Getting Data In

Community Activity

Windows Infrastructure app is not showing reports under "Active Directory > users > User Reports " whereas "users overview" dashboard and all other dashbpards in the app are showing data ? Windows Infrastructure app is not showing reports under "Active Directory > users > User Reports " whereas "users ove... by saurabh_tek Communicator in Getting Data In 10-12-2016 1 3	1	3
Why does the Splunk Universal Forwarder 6.3.0 on Linux x86_64 server keep crashing? Splunk Universal Forwarder agent keeps crashing - Agent version 6.3.0 ...Server is Linux x86_64 crashlog updated: [... by kishen2016 Explorer in Getting Data In 10-12-2016 1 1	1	1
Props and Transforms - include base folder, but not some sub folders Hi all, Im trying to do file nullQueue filtering on my HWF. I want to keep the log entries for /sausages but drop the... by mrgibbon Contributor in Getting Data In 10-12-2016 0 10	0	10
Missing Source IP address when logs are forwarded to third-party from our Splunk Heavy Forwarders. How to fix this? Hi, We are forwarding some of our logs from Splunk to a third party IBM Qradar environment. The third party is not ... by dmenon84 Path Finder in Getting Data In 10-12-2016 0 1	0	1
How to see the right number of CPUs for my indexer in the Distributed Management Console? When I do this on my RHEL indexer: lscpu \| egrep 'Thread\|Core\|Socket\|^CPU\(' I get these results: * CPU(s): ... by hartfoml Motivator in Getting Data In 10-12-2016 0 2	0	2
How to configure our expected timestamp format in props.conf? Hi, We need to format our time stamps using props.conf, since our events do not have date/month/year to our logs, i... by splunker9999 Path Finder in Getting Data In 10-12-2016 0 1	0	1
How to write a query that will separate browser sections in a JSON array into separate events? I'm currently trying to write a query that will let me separate the follow "browser" sections in this JSON array into... by jpringle03 Path Finder in Getting Data In 10-12-2016 0 9	0	9
How to monitor newly written log lines from a log file whose modtime is older than 12 hours? Hi, Our monitor configuration is: [monitor:///opt/diags.log*] disabled = false host = $decideOnStartup sourcetype =... by strive Influencer in Getting Data In 10-12-2016 0 2	0	2
How to troubleshoot why we are seeing unexpected characters in Windows event logs in Splunk? Hi, I have a serious problem with logs.. some events (below 0.01%) have strange characters. - such strange charact... by lukasz92 Communicator in Getting Data In 10-12-2016 1 10	1	10
Scripted input stops working: "Not added to run queue" in DEBUG ExecProcessor I have a Python scripted input on a Splunk UF which calls a Kafka bin script (bin/kafka-consumer-groups.sh) and re-fo... by aarontimko Path Finder in Getting Data In 10-12-2016 0 1	0	1
Windows Perfmon Collection Issue Having some issues with collecting % Processor Time for processes. My inputs.conf is configured with the below stanza... by nickkoe Explorer in Getting Data In 10-12-2016 0 5	0	5
REST API fired alerts php sdk hi im using the splunk php sdk. And i cant find any functions in there to get the information i want from searches s... by tallak New Member in Getting Data In 10-12-2016 0 2	0	2
How to extract the nested array coordinates from JSON? Hi !! I am new to Splunk and trying to extract the array coordinates from Json. {"type":"Feature","geometry":{"type... by weiquanswq Explorer in Getting Data In 10-12-2016 0 2	0	2
After setting up Splunk to monitor a folder, why is only the first log file getting indexed? Hi I have set up Splunk to monitor a particular folder for logs, but somehow it picks only the 1st log file added t... by instigardo New Member in Getting Data In 10-12-2016 0 3	0	3
Monitor My application Hello There, I wanted to monitor few parameters related to my application. Number of files in a specific directory,... by yadvendra New Member in Getting Data In 10-11-2016 0 4	0	4
Why is the timing off between the actual log's time and the indexed event's timestamp? Logs stop displaying Time Event 11/19/10 11:59:37.000 PM Nov 18 23:59:37 10.0.0.10 Nov 19 04:59:37 filterlog:... by gosports New Member in Getting Data In 10-11-2016 0 1	0	1
Successful dormant user logins hello I am trying to write a query for Successful dormant user logins whereas the user has successfully logged in to... by saurabh_tek Communicator in Getting Data In 10-11-2016 0 4	0	4
How to troubleshoot why my PFsense logs are not getting indexed correctly and logs stop at 11:59:59? I have PFsense sending logs to Splunk running on Ubuntu 14.04 server. When I check pfsense internal logs, everything ... by gosports New Member in Getting Data In 10-11-2016 0 1	0	1
How to prevent a PID file from causing one of our universal forwarders to shut down? Hi, I got an issue with one of the Universal Forwarder. It is automatically shutting down and when I restart, it is... by katanguriabhi Explorer in Getting Data In 10-11-2016 1 1	1	1
How to troubleshoot why a Windows universal forwarder can forward permon data to Splunk Light 6.3, but not Windows event logs? Hi to all, I'm a newbie with Splunk this week, and trying to configure a forwarder in W2008 in order to forward even... by acrismatic New Member in Getting Data In 10-11-2016 0 1	0	1
How to edit my scripted input to collect and index data from scripts installed on forwarders? Hi, I created a script input to collect data from scripts installed on forwarders and Splunk is not indexing. Follo... by monteirolopes Communicator in Getting Data In 10-11-2016 0 3	0	3
Does moving indexed data from one Splunk indexer to another count against license? Hello, We want to move previously indexed data into a new Splunk instance and wanted to make sure that doesn't count... by sidekix24 Path Finder in Getting Data In 10-11-2016 0 3	0	3
If we remove a corrupted peer in an indexer cluster, will hot and warm buckets from existing indexers populate to the new replacement peer? We have 4 indexers, and if 1 peer is corrupted, we have 0 hot 0 cold 0 frozen now. If we remove the corrupted peer f... by sudeshgaur New Member in Getting Data In 10-11-2016 0 2	0	2
Forwarder Management - Where to place configuration files to get updated? I have tried to follow the documetation for creating directories and adding the apps, etc.. All I want to do is be a... by colbymahan Explorer in Getting Data In 10-11-2016 0 10	0	10
How to edit props.conf in order to have JSON log events listed in chronological order? We have the following logs coming into Splunk: {"log":"\u0009at org.apache.lucene.store.Directory.openChecksumInput... by bport15 Path Finder in Getting Data In 10-10-2016 0 1	0	1

