Getting Data In

Community Activity

How to edit props.conf for proper line breaking of a log file that does not have YYYY-MM-DD in the timestamp? Events are not breaking up correctly for this particular log file that does not have YYYY-MM-DD in the timestamp. Her... by mbksplunk Explorer in Getting Data In 10-25-2016 0 2	0	2
How to configure Splunk to prevent parsing multiple events as a single event? I see a lot of Splunk Answers about multiple lined entries being broken up into separate events. I have the opposite ... by Michael Contributor in Getting Data In 10-25-2016 0 12	0	12
Splunk Universal Forwarder on Win 2000? Hallo, we know it´s not supported officially, but we have some very old Windows 2000 server, that won´t be upgraded... by tpaulsen Contributor in Getting Data In 10-25-2016 0 6	0	6
Would Splunk Cloud consider adding an alternative DNS provider to their list of Name Services in case of widespread DNS issues? The splunkcloud.com domain uses Dyn as the DNS provider. It's been widely published that today (Oct. 21, 2016) Dyn is... by jstacey_intuit Explorer in Getting Data In 10-25-2016 1 2	1	2
Finding a timestamp in a large event Hi all, I am putting some JSON events into Splunk which are rather large (can be upwards of 100K characters). This i... by alekksi Communicator in Getting Data In 10-25-2016 0 4	0	4
Splunk App for Check Point I am currently pulling logs from my Check Point Management station successfully and can search on them with no issues... by gstefancyk Path Finder in Getting Data In 10-25-2016 0 2	0	2
Eval recently collected events between indexes Here is the thing: I have 2 indexes: index_original and index_collected. The plan is to compare/evaluate index_ori... by strangelaw Explorer in Getting Data In 10-25-2016 0 1	0	1
Universal Fowarder does not send data to Splunk Forwarder, Indexer Hi all, Still new to Splunk management.... For some reason a Splunk Universal Forwarder (Windows) is not forwarding... by rb51 Explorer in Getting Data In 10-25-2016 1 1	1	1
How to troubleshoot why Splunk Enterprise won't install on Server 2008 R2? Gets partly through the install and the rolls back. Are there any installation logs that may tell me what's holding ... by jweir New Member in Getting Data In 10-25-2016 0 5	0	5
How integrate and monitor Cherwell data with Splunk? Hi All, I have found a link to integrate Cherwell with Splunk, but as per my understanding the integration is for Ch... by bharathkumarnec Contributor in Getting Data In 10-25-2016 0 2	0	2
How to create an outputs.conf file for access and error logs? how do I got about creating an outputs.conf file for /var/log/nginx/access.log /var/log/nginx/error.log thanks by splgeek Explorer in Getting Data In 10-24-2016 0 4	0	4
Should I use a heavy forwarder or indexer for this scenario? Greetings, I'm trying to figure out if there is an advantage to having a heavy forwarder over just an indexer in the... by Exeterengineeri Explorer in Getting Data In 10-24-2016 2 8	2	8
Deleted topic Delete by attschh1 New Member in Getting Data In 10-24-2016 0 4	0	4
Getting date from filename and time from logs Hello, I am not sure if this is possible, but I have a file named called php_201000618.txt and inside the logs it co... by silvermail Path Finder in Getting Data In 10-24-2016 4 7	4	7
Can move_policy actually move things? Hi all, I'd like to move a batch input after reading. Except not to /dev/null. The manual is pretty clear: move_po... by renems Communicator in Getting Data In 10-24-2016 0 2	0	2
How to load 122K unique records in a dropdown menu? In simple XML, when I am attempting to load 122K unique records in the dropdown menu, my whole page freezes for a whi... by nisu Explorer in Getting Data In 10-24-2016 0 4	0	4
Password Spraying alert from Windows Event Logs I am attempting to set an alert to monitor for possible password spraying in my AD environment. I am using windows s... by pdumblet Explorer in Getting Data In 10-24-2016 0 2	0	2
Checkpoint opsec lea 4.0 error with Checkpoint R80 Hi, I am using Checkpoint OPSEC LEA 4.0 On running search i am getting this error message. Error 'Could not find al... by ektasiwani Communicator in Getting Data In 10-23-2016 0 1	0	1
As a Splunk Cloud customer, should I contact Support to configure props.conf to enable event breaking to my specifications? Hello All I just have question may be you guys can get me in the right direction . Looks like Splunk event breaking h... by jmajumdar Explorer in Getting Data In 10-23-2016 0 1	0	1
How far back can be go when rebuilding the forwarders' assets? Based on the interface of the DMC, it appears that we can go back only 24 hours when rebuilding the forwarder assets.... by ddrillic Ultra Champion in Getting Data In 10-23-2016 0 4	0	4
How can I merge multiple mail log lines into one event Hi I want to examine my mail server logfile. The logfile has many lines per logsession. Each line starts with a time... by lars_meldgaard Explorer in Getting Data In 10-23-2016 0 9	0	9
After uploading a local log file into Splunk, where does the local data reside? Hi Team, I've recently downloaded Splunk Enterprise 6.4.4 trial version for Windows 7. I've uploaded a local log fil... by splunkrkhanna New Member in Getting Data In 10-22-2016 0 2	0	2
Why is my license host blank? Hi, I ran the following search to get a license usage report by idx, sourcetype and host. One of the hosts is comin... by a212830 Champion in Getting Data In 10-22-2016 0 7	0	7
How to fix time_format in props.conf to properly line break? Hi somehow the date is not being picked up properly by splunk. the props.conf has %d/%H:%M:%S.3N but its not workin... by athorat Communicator in Getting Data In 10-21-2016 0 3	0	3
What is the best way display events from 2 indexes in chronological order, filtering by IP? I have two indexes and I want to display events from both indexes in chronological order, filtering by a specific IP.... by jbrenner Path Finder in Getting Data In 10-21-2016 0 6	0	6