in linux?

If syslogs are sent to multiple forwarders, would the syslogs be duplicated in an indexer cluster?

What is the best way to display a payload with line breaks for better readability in Splunk Web?

How to get a Windows user prompt to appear on a client machine using Powershell from a Deployment Server app?

How to configure Splunk to properly parse logs that contain one or more values with double quotes?

Why do I get this error when configuring the universal forwarder: SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed?

Why are my sourcetypes constantly changing, and how do I prevent this?

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

How to integrate Google Cloud armor with splunk?

How to Integrate Iraje PAM with splunk? Is there a...

Getting Data In

Join the Conversation