Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
tmontney

After installing the Universal Forwarder using MSI, I am not receiving any data. How to edit my configuration?

I installed the Universal Forwarder using the MSI, specified server info, but didn't check any boxes for wineventlog ...
by tmontney Builder in Getting Data In 10-10-2016
0 11
0
11
daniel333

Is there a better way to edit my current inputs.conf for sourcetypes defined by path?

All, I have a dozen+ inputs I am creating. I feel there there should be a smarter way of doing this. As you can see...
by daniel333 Builder in Getting Data In 10-10-2016
0 4
0
4
smhsplunk

How to edit my search to get total time of events (last-first) and sum by source, by host?

So I am trying to get the cumulative sum of all the time taken by each host, so far I could cumulate for a single hos...
by smhsplunk Communicator in Getting Data In 10-10-2016
0 6
0
6
forkingforwardt

Index XML files

Hello Splunkers. I'm trying to build a modular-input to index my XML files, using Python. I will wonder if some one c...
by forkingforwardt Engager in Getting Data In 10-10-2016
0 3
0
3
jepoyyyy

Monitor a File That's Being Purged Regularly

Hi All, I have a multi-tiered Splunk deployment and I am having some serious indexing lag from a remote host. We h...
by jepoyyyy Explorer in Getting Data In 10-10-2016
0 1
0
1
kevbod

Is it possible to combine the two functionalities of Indexing and Heavy Forwarding on a single VM host?

Guys, I currently have Splunk Enterprise 6.5.0 Free running on a W2k8 R2 host and Universal Forwarders (Windows host)...
by kevbod New Member in Getting Data In 10-09-2016
0 4
0
4
jagadeeshm

Index Strategy - Single index with multiple sourcetypes vs Multiple indexes with dedicated sourcetype

Here is what we have: 8 indexers / 4 search heads / each of them are 24 core, 256GB memory and 7.6TB disk I am tryin...
by jagadeeshm Contributor in Getting Data In 10-09-2016
2 2
2
2
ankithreddy777

How to break events at the hex message delimiter?

I have to break events based on the hex message delimiter. When I ingest data into Splunk, it is showing as letter 'x...
by ankithreddy777 Contributor in Getting Data In 10-09-2016
0 3
0
3
baumerr

Transform at Index

I am attempting to build a exporting field that ArcSight can use to properly categorize. Here what I got: transform....
by baumerr New Member in Getting Data In 10-08-2016
0 1
0
1
paimonsoror

Negative Index Delay

Well this one is interesting. How can splunk index something before it knows about it 
by paimonsoror Builder in Getting Data In 10-08-2016
0 2
0
2
pgbr7

How to create a line break in an event log?

Hello guys, I need to create a line break in an event log, I have the [ \n ] in log. I try this : | rex mode=sed f...
by pgbr7 Explorer in Getting Data In 10-08-2016
0 3
0
3
lgn1br

Why am I getting error "Splunk Enterprise Setup Wizard end prematurely because of an error..." trying to install Splunk 6.3.3 on Windows?

Hello, My site is currently interested in trying out Splunk, but I am unable to install Splunk 6.3.3 on Windows. Ano...
by lgn1br New Member in Getting Data In 10-08-2016
0 5
0
5
snix

Feature Request: Allow wildcards in Windows Event Log input

Currently I know of no way (that I can find) to specify in the input to collect all event logs using wildcards in Win...
by snix Communicator in Getting Data In 10-08-2016
0 4
0
4
maynardp

REST API receivers/simple supplied index missing

We are injecting events using the receivers/simple REST API and are not able to specify a specific index. This does ...
by maynardp Explorer in Getting Data In 10-07-2016
0 6
0
6
srinitest123

Why am I unable to post logs using Java SDK?

I have attached below my code snippet. I am using a free developer access machine. https://prd-p-lgqtg5v8fkdb.cloud.s...
by srinitest123 Engager in Getting Data In 10-07-2016
0 2
0
2
vikram_m

How much license value is utilized while indexing a file of 100Gb once it is in compressed format in indexer?

When a log file is brought inside the Splunk indexer after input phase it is compressed to almost 10% of its value. S...
by vikram_m Path Finder in Getting Data In 10-07-2016
0 5
0
5
Kate_Lawrence-G

event shows repeatedly in splunkd.log

Hoping someone can help me out here: I have a system with a heavy forwarder installed (v.4.1.6) that shows the follo...
by Kate_Lawrence-G Contributor in Getting Data In 10-07-2016
3 3
3
3
sreejith2k2

What happens to the data if the indexer in an indexer cluster goes down?

I have 12 Indexers (6 each/site) in a multi cluster environment. Data is replicated to the other site with RF =2 and...
by sreejith2k2 Explorer in Getting Data In 10-07-2016
0 4
0
4
erydberg

Size limit for an event?

Hi! Is there a size limit for how big an event can be before it's split into two? I'm trying to index p4 data, and t...
by erydberg Splunk Employee Splunk Employee in Getting Data In 10-07-2016
8 8
8
8
payalgarg27

What is the preferred way to migrate Splunk indexes onto new servers?

Hi All - We have a bunch of Splunk indexes in place. Our application is going to migrate to a new set of servers. An...
by payalgarg27 Explorer in Getting Data In 10-07-2016
0 4
0
4
tkwaller

Forwarding of data dies

Have about 1000 UFs that not getting data that is searchable They are throwing the error: 10-05-2016 14:54:05.162 +00...
by tkwaller Builder in Getting Data In 10-07-2016
1 5
1
5
ericlarsen

How do I monitor Desired State Config event logs?

I'm trying to monitor the Desired State Configuration event logs on some Windows servers. I cannot seem to get the m...
by ericlarsen Path Finder in Getting Data In 10-07-2016
0 1
0
1
rsathish47

Time stamp field using transforms.conf

HI All, Am have CSV which is semicolon as delimiter and am using Props and transpose to extract the fields. But am a...
by rsathish47 Contributor in Getting Data In 10-07-2016
0 1
0
1
vr2312

Setting up props.conf at the heavy forwarders

I have an app to which the basic inputs.conf were set and the app was forwarding logs to the indexers without any iss...
by vr2312 Builder in Getting Data In 10-07-2016
0 4
0
4
riotto

If I have a custom sourcetype with fields delimited by commas, how do I extract the first field as the event timestamp?

If I have a custom sourcetype with fields delimited by ,, the first field in the data is what I want to extract as th...
by riotto Path Finder in Getting Data In 10-07-2016
0 10
0
10
Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...
Top Solution Authors
View All