Getting Data In

Community Activity

What is the best way to handle json data with nested arrays? I am having some trouble working with JSON events. I use Splunk Enterprise 6.4.1. I'm using KV_MODE=json in my pr... by lyndac Contributor in Getting Data In 09-21-2016 0 1	0	1
Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers) In my use case, I need to forward logs from application servers to intermediate forwarders, then from the intermedia... by sravankaripe Communicator in Getting Data In 09-21-2016 0 1	0	1
Why is Splunk 6.2.2 unable to search logs from my Linux server with the universal forwarder installed? Hello, I am having an issue with logs coming into my instance of Splunk Enterprise (version 6.2.2) through a Linux s... by Ealderiso Explorer in Getting Data In 09-21-2016 0 20	0	20
How do I use syslogNG to replace Splunk TCP or UDP inputs? This is a question I have the answer to, I'm posting this answer because I spent a number of hours attempting to unde... by gjanders SplunkTrust in Getting Data In 09-20-2016 0 6	0	6
How to log Watchguard into Splunk? Dear All, Could you share me some best practices how to send Watchguard firewall logs into Splunk and how to monitor... by calebra05 New Member in Getting Data In 09-20-2016 0 1	0	1
How to edit my props.conf for proper line breaking of a large event by the ∑ character? I am having trouble with being able to properly line break an event like the following: Here are the props I am us... by LiquidTension Path Finder in Getting Data In 09-20-2016 0 2	0	2
Importing Year/Month field I'm trying to import a csv format using splunk. The timestamp of log is in the format YYYY/MM. By default, splunk f... by bitfhacker New Member in Getting Data In 09-20-2016 0 3	0	3
When trying to forward IIS logs from one indexer to another indexer, why is props.conf transform not working for the IIS stanza? From indexerA I am trying to forward Windows Event Logs and IIS Logs to indexerB. The Windows Event Logs are being fo... by jstacey_intuit Explorer in Getting Data In 09-20-2016 0 3	0	3
Use of double qoutes in rex command arguments fails alerts in windows environment. Set up an alert with the search command: source="C:\test\data\log1.txt" \| rex v="(?.*)" \| head 10 the alert has never... by xli_splunk Splunk Employee in Getting Data In 09-20-2016 0 3	0	3
Using Windows Powershell, how do I modify inputs.conf to only capture specific EventIDs? Hello, I am trying to only capture EventIDs 400 and 800 inside the Windows PowerShell log (not the PowerShell Opera... by adayton20 Contributor in Getting Data In 09-20-2016 0 4	0	4
Indexing problem I tried to create a summary index for a search string. I scheduled the search, and enabled the index in the manager v... by xiaoyuew Path Finder in Getting Data In 09-20-2016 0 2	0	2
How to attach a group read access to the Windows Eventlog when installing Splunk Universal Forwarder? We are trying to collect data from certain secure Windows Systems and the team have requested to install "Splunk Univ... by koshyk Super Champion in Getting Data In 09-19-2016 0 3	0	3
How to send month old logs to Splunk via oneshot and maintain their correct timestamp if I currently have DATETIME_CONFIG=CURRENT in props.conf? Hello all, I've been indexing Infoblox DHCP and DNS queries for a couple of months now. Because of the amount of log... by janderson19 Path Finder in Getting Data In 09-19-2016 0 1	0	1
Can I disable Splunk from indexing data for a specific time frame? I'm one overage away from violating my licenses due to an AV scan on my QA environments and would like to temporarily... by skoelpin SplunkTrust in Getting Data In 09-19-2016 0 6	0	6
Why are files in a folder not getting deleted on the universal forwarder with move_policy=sinkhole in the inputs.conf batch stanza? I setup my universal forwarder to monitor a folder and send the contents to one of my indexers. That works great. ... by joeyblasko New Member in Getting Data In 09-19-2016 0 7	0	7
new to splunk - need help with input.conf i am new to splunk that is already setup on our servers, my manager asked if i can edit the input.conf file so we can... by rsingh Explorer in Getting Data In 09-19-2016 0 4	0	4
Heavy Forwarder Configuration I am having some issues getting my heavy forwarder to forward events. The configuration I'm trying to achieve is as f... by conor_splunk Path Finder in Getting Data In 09-16-2016 1 4	1	4
How to set date & time stamps across two lines in xml where time was already picked up Hi Team Trying to ingest an xml file in the following raw format(extracted portion for sample but each event consist... by david_rea Explorer in Getting Data In 09-16-2016 0 13	0	13
Index data and then forward to another indexer Hi, we have and indexer that receive data from some Univ. Forwarder. Data are stored on different index (IndexA, Inde... by danielez68 Explorer in Getting Data In 09-16-2016 1 8	1	8
Splunk alert unable to trigger .bat file My Splunk alert unable to trigger any executable file. For instance, I have placed reader.bat file in Splunk scripts ... by ibob0304 Communicator in Getting Data In 09-16-2016 0 7	0	7
Any way to tell a saved search to run under a certain timezone? We are running into an issue where we have multiple users across the country; specifically MST. Data resideds on a se... by jonahzirkle Explorer in Getting Data In 09-16-2016 2 4	2	4
props.conf and line breaking I have been experimenting with indexing Nessus plugins. On my laptop where I have a test Splunk instance and scanner... by mundus Path Finder in Getting Data In 09-16-2016 1 5	1	5
Can I get Splunk to collect logs from vCenter's ESXi Dump Collector? My vCenter guys are looking to install the ESXi Dump Collector so that they can store months worth of ESX log and met... by FhaySpl1 New Member in Getting Data In 09-16-2016 0 2	0	2
How do I CIM tag DB2 audit logs that are dumped on the filesystem as a text file (not using DB Connect)? This is actually a question I already the answer for, I just want to use the question/answer style to ensure it compl... by gjanders SplunkTrust in Getting Data In 09-16-2016 0 1	0	1
What is the default value for maxConcurrentOptimizes? If the parameter maxConcurrentOptimizes is not defined for an index in indexes.conf, will Splunk assign a value for i... by rxdeleon Explorer in Getting Data In 09-16-2016 1 2	1	2