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

Getting Data In

Windows Infrastructure app is not showing reports under "Active Directory > users > User Reports " whereas "users overview" dashboard and all other dashbpards in the app are showing data ?

Why does the Splunk Universal Forwarder 6.3.0 on Linux x86_64 server keep crashing?

Props and Transforms - include base folder, but not some sub folders

Missing Source IP address when logs are forwarded to third-party from our Splunk Heavy Forwarders. How to fix this?

How to see the right number of CPUs for my indexer in the Distributed Management Console?

How to configure our expected timestamp format in props.conf?

How to write a query that will separate browser sections in a JSON array into separate events?

How to monitor newly written log lines from a log file whose modtime is older than 12 hours?

How to troubleshoot why we are seeing unexpected characters in Windows event logs in Splunk?

Scripted input stops working: "Not added to run queue" in DEBUG ExecProcessor

Windows Perfmon Collection Issue

REST API fired alerts php sdk

How to extract the nested array coordinates from JSON?

After setting up Splunk to monitor a folder, why is only the first log file getting indexed?

Monitor My application

Why is the timing off between the actual log's time and the indexed event's timestamp? Logs stop displaying

Successful dormant user logins

How to troubleshoot why my PFsense logs are not getting indexed correctly and logs stop at 11:59:59?

How to prevent a PID file from causing one of our universal forwarders to shut down?

How to troubleshoot why a Windows universal forwarder can forward permon data to Splunk Light 6.3, but not Windows event logs?

How to edit my scripted input to collect and index data from scripts installed on forwarders?

Does moving indexed data from one Splunk indexer to another count against license?

If we remove a corrupted peer in an indexer cluster, will hot and warm buckets from existing indexers populate to the new replacement peer?

Forwarder Management - Where to place configuration files to get updated?

How to edit props.conf in order to have JSON log events listed in chronological order?

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SC4S postfilter not dropping Fortigate east-west t...

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

Getting Data In

Join the Conversation