Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
unclethan

HTTP Event Collector: Why are double quotes not escaped for a properly formatted JSON string?

A properly formatted JSON string will escape the double quotes. However the HEC does not translate that accordingly....
by unclethan Path Finder in Getting Data In 10-18-2016
2 2
2
2
kgrigsby_splunk

Why is the term ‘auto tune’ used in indexes.conf documentation for auto ‘maxDataSize’? This may be misleading.

Concern: The documentation here states: ‘maxDataSize = <positive integer>|auto|auto_high_volume * The maximum siz...
by kgrigsby_splunk Splunk Employee Splunk Employee in Getting Data In 10-17-2016
0 1
0
1
makincerdas

How do you identify if a box is an indexer or a search head?

Hi, Splunk were installed on 2 boxes by previous admin. I can browse to port 8000 on both boxes, and get the 'Search...
by makincerdas Explorer in Getting Data In 10-17-2016
0 12
0
12
nbowman

Why has support been removed in 6.5.0 for universal forwarders on Windows 7, and is there a workaround?

I'm looking to upgrade from 6.4.1 to 6.5, and I came across this: Windows 7 x86-32 & x86_64: Free/Trial and Univers...
by nbowman Path Finder in Getting Data In 10-17-2016
1 3
1
3
surekhasplunk

excel workbook as lookup or input data type in splunk

Hi, I want to use an excel work book which has several tabs with data. How can i use different tabs of a single exce...
by surekhasplunk Communicator in Getting Data In 10-17-2016
0 2
0
2
rusty009

Why is Splunk not parsing JSON data correctly with my current sourcetype configuration?

I am trying to import JSON objects into splunk, my sourcetype is below, [ _json_cloudflare ] CHARSET=UTF-8 INDEXED_E...
by rusty009 Path Finder in Getting Data In 10-16-2016
0 4
0
4
mdwecht

Problems using REST interface with browser over tunneled ports?

I successfully ran the following KV Store Tutorial (HTML dashboard code) on a firefox browser self contained 6.4.1 Sp...
by mdwecht Path Finder in Getting Data In 10-16-2016
0 1
0
1
wegscd

Which method allows the best performance for Splunk to ingest custom scripts: monitor, SDK, or HTTP Event Collector?

We're having to write some custom scripts to read/tail binary data, format them into something Splunk-able (k1=v1 k2=...
by wegscd Contributor in Getting Data In 10-16-2016
0 4
0
4
michael_lee

Forwarding text file to destination TCP or syslog server

Requirement: Have a log file that is always appended with data. I wish to send the log file details as it is appende...
by michael_lee Path Finder in Getting Data In 10-16-2016
0 1
0
1
deepthi5

How to monitor and alert on the status of services on a forwarder and when an External USB device is connected?

Hi, I have 10 machines running a splunk forwarder now and I want to know the status of services on these machines. ...
by deepthi5 Path Finder in Getting Data In 10-14-2016
0 2
0
2
ashishpok79

How to proxy to management port 8089 for JavaScript SDK or REST API from a custom app deployed in Splunk Web?

There are examples on how to do this from external apps - using proxy from client side and node.js etc. But how can I...
by ashishpok79 Explorer in Getting Data In 10-14-2016
4 4
4
4
sim_tcr

line breaking issue, please help with props.com

Hello, In our log, every new event starts with below pattern, Sunday 2016-10-09 12:02:46,047 [tomcat-http--9] Cur...
by sim_tcr Communicator in Getting Data In 10-14-2016
0 10
0
10
robert_vincent

What kind of forwarder do I have?

I've inherited a distributed Splunk installation with no internal documentation and no access to the tech who origina...
by robert_vincent Engager in Getting Data In 10-13-2016
0 7
0
7
baegoon

Extracting Timestamps from JSON logs in Splunk 6.5.0

I have a JSON formatted event and I am trying to get props.conf to recognize the timestamp. The timestamp occurs at t...
by baegoon Explorer in Getting Data In 10-13-2016
0 6
0
6
Runals

Best ways to monitor a clustered system's data file?

I have a situation where two systems will write to the same NFS mounted file based on whichever one is active. I'm tr...
by Runals Motivator in Getting Data In 10-13-2016
0 3
0
3
brianackermann

Why is data not being forwarded to my Splunk Light Cloud?

I fear I'm suffering from a number of interrelated issues. The top most issue is that no data is coming through from...
by brianackermann Explorer in Getting Data In 10-13-2016
0 8
0
8
kiran331

How to manually upload logs in a zip file to a Splunk indexer cluster?

Hi I want to manually upload the log files in a zip file into a cluster environment with 3 indexers. How to do it?
by kiran331 Builder in Getting Data In 10-13-2016
0 1
0
1
paimonsoror

Can You Help Me Understand The Environment I Inherited

So take this with some warning.... its a bit of a mess. This is our nonprod environment, and the goal was to move ou...
by paimonsoror Builder in Getting Data In 10-13-2016
0 4
0
4
anantdeshpande

How will the universal forwarder behave while tailing Active-DR cluster shared NFS logs?

Client is has a clustered Active-DR setup for their PROD application. At a given time, only one server (node) is acti...
by anantdeshpande Path Finder in Getting Data In 10-13-2016
0 1
0
1
jwalzerpitt

Normalize user fields across multiple sourcetypes

I have three different sourcetypes in which each user field is labeled differently: TargetUserName, User, sremote_use...
by jwalzerpitt Influencer in Getting Data In 10-13-2016
0 11
0
11
goodsellt

Will a 6.5.0 Heavy Forwarder work with a 6.3.0.1 indexer cluster?

Does anyone know if the 6.5.0 Heavy Forwarder would work with a 6.3.0.1 Indexer Cluster? Any incompatibilities or iss...
by goodsellt Contributor in Getting Data In 10-13-2016
0 1
0
1
daniel333

HTTP Event Collector

All, Can I disable token/security for the http event collector? We have an internal app which has a log via http op...
by daniel333 Builder in Getting Data In 10-13-2016
0 1
0
1
sfatnass

how to extract values using sourcetype?

hi, i have some logs contain values separate by #. exemple : charlie#2016-10-11#125.44.23.10#Mozzila#resolvedTest...
by sfatnass Contributor in Getting Data In 10-13-2016
0 3
0
3
vikas_gopal

Why would a universal forwarder be needed if it is unable to restrict or filter data?

Hi Experts, Please clarify my doubts regarding the Universal Forwarder: 1) Is installing the UF on 60 machines (mix ...
by vikas_gopal Builder in Getting Data In 10-13-2016
0 6
0
6
thappu

how can i collect performace data from Hitachi VSP

Hi Experts, We are doing POC in our environment and I would like to understand how can i get the performance data fr...
by thappu New Member in Getting Data In 10-13-2016
0 1
0
1
Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...
Top Solution Authors
View All