Get Updates on the Splunk Community!

Splunk Community Badges!

Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS) We Want Your Feedback on Admin Config Service ...

Getting Data In

What is the best way to handle json data with nested arrays?

Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers)

Why is Splunk 6.2.2 unable to search logs from my Linux server with the universal forwarder installed?

How do I use syslogNG to replace Splunk TCP or UDP inputs?

How to log Watchguard into Splunk?

How to edit my props.conf for proper line breaking of a large event by the ∑ character?

Importing Year/Month field

When trying to forward IIS logs from one indexer to another indexer, why is props.conf transform not working for the IIS stanza?

Use of double qoutes in rex command arguments fails alerts in windows environment.

Using Windows Powershell, how do I modify inputs.conf to only capture specific EventIDs?

Indexing problem

How to attach a group read access to the Windows Eventlog when installing Splunk Universal Forwarder?

How to send month old logs to Splunk via oneshot and maintain their correct timestamp if I currently have DATETIME_CONFIG=CURRENT in props.conf?

Can I disable Splunk from indexing data for a specific time frame?

Why are files in a folder not getting deleted on the universal forwarder with move_policy=sinkhole in the inputs.conf batch stanza?

new to splunk - need help with input.conf

Heavy Forwarder Configuration

How to set date & time stamps across two lines in xml where time was already picked up

Index data and then forward to another indexer

Splunk alert unable to trigger .bat file

Any way to tell a saved search to run under a certain timezone?

props.conf and line breaking

Can I get Splunk to collect logs from vCenter's ESXi Dump Collector?

How do I CIM tag DB2 audit logs that are dumped on the filesystem as a text file (not using DB Connect)?

What is the default value for maxConcurrentOptimizes?

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

PCAP Data contains media and audio file, Is it pos...

TA_Guardium API Add-on for Splunk

Transilience AI threat intel feed integration

I have question about Metrics

How to integrate threat armor with splunk?

Getting Data In

Join the Conversation